1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * BlueZ - Bluetooth protocol stack for Linux 4 * 5 * Copyright (C) 2022 Intel Corporation 6 */ 7 8 #include <linux/module.h> 9 #include <linux/debugfs.h> 10 #include <linux/seq_file.h> 11 #include <linux/sched/signal.h> 12 13 #include <net/bluetooth/bluetooth.h> 14 #include <net/bluetooth/hci_core.h> 15 #include <net/bluetooth/iso.h> 16 17 static const struct proto_ops iso_sock_ops; 18 19 static struct bt_sock_list iso_sk_list = { 20 .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock) 21 }; 22 23 /* ---- ISO connections ---- */ 24 struct iso_conn { 25 struct hci_conn *hcon; 26 27 /* @lock: spinlock protecting changes to iso_conn fields */ 28 spinlock_t lock; 29 struct sock *sk; 30 31 struct delayed_work timeout_work; 32 33 struct sk_buff *rx_skb; 34 __u32 rx_len; 35 __u16 tx_sn; 36 }; 37 38 #define iso_conn_lock(c) spin_lock(&(c)->lock) 39 #define iso_conn_unlock(c) spin_unlock(&(c)->lock) 40 41 static void iso_sock_close(struct sock *sk); 42 static void iso_sock_kill(struct sock *sk); 43 44 /* ----- ISO socket info ----- */ 45 #define iso_pi(sk) ((struct iso_pinfo *)sk) 46 47 struct iso_pinfo { 48 struct bt_sock bt; 49 bdaddr_t src; 50 __u8 src_type; 51 bdaddr_t dst; 52 __u8 dst_type; 53 __u8 bc_sid; 54 __u8 bc_num_bis; 55 __u8 bc_bis[ISO_MAX_NUM_BIS]; 56 __u16 sync_handle; 57 __u32 flags; 58 struct bt_iso_qos qos; 59 __u8 base_len; 60 __u8 base[HCI_MAX_PER_AD_LENGTH]; 61 struct iso_conn *conn; 62 }; 63 64 /* ---- ISO timers ---- */ 65 #define ISO_CONN_TIMEOUT (HZ * 40) 66 #define ISO_DISCONN_TIMEOUT (HZ * 2) 67 68 static void iso_sock_timeout(struct work_struct *work) 69 { 70 struct iso_conn *conn = container_of(work, struct iso_conn, 71 timeout_work.work); 72 struct sock *sk; 73 74 iso_conn_lock(conn); 75 sk = conn->sk; 76 if (sk) 77 sock_hold(sk); 78 iso_conn_unlock(conn); 79 80 if (!sk) 81 return; 82 83 BT_DBG("sock %p state %d", sk, sk->sk_state); 84 85 lock_sock(sk); 86 sk->sk_err = ETIMEDOUT; 87 sk->sk_state_change(sk); 88 release_sock(sk); 89 sock_put(sk); 90 } 91 92 static void iso_sock_set_timer(struct sock *sk, long timeout) 93 { 94 if (!iso_pi(sk)->conn) 95 return; 96 97 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 98 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 99 schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout); 100 } 101 102 static void iso_sock_clear_timer(struct sock *sk) 103 { 104 if (!iso_pi(sk)->conn) 105 return; 106 107 BT_DBG("sock %p state %d", sk, sk->sk_state); 108 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 109 } 110 111 /* ---- ISO connections ---- */ 112 static struct iso_conn *iso_conn_add(struct hci_conn *hcon) 113 { 114 struct iso_conn *conn = hcon->iso_data; 115 116 if (conn) 117 return conn; 118 119 conn = kzalloc(sizeof(*conn), GFP_KERNEL); 120 if (!conn) 121 return NULL; 122 123 spin_lock_init(&conn->lock); 124 INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout); 125 126 hcon->iso_data = conn; 127 conn->hcon = hcon; 128 conn->tx_sn = 0; 129 130 BT_DBG("hcon %p conn %p", hcon, conn); 131 132 return conn; 133 } 134 135 /* Delete channel. Must be called on the locked socket. */ 136 static void iso_chan_del(struct sock *sk, int err) 137 { 138 struct iso_conn *conn; 139 struct sock *parent; 140 141 conn = iso_pi(sk)->conn; 142 143 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 144 145 if (conn) { 146 iso_conn_lock(conn); 147 conn->sk = NULL; 148 iso_pi(sk)->conn = NULL; 149 iso_conn_unlock(conn); 150 151 if (conn->hcon) 152 hci_conn_drop(conn->hcon); 153 } 154 155 sk->sk_state = BT_CLOSED; 156 sk->sk_err = err; 157 158 parent = bt_sk(sk)->parent; 159 if (parent) { 160 bt_accept_unlink(sk); 161 parent->sk_data_ready(parent); 162 } else { 163 sk->sk_state_change(sk); 164 } 165 166 sock_set_flag(sk, SOCK_ZAPPED); 167 } 168 169 static void iso_conn_del(struct hci_conn *hcon, int err) 170 { 171 struct iso_conn *conn = hcon->iso_data; 172 struct sock *sk; 173 174 if (!conn) 175 return; 176 177 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 178 179 /* Kill socket */ 180 iso_conn_lock(conn); 181 sk = conn->sk; 182 if (sk) 183 sock_hold(sk); 184 iso_conn_unlock(conn); 185 186 if (sk) { 187 lock_sock(sk); 188 iso_sock_clear_timer(sk); 189 iso_chan_del(sk, err); 190 release_sock(sk); 191 sock_put(sk); 192 } 193 194 /* Ensure no more work items will run before freeing conn. */ 195 cancel_delayed_work_sync(&conn->timeout_work); 196 197 hcon->iso_data = NULL; 198 kfree(conn); 199 } 200 201 static int __iso_chan_add(struct iso_conn *conn, struct sock *sk, 202 struct sock *parent) 203 { 204 BT_DBG("conn %p", conn); 205 206 if (iso_pi(sk)->conn == conn && conn->sk == sk) 207 return 0; 208 209 if (conn->sk) { 210 BT_ERR("conn->sk already set"); 211 return -EBUSY; 212 } 213 214 iso_pi(sk)->conn = conn; 215 conn->sk = sk; 216 217 if (parent) 218 bt_accept_enqueue(parent, sk, true); 219 220 return 0; 221 } 222 223 static int iso_chan_add(struct iso_conn *conn, struct sock *sk, 224 struct sock *parent) 225 { 226 int err; 227 228 iso_conn_lock(conn); 229 err = __iso_chan_add(conn, sk, parent); 230 iso_conn_unlock(conn); 231 232 return err; 233 } 234 235 static int iso_connect_bis(struct sock *sk) 236 { 237 struct iso_conn *conn; 238 struct