1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth SCO sockets. */ 26 27 #include <linux/module.h> 28 #include <linux/debugfs.h> 29 #include <linux/seq_file.h> 30 #include <linux/sched/signal.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/sco.h> 35 36 static bool disable_esco; 37 38 static const struct proto_ops sco_sock_ops; 39 40 static struct bt_sock_list sco_sk_list = { 41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 42 }; 43 44 /* ---- SCO connections ---- */ 45 struct sco_conn { 46 struct hci_conn *hcon; 47 48 spinlock_t lock; 49 struct sock *sk; 50 51 struct delayed_work timeout_work; 52 53 unsigned int mtu; 54 struct kref ref; 55 }; 56 57 #define sco_conn_lock(c) spin_lock(&c->lock) 58 #define sco_conn_unlock(c) spin_unlock(&c->lock) 59 60 static void sco_sock_close(struct sock *sk); 61 static void sco_sock_kill(struct sock *sk); 62 63 /* ----- SCO socket info ----- */ 64 #define sco_pi(sk) ((struct sco_pinfo *) sk) 65 66 struct sco_pinfo { 67 struct bt_sock bt; 68 bdaddr_t src; 69 bdaddr_t dst; 70 __u32 flags; 71 __u16 setting; 72 struct bt_codec codec; 73 struct sco_conn *conn; 74 }; 75 76 /* ---- SCO timers ---- */ 77 #define SCO_CONN_TIMEOUT (HZ * 40) 78 #define SCO_DISCONN_TIMEOUT (HZ * 2) 79 80 static void sco_conn_free(struct kref *ref) 81 { 82 struct sco_conn *conn = container_of(ref, struct sco_conn, ref); 83 84 BT_DBG("conn %p", conn); 85 86 if (conn->sk) 87 sco_pi(conn->sk)->conn = NULL; 88 89 if (conn->hcon) { 90 conn->hcon->sco_data = NULL; 91 hci_conn_drop(conn->hcon); 92 } 93 94 /* Ensure no more work items will run since hci_conn has been dropped */ 95 disable_delayed_work_sync(&conn->timeout_work); 96 97 kfree(conn); 98 } 99 100 static void sco_conn_put(struct sco_conn *conn) 101 { 102 if (!conn) 103 return; 104 105 BT_DBG("conn %p refcnt %d", conn, kref_read(&conn->ref)); 106 107 kref_put(&conn->ref, sco_conn_free); 108 } 109 110 static struct sco_conn *sco_conn_hold(struct sco_conn *conn) 111 { 112 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref)); 113 114 kref_get(&conn->ref); 115 return conn; 116 } 117 118 static struct sco_conn *sco_conn_hold_unless_zero(struct sco_conn *conn) 119 { 120 if (!conn) 121 return NULL; 122 123 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref)); 124 125 if (!kref_get_unless_zero(&conn->ref)) 126 return NULL; 127 128 return conn; 129 } 130 131 static struct sock *sco_sock_hold(struct sco_conn *conn) 132 { 133 if (!conn || !bt_sock_linked(&sco_sk_list, conn->sk)) 134 return NULL; 135 136 sock_hold(conn->sk); 137 138 return conn->sk; 139 } 140 141 static void sco_sock_timeout(struct work_struct *work) 142 { 143 struct sco_conn *conn = container_of(work, struct sco_conn, 144 timeout_work.work); 145 struct sock *sk; 146 147 conn = sco_conn_hold_unless_zero(conn); 148 if (!conn) 149 return; 150 151 sco_conn_lock(conn); 152 if (!conn->hcon) { 153 sco_conn_unlock(conn); 154 sco_conn_put(conn); 155 return; 156 } 157 sk = sco_sock_hold(conn); 158 sco_conn_unlock(conn); 159 sco_conn_put(conn); 160 161 if (!sk) 162 return; 163 164 BT_DBG("sock %p state %d", sk, sk->sk_state); 165 166 lock_sock(sk); 167 sk->sk_err = ETIMEDOUT; 168 sk->sk_state_change(sk); 169 release_sock(sk); 170 sock_put(sk); 171 } 172 173 static void sco_sock_set_timer(struct sock *sk, long timeout) 174 { 175 if (!sco_pi(sk)->conn) 176 return; 177 