hci_conn *hcon; 239 struct hci_dev *hdev; 240 int err; 241 242 BT_DBG("%pMR", &iso_pi(sk)->src); 243 244 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 245 iso_pi(sk)->src_type); 246 if (!hdev) 247 return -EHOSTUNREACH; 248 249 hci_dev_lock(hdev); 250 251 if (!bis_capable(hdev)) { 252 err = -EOPNOTSUPP; 253 goto done; 254 } 255 256 /* Fail if out PHYs are marked as disabled */ 257 if (!iso_pi(sk)->qos.out.phy) { 258 err = -EINVAL; 259 goto done; 260 } 261 262 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst, iso_pi(sk)->dst_type, 263 &iso_pi(sk)->qos, iso_pi(sk)->base_len, 264 iso_pi(sk)->base); 265 if (IS_ERR(hcon)) { 266 err = PTR_ERR(hcon); 267 goto done; 268 } 269 270 conn = iso_conn_add(hcon); 271 if (!conn) { 272 hci_conn_drop(hcon); 273 err = -ENOMEM; 274 goto done; 275 } 276 277 /* Update source addr of the socket */ 278 bacpy(&iso_pi(sk)->src, &hcon->src); 279 280 err = iso_chan_add(conn, sk, NULL); 281 if (err) 282 goto done; 283 284 if (hcon->state == BT_CONNECTED) { 285 iso_sock_clear_timer(sk); 286 sk->sk_state = BT_CONNECTED; 287 } else { 288 sk->sk_state = BT_CONNECT; 289 iso_sock_set_timer(sk, sk->sk_sndtimeo); 290 } 291 292 done: 293 hci_dev_unlock(hdev); 294 hci_dev_put(hdev); 295 return err; 296 } 297 298 static int iso_connect_cis(struct sock *sk) 299 { 300 struct iso_conn *conn; 301 struct hci_conn *hcon; 302 struct hci_dev *hdev; 303 int err; 304 305 BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst); 306 307 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 308 iso_pi(sk)->src_type); 309 if (!hdev) 310 return -EHOSTUNREACH; 311 312 hci_dev_lock(hdev); 313 314 if (!cis_central_capable(hdev)) { 315 err = -EOPNOTSUPP; 316 goto done; 317 } 318 319 /* Fail if either PHYs are marked as disabled */ 320 if (!iso_pi(sk)->qos.in.phy && !iso_pi(sk)->qos.out.phy) { 321 err = -EINVAL; 322 goto done; 323 } 324 325 /* Just bind if DEFER_SETUP has been set */ 326 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 327 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst, 328 iso_pi(sk)->dst_type, &iso_pi(sk)->qos); 329 if (IS_ERR(hcon)) { 330 err = PTR_ERR(hcon); 331 goto done; 332 } 333 } else { 334 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst, 335 iso_pi(sk)->dst_type, &iso_pi(sk)->qos); 336 if (IS_ERR(hcon)) { 337 err = PTR_ERR(hcon); 338 goto done; 339 } 340 } 341 342 conn = iso_conn_add(hcon); 343 if (!conn) { 344 hci_conn_drop(hcon); 345 err = -ENOMEM; 346 goto done; 347 } 348 349 /* Update source addr of the socket */ 350 bacpy(&iso_pi(sk)->src, &hcon->src); 351 352 err = iso_chan_add(conn, sk, NULL); 353 if (err) 354 goto done; 355 356 if (hcon->state == BT_CONNECTED) { 357 iso_sock_clear_timer(sk); 358 sk->sk_state = BT_CONNECTED; 359 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 360 iso_sock_clear_timer(sk); 361 sk->sk_state = BT_CONNECT; 362 } else { 363 sk->sk_state = BT_CONNECT; 364 iso_sock_set_timer(sk, sk->sk_sndtimeo); 365 } 366 367 done: 368 hci_dev_unlock(hdev); 369 hci_dev_put(hdev); 370 return err; 371 } 372 373 static int iso_send_frame(struct sock *sk, struct sk_buff *skb) 374 { 375 struct iso_conn *conn = iso_pi(sk)->conn; 376 struct hci_iso_data_hdr *hdr; 377 int len = 0; 378 379 BT_DBG("sk %p len %d", sk, skb->len); 380 381 if (skb->len > iso_pi(sk)->qos.out.sdu) 382 return -EMSGSIZE; 383 384 len = skb->len; 385 386 /* Push ISO data header */ 387 hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE); 388 hdr->sn = cpu_to_le16(conn->tx_sn++); 389 hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len, 390 HCI_ISO_STATUS_VALID)); 391 392 if (sk->sk_state == BT_CONNECTED) 393 hci_send_iso(conn->hcon, skb); 394 else 395 len = -ENOTCONN; 396 397 return len; 398 } 399 400 static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb) 401 { 402 struct sock *sk; 403 404 iso_conn_lock(conn); 405 sk = conn->sk; 406 iso_conn_unlock(conn); 407 408 if (!sk) 409 goto drop; 410 411 BT_DBG("sk %p len %d", sk, skb->len); 412 413 if (sk->sk_state != BT_CONNECTED) 414 goto drop; 415 416 if (!sock_queue_rcv_skb(sk, skb)) 417 return; 418 419 drop: 420 kfree_skb(skb); 421 } 422 423 /* -------- Socket interface ---------- */ 424 static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *ba) 425 { 426 struct sock *sk; 427 428 sk_for_each(sk, &iso_sk_list.head) { 429 if (sk->sk_state != BT_LISTEN) 430 continue; 431 432 if (!bacmp(&iso_pi(sk)->src, ba)) 433 return sk; 434 } 435 436 return NULL; 437 } 438 439 static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc, 440 __u8 sid) 441 { 442 struct sock *sk; 443 444 sk_for_each(sk, &iso_sk_list.head) { 445 if (sk->sk_state != BT_LISTEN) 446 continue; 447 448 if (bacmp(&iso_pi(sk)->src, ba)) 449 continue; 450 451 if (bacmp(&iso_pi(sk)->dst, bc)) 452 continue; 453 454 if (iso_pi(sk)->bc_sid == sid) 455 return sk; 456 } 457 458 return NULL; 459 } 460 461 typedef bool (*iso_sock_match_t)(struct sock *sk, void *data); 462 463 /* Find socket listening: 464 * source bdaddr (Unicast) 465 * destination bdaddr (Broadcast only) 466 * match func - pass NULL to ignore 467 * match func data - pass -1 to ignore 468 * Returns closest match. 469 */ 470 static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst, 471 iso_sock_match_t match, void *data) 472 { 473 struct sock *sk = NULL, *sk1 = NULL; 474 475 read_lock(&iso_sk_list.lock); 476 477 sk_for_each(sk, &iso_sk_list.head) { 478 if (sk->sk_state != BT_LISTEN) 479 continue; 480 481 /* Match Broadcast destination */ 482 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst)) 483 continue; 484 485 /* Use Match function if provided */ 486 if (match && !match(sk, data)) 487 continue; 488 489 /* Exact match. */ 490 if (!bacmp(&iso_pi(sk)->src, src)) 491 break; 492 493 /* Closest match */ 494 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) 495 sk1 = sk; 496 } 497 498 read_unlock(&iso_sk_list.lock); 499 500 return sk ? sk : sk1; 501 } 502 503 static void iso_sock_destruct(struct sock *sk) 504 { 505 BT_DBG("sk %p", sk); 506 507 skb_queue_purge(&sk->sk_receive_queue); 508 skb_queue_purge(&sk->sk_write_queue); 509 } 510 511 static void iso_sock_cleanup_listen(struct sock *parent) 512 { 513 struct sock *sk; 514 515 BT_DBG("parent %p", parent); 516 517 /* Close not yet accepted channels */ 518 while ((sk = bt_accept_dequeue(parent, NULL))) { 519 iso_sock_close(sk); 520 iso_sock_kill(sk); 521 } 522 523 parent->sk_state = BT_CLOSED; 524 sock_set_flag(parent, SOCK_ZAPPED); 525 } 526 527 /* Kill socket (only if zapped and orphan) 528 * Must be called on unlocked socket. 529 */ 530 static void iso_sock_kill(struct sock *sk) 531 { 532 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket || 533 sock_flag(sk, SOCK_DEAD)) 534 return; 535 536 BT_DBG("sk %p state %d", sk, sk->sk_state); 537 538 /* Kill poor orphan */ 539 bt_sock_unlink(&iso_sk_list, sk); 540 sock_set_flag(sk, SOCK_DEAD); 541 sock_put(sk); 542 } 543 544 static void iso_conn_defer_reject(struct hci_conn *conn) 545 { 546 struct hci_cp_le_reject_cis cp; 547 548 BT_DBG("conn %p", conn); 549 550 memset(&cp, 0, sizeof(cp)); 551 cp.handle = cpu_to_le16(conn->handle); 552 cp.reason = HCI_ERROR_REJ_BAD_ADDR; 553 hci_send_cmd(conn->hdev, HCI_OP_LE_REJECT_CIS, sizeof(cp), &cp); 554 } 555 556 static void __iso_sock_close(struct sock *sk) 557 { 558 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 559 560 switch (sk->sk_state) { 561 case BT_LISTEN: 562 iso_sock_cleanup_listen(sk); 563 break; 564 565 case BT_CONNECTED: 566 case BT_CONFIG: 567 if (iso_pi(sk)->conn->hcon) { 568 sk->sk_state = BT_DISCONN; 569 iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT); 570 iso_conn_lock(iso_pi(sk)->conn); 571 hci_conn_drop(iso_pi(sk)->conn->hcon); 572 iso_pi(sk)->conn->hcon = NULL; 573 iso_conn_unlock(iso_pi(sk)->conn); 574 } else { 575 iso_chan_del(sk, ECONNRESET); 576 } 577 break; 578 579 case BT_CONNECT2: 580 if (iso_pi(sk)->conn->hcon) 581 iso_conn_defer_reject(iso_pi(sk)->conn->hcon); 582 iso_chan_del(sk, ECONNRESET); 583 break; 584 case BT_CONNECT: 585 /* In case of DEFER_SETUP the hcon would be bound to CIG which 586 * needs to be removed so just call hci_conn_del so the cleanup 587 * callback do what is needed. 588 */ 589 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) && 590 iso_pi(sk)->conn->hcon) { 591 hci_conn_del(iso_pi(sk)->conn->hcon); 592 iso_pi(sk)->conn->hcon = NULL; 593 } 594 595 iso_chan_del(sk, ECONNRESET); 596 break; 597 case BT_DISCONN: 598 iso_chan_del(sk, ECONNRESET); 599 break; 600 601 default: 602 sock_set_flag(sk, SOCK_ZAPPED); 603 break; 604 } 605 } 606 607 /* Must be called on unlocked socket. */ 608 static void iso_sock_close(struct sock *sk) 609 { 610 iso_sock_clear_timer(sk); 611 lock_sock(sk); 612 __iso_sock_close(sk); 613 release_sock(sk); 614 iso_sock_kill(sk); 615 } 616 617 static void iso_sock_init(struct sock *sk, struct sock *parent) 618 { 619 BT_DBG("sk %p", sk); 620 621 if (parent) { 622 sk->sk_type = parent->sk_type; 623 bt_sk(sk)->flags = bt_sk(parent)->flags; 624 security_sk_clone(parent, sk); 625 } 626 } 627 628 static struct proto iso_proto = { 629 .name = "ISO", 630 .owner = THIS_MODULE, 631 .obj_size = sizeof(struct iso_pinfo) 632 }; 633 634 #define DEFAULT_IO_QOS \ 635 { \ 636 .interval = 10000u, \ 637 .latency = 10u, \ 638 .sdu = 40u, \ 639 .phy = BT_ISO_PHY_2M, \ 640 .rtn = 2u, \ 641 } 642 643 static struct bt_iso_qos default_qos = { 644 .cig = BT_ISO_QOS_CIG_UNSET, 645 .cis = BT_ISO_QOS_CIS_UNSET, 646 .sca = 0x00, 647 .packing = 0x00, 648 .framing = 0x00, 649 .in = DEFAULT_IO_QOS, 650 .out = DEFAULT_IO_QOS, 651 }; 652 653 static struct sock *iso_sock_alloc(struct net *net, struct socket *sock, 654 int proto, gfp_t prio, int kern) 655 { 656 struct sock *sk; 657 658 sk = sk_alloc(net, PF_BLUETOOTH, prio, &iso_proto, kern); 659 if (!sk) 660 return NULL; 661 662 sock_init_data(sock, sk); 663 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 664 665 sk->sk_destruct = iso_sock_destruct; 666 sk->sk_sndtimeo = ISO_CONN_TIMEOUT; 667 668 sock_reset_flag(sk, SOCK_ZAPPED); 669 670 sk->sk_protocol = proto; 671 sk->sk_state = BT_OPEN; 672 673 /* Set address type as public as default src address is BDADDR_ANY */ 674 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC; 675 676 iso_pi(sk)->qos = default_qos; 677 678 bt_sock_link(&iso_sk_list, sk); 679 return sk; 680 } 681 682 static int iso_sock_create(struct net *net, struct socket *sock, int protocol, 683 int kern) 684 { 685 struct sock *sk; 686 687 BT_DBG("sock %p", sock); 688 689 sock->state = SS_UNCONNECTED; 690 691 if (sock->type != SOCK_SEQPACKET) 692 return -ESOCKTNOSUPPORT; 693 694 sock->ops = &iso_sock_ops; 695 696 sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 697 if (!sk) 698 return -ENOMEM; 699 700 iso_sock_init(sk, NULL); 701 return 0; 702 } 703 704 static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr, 705 int addr_len) 706 { 707 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 708 struct sock *sk = sock->sk; 709 int i; 710 711 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid, 712 sa->iso_bc->bc_num_bis); 713 714 if (addr_len > sizeof(*sa) + sizeof(*sa->iso_bc) || 715 sa->iso_bc->bc_num_bis < 0x01 || sa->iso_bc->bc_num_bis > 0x1f) 716 return -EINVAL; 717 718 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr); 719 iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type; 720 iso_pi(sk)->sync_handle = -1; 721 iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid; 722 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis; 723 724 for (i = 0; i < iso_pi(sk)->bc_num_bis; i++) { 725 if (sa->iso_bc->bc_bis[i] < 0x01 || 726 sa->iso_bc->bc_bis[i] > 0x1f) 727 return -EINVAL; 728 729 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis, 730 iso_pi(sk)->bc_num_bis); 731 } 732 733 return 0; 734 } 735 736 static int iso_sock_bind(struct socket *sock, struct sockaddr *addr, 737 int addr_len) 738 { 739 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 740 struct sock *sk = sock->sk; 741 int err = 0; 742 743 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type); 744 745 if (!addr || addr_len < sizeof(struct sockaddr_iso) || 746 addr->sa_family != AF_BLUETOOTH) 747 return -EINVAL; 748 749 lock_sock(sk); 750 751 if (sk->sk_state != BT_OPEN) { 752 err = -EBADFD; 753 goto done; 754 } 755 756 if (sk->sk_type != SOCK_SEQPACKET) { 757 err = -EINVAL; 758 goto done; 759 } 760 761 /* Check if the address type is of LE type */ 762 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) { 763 err = -EINVAL; 764 goto done; 765 } 766 767 bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr); 768 iso_pi(sk)->src_type = sa->iso_bdaddr_type; 769 770 /* Check for Broadcast address */ 771 if (addr_len > sizeof(*sa)) { 772 err = iso_sock_bind_bc(sock, addr, addr_len); 773 if (err) 774 goto done; 775 } 776 777 sk->sk_state = BT_BOUND; 778 779 done: 780 release_sock(sk); 781 return err; 782 } 783 784 static int iso_sock_connect(struct socket *sock, struct sockaddr *addr, 785 int alen, int flags) 786 { 787 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 788 struct sock *sk = sock->sk; 789 int err; 790 791 BT_DBG("sk %p", sk); 792 793 if (alen < sizeof(struct sockaddr_iso) || 794 addr->sa_family != AF_BLUETOOTH) 795 return -EINVAL; 796 797 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 798 return -EBADFD; 799 800 if (sk->sk_type != SOCK_SEQPACKET) 801 return -EINVAL; 802 803 /* Check if the address type is of LE type */ 804 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) 805 return -EINVAL; 806 807 lock_sock(sk); 808 809 bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr); 810 iso_pi(sk)->dst_type = sa->iso_bdaddr_type; 811 812 if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 813 err = iso_connect_cis(sk); 814 else 815 err = iso_connect_bis(sk); 816 817 if (err) 818 goto done; 819 820 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 821 err = bt_sock_wait_state(sk, BT_CONNECTED, 822 sock_sndtimeo(sk, flags & O_NONBLOCK)); 823 } 824 825 done: 826 release_sock(sk); 827 return err; 828 } 829 830 static int iso_listen_bis(struct sock *sk) 831 { 832 struct hci_dev *hdev; 833 int err = 0; 834 835 BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src, 836 &iso_pi(sk)->dst, iso_pi(sk)->bc_sid); 837 838 write_lock(&iso_sk_list.lock); 839 840 if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst, 841 iso_pi(sk)->bc_sid)) 842 err = -EADDRINUSE; 843 844 write_unlock(&iso_sk_list.lock); 845 846 if (err) 847 return err; 848 849 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 850 iso_pi(sk)->src_type); 851 if (!hdev) 852 return -EHOSTUNREACH; 853 854 hci_dev_lock(hdev); 855 856 err = hci_pa_create_sync(hdev, &iso_pi(sk)->dst, iso_pi(sk)->dst_type, 857 iso_pi(sk)->bc_sid); 858 859 hci_dev_unlock(hdev); 860 861 return err; 862 } 863 864 static int iso_listen_cis(struct sock *sk) 865 { 866 int err = 0; 867 868 BT_DBG("%pMR", &iso_pi(sk)->src); 869 870 write_lock(&iso_sk_list.lock); 871 872 if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src)) 873 err = -EADDRINUSE; 874 875 write_unlock(&iso_sk_list.lock); 876 877 return err; 878 } 879 880 static int iso_sock_listen(struct socket *sock, int backlog) 881 { 882 struct sock *sk = sock->sk; 883 int err = 0; 884 885 BT_DBG("sk %p backlog %d", sk, backlog); 886 887 lock_sock(sk); 888 889 if (sk->sk_state != BT_BOUND) { 890 err = -EBADFD; 891 goto done; 892 } 893 894 if (sk->sk_type != SOCK_SEQPACKET) { 895 err = -EINVAL; 896 goto done; 897 } 898 899 if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 900 err = iso_listen_cis(sk); 901 else 902 err = iso_listen_bis(sk); 903 904 if (err) 905 goto done; 906 907 sk->sk_max_ack_backlog = backlog; 908 sk->sk_ack_backlog = 0; 909 910 sk->sk_state = BT_LISTEN; 911 912 done: 913 release_sock(sk); 914 return err; 915 } 916 917 static int iso_sock_accept(struct socket *sock, struct socket *newsock, 918 int flags, bool kern) 919 { 920 DEFINE_WAIT_FUNC(wait, woken_wake_function); 921 struct sock *sk = sock->sk, *ch; 922 long timeo; 923 int err = 0; 924 925 lock_sock(sk); 926 927 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 928 929 BT_DBG("sk %p timeo %ld", sk, timeo); 930 931 /* Wait for an incoming connection. (wake-one). */ 932 add_wait_queue_exclusive(sk_sleep(sk), &wait); 933 while (1) { 934 if (sk->sk_state != BT_LISTEN) { 935 err = -EBADFD; 936 break; 937 } 938 939 ch = bt_accept_dequeue(sk, newsock); 940 if (ch) 941 break; 942 943 if (!timeo) { 944 err = -EAGAIN; 945 break; 946 } 947 948 if (signal_pending(current)) { 949 err = sock_intr_errno(timeo); 950 break; 951 } 952 953 release_sock(sk); 954 955 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 956 lock_sock(sk); 957 } 958 remove_wait_queue(sk_sleep(sk), &wait); 959 960 if (err) 961 goto done; 962 963 newsock->state = SS_CONNECTED; 964 965 BT_DBG("new socket %p", ch); 966 967 done: 968 release_sock(sk); 969 return err; 970 } 971 972 static int iso_sock_getname(struct socket *sock, struct sockaddr *addr, 973 int peer) 974 { 975 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 976 struct sock *sk = sock->sk; 977 978 BT_DBG("sock %p, sk %p", sock, sk); 979 980 addr->sa_family = AF_BLUETOOTH; 981 982 if (peer) { 983 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst); 984 sa->iso_bdaddr_type = iso_pi(sk)->dst_type; 985 } else { 986 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src); 987 sa->iso_bdaddr_type = iso_pi(sk)->src_type; 988 } 989 990 return sizeof(struct sockaddr_iso); 991 } 992 993 static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg, 994 size_t len) 995 { 996 struct sock *sk = sock->sk; 997 struct iso_conn *conn = iso_pi(sk)->conn; 998 struct sk_buff *skb, **frag; 999 int err; 1000 1001 BT_DBG("sock %p, sk %p", sock, sk); 1002 1003 err = sock_error(sk); 1004 if (err) 1005 return err; 1006 1007 if (msg->msg_flags & MSG_OOB) 1008 return -EOPNOTSUPP; 1009 1010 if (sk->sk_state != BT_CONNECTED) 1011 return -ENOTCONN; 1012 1013 skb = bt_skb_sendmsg(sk, msg, len, conn->hcon->hdev->iso_mtu, 1014 HCI_ISO_DATA_HDR_SIZE, 0); 1015 if (IS_ERR(skb)) 1016 return PTR_ERR(skb); 1017 1018 len -= skb->len; 1019 1020 BT_DBG("skb %p len %d", sk, skb->len); 1021 1022 /* Continuation fragments */ 1023 frag = &skb_shinfo(skb)->frag_list; 1024 while (len) { 1025 struct sk_buff *tmp; 1026 1027 tmp = bt_skb_sendmsg(sk, msg, len, conn->hcon->hdev->iso_mtu, 1028 0, 0); 1029 if (IS_ERR(tmp)) { 1030 kfree_skb(skb); 1031 return PTR_ERR(tmp); 1032 } 1033 1034 *frag = tmp; 1035 1036 len -= tmp->len; 1037 1038 skb->len += tmp->len; 1039 skb->data_len += tmp->len; 1040 1041 BT_DBG("frag %p len %d", *frag, tmp->len); 1042 1043 frag = &(*frag)->next; 1044 } 1045 1046 lock_sock(sk); 1047 1048 if (sk->sk_state == BT_CONNECTED) 1049 err = iso_send_frame(sk, skb); 1050 else 1051 err = -ENOTCONN; 1052 1053 release_sock(sk); 1054 1055 if (err < 0) 1056 kfree_skb(skb); 1057 return err; 1058 } 1059 1060 static void iso_conn_defer_accept(struct hci_conn *conn) 1061 { 1062 struct hci_cp_le_accept_cis cp; 1063 struct hci_dev *hdev = conn->hdev; 1064 1065 BT_DBG("conn %p", conn); 1066 1067 conn->state = BT_CONFIG; 1068 1069 cp.handle = cpu_to_le16(conn->handle); 1070 1071 hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp); 1072 } 1073 1074 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1075 size_t len, int flags) 1076 { 1077 struct sock *sk = sock->sk; 1078 struct iso_pinfo *pi = iso_pi(sk); 1079 int err; 1080 1081 BT_DBG("sk %p", sk); 1082 1083 lock_sock(sk); 1084 1085 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1086 switch (sk->sk_state) { 1087 case BT_CONNECT2: 1088 iso_conn_defer_accept(pi->conn->hcon); 1089 sk->sk_state = BT_CONFIG; 1090 release_sock(sk); 1091 return 0; 1092 case BT_CONNECT: 1093 err = iso_connect_cis(sk); 1094 release_sock(sk); 1095 return err; 1096 } 1097 } 1098 1099 release_sock(sk); 1100 1101 return bt_sock_recvmsg(sock, msg, len, flags); 1102 } 1103 1104 static bool check_io_qos(struct bt_iso_io_qos *qos) 1105 { 1106 /* If no PHY is enable SDU must be 0 */ 1107 if (!qos->phy && qos->sdu) 1108 return false; 1109 1110 if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff)) 1111 return false; 1112 1113 if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0)) 1114 return false; 1115 1116 if (qos->phy > BT_ISO_PHY_ANY) 1117 return false; 1118 1119 return true; 1120 } 1121 1122 static bool check_qos(struct bt_iso_qos *qos) 1123 { 1124 if (qos->sca > 0x07) 1125 return false; 1126 1127 if (qos->packing > 0x01) 1128 return false; 1129 1130 if (qos->framing > 0x01) 1131 return false; 1132 1133 if (!check_io_qos(&qos->in)) 1134 return false; 1135 1136 if (!check_io_qos(&qos->out)) 1137 return false; 1138 1139 return true; 1140 } 1141 1142 static int iso_sock_setsockopt(struct socket *sock, int level, int optname, 1143 sockptr_t optval, unsigned int optlen) 1144 { 1145 struct sock *sk = sock->sk; 1146 int len, err = 0; 1147 struct bt_iso_qos qos; 1148 u32 opt; 1149 1150 BT_DBG("sk %p", sk); 1151 1152 lock_sock(sk); 1153 1154 switch (optname) { 1155 case BT_DEFER_SETUP: 1156 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1157 err = -EINVAL; 1158 break; 1159 } 1160 1161 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 1162 err = -EFAULT; 1163 break; 1164 } 1165 1166 if (opt) 1167 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1168 else 1169 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1170 break; 1171 1172 case BT_ISO_QOS: 1173 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1174 sk->sk_state != BT_CONNECT2) { 1175 err = -EINVAL; 1176 break; 1177 } 1178 1179 len = min_t(unsigned int, sizeof(qos), optlen); 1180 if (len != sizeof(qos)) 1181 return -EINVAL; 1182 1183 memset(&qos, 0, sizeof(qos)); 1184 1185 if (copy_from_sockptr(&qos, optval, len)) { 1186 err = -EFAULT; 1187 break; 1188 } 1189 1190 if (!check_qos(&qos)) { 1191 err = -EINVAL; 1192 break; 1193 } 1194 1195 iso_pi(sk)->qos = qos; 1196 1197 break; 1198 1199 case BT_ISO_BASE: 1200 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1201 sk->sk_state != BT_CONNECT2) { 1202 err = -EINVAL; 1203 break; 1204 } 1205 1206 if (optlen > sizeof(iso_pi(sk)->base)) { 1207 err = -EOVERFLOW; 1208 break; 1209 } 1210 1211 len = min_t(unsigned int, sizeof(iso_pi(sk)->base), optlen); 1212 1213 if (copy_from_sockptr(iso_pi(sk)->base, optval, len)) { 1214 err = -EFAULT; 1215 break; 1216 } 1217 1218 iso_pi(sk)->base_len = len; 1219 1220 break; 1221 1222 default: 1223 err = -ENOPROTOOPT; 1224 break; 1225 } 1226 1227 release_sock(sk); 1228 return err; 1229 } 1230 1231 static int iso_sock_getsockopt(struct socket *sock, int level, int optname, 1232 char __user *optval, int __user *optlen) 1233 { 1234 struct sock *sk = sock->sk; 1235 int len, err = 0; 1236 struct bt_iso_qos qos; 1237 u8 base_len; 1238 u8 *base; 1239 1240 BT_DBG("sk %p", sk); 1241 1242 if (get_user(len, optlen)) 1243 return -EFAULT; 1244 1245 lock_sock(sk); 1246 1247 switch (optname) { 1248 case BT_DEFER_SETUP: 1249 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1250 err = -EINVAL; 1251 break; 1252 } 1253 1254 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1255 (u32 __user *)optval)) 1256 err = -EFAULT; 1257 1258 break; 1259 1260 case BT_ISO_QOS: 1261 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2) 1262 qos = iso_pi(sk)->conn->hcon->iso_qos; 1263 else 1264 qos = iso_pi(sk)->qos; 1265 1266 len = min_t(unsigned int, len, sizeof(qos)); 1267 if (copy_to_user(optval, (char *)&qos, len)) 1268 err = -EFAULT; 1269 1270 break; 1271 1272 case BT_ISO_BASE: 1273 if (sk->sk_state == BT_CONNECTED) { 1274 base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len; 1275 base = iso_pi(sk)->conn->hcon->le_per_adv_data; 1276 } else { 1277 base_len = iso_pi(sk)->base_len; 1278 base = iso_pi(sk)->base; 1279 } 1280 1281 len = min_t(unsigned int, len, base_len); 1282 if (copy_to_user(optval, base, len)) 1283 err = -EFAULT; 1284 1285 break; 1286 1287 default: 1288 err = -ENOPROTOOPT; 1289 break; 1290 } 1291 1292 release_sock(sk); 1293 return err; 1294 } 1295 1296 static int iso_sock_shutdown(struct socket *sock, int how) 1297 { 1298 struct sock *sk = sock->sk; 1299 int err = 0; 1300 1301 BT_DBG("sock %p, sk %p", sock, sk); 1302 1303 if (!sk) 1304 return 0; 1305 1306 sock_hold(sk); 1307 lock_sock(sk); 1308 1309 if (!sk->sk_shutdown) { 1310 sk->sk_shutdown = SHUTDOWN_MASK; 1311 iso_sock_clear_timer(sk); 1312 __iso_sock_close(sk); 1313 1314 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1315 !(current->flags & PF_EXITING)) 1316 err = bt_sock_wait_state(sk, BT_CLOSED, 1317 sk->sk_lingertime); 1318 } 1319 1320 release_sock(sk); 1321 sock_put(sk); 1322 1323 return err; 1324 } 1325 1326 static int iso_sock_release(struct socket *sock) 1327 { 1328 struct sock *sk = sock->sk; 1329 int err = 0; 1330 1331 BT_DBG("sock %p, sk %p", sock, sk); 1332 1333 if (!sk) 1334 return 0; 1335 1336 iso_sock_close(sk); 1337 1338 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1339 !(current->flags & PF_EXITING)) { 1340 lock_sock(sk); 1341 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1342 release_sock(sk); 1343 } 1344 1345 sock_orphan(sk); 1346 iso_sock_kill(sk); 1347 return err; 1348 } 1349 1350 static void iso_sock_ready(struct sock *sk) 1351 { 1352 BT_DBG("sk %p", sk); 1353 1354 if (!sk) 1355 return; 1356 1357 lock_sock(sk); 1358 iso_sock_clear_timer(sk); 1359 sk->sk_state = BT_CONNECTED; 1360 sk->sk_state_change(sk); 1361 release_sock(sk); 1362 } 1363 1364 struct iso_list_data { 1365 struct hci_conn *hcon; 1366 int count; 1367 }; 1368 1369 static bool iso_match_big(struct sock *sk, void *data) 1370 { 1371 struct hci_evt_le_big_sync_estabilished *ev = data; 1372 1373 return ev->handle == iso_pi(sk)->qos.big; 1374 } 1375 1376 static void iso_conn_ready(struct iso_conn *conn) 1377 { 1378 struct sock *parent; 1379 struct sock *sk = conn->sk; 1380 struct hci_ev_le_big_sync_estabilished *ev; 1381 1382 BT_DBG("conn %p", conn); 1383 1384 if (sk) { 1385 iso_sock_ready(conn->sk); 1386 } else { 1387 iso_conn_lock(conn); 1388 1389 if (!conn->hcon) { 1390 iso_conn_unlock(conn); 1391 return; 1392 } 1393 1394 ev = hci_recv_event_data(conn->hcon->hdev, 1395 HCI_EVT_LE_BIG_SYNC_ESTABILISHED); 1396 if (ev) 1397 parent = iso_get_sock_listen(&conn->hcon->src, 1398 &conn->hcon->dst, 1399 iso_match_big, ev); 1400 else 1401 parent = iso_get_sock_listen(&conn->hcon->src, 1402 BDADDR_ANY, NULL, NULL); 1403 1404 if (!parent) { 1405 iso_conn_unlock(conn); 1406 return; 1407 } 1408 1409 lock_sock(parent); 1410 1411 sk = iso_sock_alloc(sock_net(parent), NULL, 1412 BTPROTO_ISO, GFP_ATOMIC, 0); 1413 if (!sk) { 1414 release_sock(parent); 1415 iso_conn_unlock(conn); 1416 return; 1417 } 1418 1419 iso_sock_init(sk, parent); 1420 1421 bacpy(&iso_pi(sk)->src, &conn->hcon->src); 1422 iso_pi(sk)->src_type = conn->hcon->src_type; 1423 1424 /* If hcon has no destination address (BDADDR_ANY) it means it 1425 * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED so we need to 1426 * initialize using the parent socket destination address. 1427 */ 1428 if (!bacmp(&conn->hcon->dst, BDADDR_ANY)) { 1429 bacpy(&conn->hcon->dst, &iso_pi(parent)->dst); 1430 conn->hcon->dst_type = iso_pi(parent)->dst_type; 1431 conn->hcon->sync_handle = iso_pi(parent)->sync_handle; 1432 } 1433 1434 bacpy(&iso_pi(sk)->dst, &conn->hcon->dst); 1435 iso_pi(sk)->dst_type = conn->hcon->dst_type; 1436 1437 hci_conn_hold(conn->hcon); 1438 __iso_chan_add(conn, sk, parent); 1439 1440 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1441 sk->sk_state = BT_CONNECT2; 1442 else 1443 sk->sk_state = BT_CONNECTED; 1444 1445 /* Wake up parent */ 1446 parent->sk_data_ready(parent); 1447 1448 release_sock(parent); 1449 1450 iso_conn_unlock(conn); 1451 } 1452 } 1453 1454 static bool iso_match_sid(struct sock *sk, void *data) 1455 { 1456 struct hci_ev_le_pa_sync_established *ev = data; 1457 1458 return ev->sid == iso_pi(sk)->bc_sid; 1459 } 1460 1461 static bool iso_match_sync_handle(struct sock *sk, void *data) 1462 { 1463 struct hci_evt_le_big_info_adv_report *ev = data; 1464 1465 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle; 1466 } 1467 1468 /* ----- ISO interface with lower layer (HCI) ----- */ 1469 1470 int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1471 { 1472 struct hci_ev_le_pa_sync_established *ev1; 1473 struct hci_evt_le_big_info_adv_report *ev2; 1474 struct sock *sk; 1475 int lm = 0; 1476 1477 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 1478 1479 /* Broadcast receiver requires handling of some events before it can 1480 * proceed to establishing a BIG sync: 1481 * 1482 * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific 1483 * SID to listen to and once sync is estabilished its handle needs to 1484 * be stored in iso_pi(sk)->sync_handle so it can be matched once 1485 * receiving the BIG Info. 1486 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a 1487 * a BIG Info it attempts to check if there any listening socket with 1488 * the same sync_handle and if it does then attempt to create a sync. 1489 */ 1490 ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED); 1491 if (ev1) { 1492 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, iso_match_sid, 1493 ev1); 1494 if (sk) 1495 iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle); 1496 1497 goto done; 1498 } 1499 1500 ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT); 1501 if (ev2) { 1502 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, 1503 iso_match_sync_handle, ev2); 1504 if (sk) { 1505 int err; 1506 1507 if (ev2->num_bis < iso_pi(sk)->bc_num_bis) 1508 iso_pi(sk)->bc_num_bis = ev2->num_bis; 1509 1510 err = hci_le_big_create_sync(hdev, 1511 &iso_pi(sk)->qos, 1512 iso_pi(sk)->sync_handle, 1513 iso_pi(sk)->bc_num_bis, 1514 iso_pi(sk)->bc_bis); 1515 if (err) { 1516 bt_dev_err(hdev, "hci_le_big_create_sync: %d", 1517 err); 1518 sk = NULL; 1519 } 1520 } 1521 } else { 1522 sk = iso_get_sock_listen(&hdev->bdaddr, BDADDR_ANY, NULL, NULL); 1523 } 1524 1525 done: 1526 if (!sk) 1527 return lm; 1528 1529 lm |= HCI_LM_ACCEPT; 1530 1531 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1532 *flags |= HCI_PROTO_DEFER; 1533 1534 return lm; 1535 } 1536 1537 static void iso_connect_cfm(struct hci_conn *hcon, __u8 status) 1538 { 1539 if (hcon->type != ISO_LINK) { 1540 if (hcon->type != LE_LINK) 1541 return; 1542 1543 /* Check if LE link has failed */ 1544 if (status) { 1545 if (hcon->link) 1546 iso_conn_del(hcon->link, bt_to_errno(status)); 1547 return; 1548 } 1549 1550 /* Create CIS if pending */ 1551 hci_le_create_cis(hcon); 1552 return; 1553 } 1554 1555 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 1556 1557 if (!status) { 1558 struct iso_conn *conn; 1559 1560 conn = iso_conn_add(hcon); 1561 if (conn) 1562 iso_conn_ready(conn); 1563 } else { 1564 iso_conn_del(hcon, bt_to_errno(status)); 1565 } 1566 } 1567 1568 static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1569 { 1570 if (hcon->type != ISO_LINK) 1571 return; 1572 1573 BT_DBG("hcon %p reason %d", hcon, reason); 1574 1575 iso_conn_del(hcon, bt_to_errno(reason)); 1576 } 1577 1578 void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) 1579 { 1580 struct iso_conn *conn = hcon->iso_data; 1581 struct hci_iso_data_hdr *hdr; 1582 __u16 pb, ts, len; 1583 1584 if (!conn) 1585 goto drop; 1586 1587 pb = hci_iso_flags_pb(flags); 1588 ts = hci_iso_flags_ts(flags); 1589 1590 BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts); 1591 1592 switch (pb) { 1593 case ISO_START: 1594 case ISO_SINGLE: 1595 if (conn->rx_len) { 1596 BT_ERR("Unexpected start frame (len %d)", skb->len); 1597 kfree_skb(conn->rx_skb); 1598 conn->rx_skb = NULL; 1599 conn->rx_len = 0; 1600 } 1601 1602 if (ts) { 1603 /* TODO: add timestamp to the packet? */ 1604 hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE); 1605 if (!hdr) { 1606 BT_ERR("Frame is too short (len %d)", skb->len); 1607 goto drop; 1608 } 1609 1610 } else { 1611 hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE); 1612 if (!hdr) { 1613 BT_ERR("Frame is too short (len %d)", skb->len); 1614 goto drop; 1615 } 1616 } 1617 1618 len = __le16_to_cpu(hdr->slen); 1619 flags = hci_iso_data_flags(len); 1620 len = hci_iso_data_len(len); 1621 1622 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len, 1623 skb->len, flags); 1624 1625 if (len == skb->len) { 1626 /* Complete frame received */ 1627 iso_recv_frame(conn, skb); 1628 return; 1629 } 1630 1631 if (pb == ISO_SINGLE) { 1632 BT_ERR("Frame malformed (len %d, expected len %d)", 1633 skb->len, len); 1634 goto drop; 1635 } 1636 1637 if (skb->len > len) { 1638 BT_ERR("Frame is too long (len %d, expected len %d)", 1639 skb->len, len); 1640 goto drop; 1641 } 1642 1643 /* Allocate skb for the complete frame (with header) */ 1644 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL); 1645 if (!conn->rx_skb) 1646 goto drop; 1647 1648 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1649 skb->len); 1650 conn->rx_len = len - skb->len; 1651 break; 1652 1653 case ISO_CONT: 1654 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, 1655 conn->rx_len); 1656 1657 if (!conn->rx_len) { 1658 BT_ERR("Unexpected continuation frame (len %d)", 1659 skb->len); 1660 goto drop; 1661 } 1662 1663 if (skb->len > conn->rx_len) { 1664 BT_ERR("Fragment is too long (len %d, expected %d)", 1665 skb->len, conn->rx_len); 1666 kfree_skb(conn->rx_skb); 1667 conn->rx_skb = NULL; 1668 conn->rx_len = 0; 1669 goto drop; 1670 } 1671 1672 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1673 skb->len); 1674 conn->rx_len -= skb->len; 1675 return; 1676 1677 case ISO_END: 1678 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 1679 skb->len); 1680 conn->rx_len -= skb->len; 1681 1682 if (!conn->rx_len) { 1683 struct sk_buff *rx_skb = conn->rx_skb; 1684 1685 /* Complete frame received. iso_recv_frame 1686 * takes ownership of the skb so set the global 1687 * rx_skb pointer to NULL first. 1688 */ 1689 conn->rx_skb = NULL; 1690 iso_recv_frame(conn, rx_skb); 1691 } 1692 break; 1693 } 1694 1695 drop: 1696 kfree_skb(skb); 1697 } 1698 1699 static struct hci_cb iso_cb = { 1700 .name = "ISO", 1701 .connect_cfm = iso_connect_cfm, 1702 .disconn_cfm = iso_disconn_cfm, 1703 }; 1704 1705 static int iso_debugfs_show(struct seq_file *f, void *p) 1706 { 1707 struct sock *sk; 1708 1709 read_lock(&iso_sk_list.lock); 1710 1711 sk_for_each(sk, &iso_sk_list.head) { 1712 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src, 1713 &iso_pi(sk)->dst, sk->sk_state); 1714 } 1715 1716 read_unlock(&iso_sk_list.lock); 1717 1718 return 0; 1719 } 1720 1721 DEFINE_SHOW_ATTRIBUTE(iso_debugfs); 1722 1723 static struct dentry *iso_debugfs; 1724 1725 static const struct proto_ops iso_sock_ops = { 1726 .family = PF_BLUETOOTH, 1727 .owner = THIS_MODULE, 1728 .release = iso_sock_release, 1729 .bind = iso_sock_bind, 1730 .connect = iso_sock_connect, 1731 .listen = iso_sock_listen, 1732 .accept = iso_sock_accept, 1733 .getname = iso_sock_getname, 1734 .sendmsg = iso_sock_sendmsg, 1735 .recvmsg = iso_sock_recvmsg, 1736 .poll = bt_sock_poll, 1737 .ioctl = bt_sock_ioctl, 1738 .mmap = sock_no_mmap, 1739 .socketpair = sock_no_socketpair, 1740 .shutdown = iso_sock_shutdown, 1741 .setsockopt = iso_sock_setsockopt, 1742 .getsockopt = iso_sock_getsockopt 1743 }; 1744 1745 static const struct net_proto_family iso_sock_family_ops = { 1746 .family = PF_BLUETOOTH, 1747 .owner = THIS_MODULE, 1748 .create = iso_sock_create, 1749 }; 1750 1751 static bool iso_inited; 1752 1753 bool iso_enabled(void) 1754 { 1755 return iso_inited; 1756 } 1757 1758 int iso_init(void) 1759 { 1760 int err; 1761 1762 BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr)); 1763 1764 if (iso_inited) 1765 return -EALREADY; 1766 1767 err = proto_register(&iso_proto, 0); 1768 if (err < 0) 1769 return err; 1770 1771 err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops); 1772 if (err < 0) { 1773 BT_ERR("ISO socket registration failed"); 1774 goto error; 1775 } 1776 1777 err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL); 1778 if (err < 0) { 1779 BT_ERR("Failed to create ISO proc file"); 1780 bt_sock_unregister(BTPROTO_ISO); 1781 goto error; 1782 } 1783 1784 BT_INFO("ISO socket layer initialized"); 1785 1786 hci_register_cb(&iso_cb); 1787 1788 if (IS_ERR_OR_NULL(bt_debugfs)) 1789 return 0; 1790 1791 if (!iso_debugfs) { 1792 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs, 1793 NULL, &iso_debugfs_fops); 1794 } 1795 1796 iso_inited = true; 1797 1798 return 0; 1799 1800 error: 1801 proto_unregister(&iso_proto); 1802 return err; 1803 } 1804 1805 int iso_exit(void) 1806 { 1807 if (!iso_inited) 1808 return -EALREADY; 1809 1810 bt_procfs_cleanup(&init_net, "iso"); 1811 1812 debugfs_remove(iso_debugfs); 1813 iso_debugfs = NULL; 1814 1815 hci_unregister_cb(&iso_cb); 1816 1817 bt_sock_unregister(BTPROTO_ISO); 1818 1819 proto_unregister(&iso_proto); 1820 1821 iso_inited = false; 1822 1823 return 0; 1824 } 1825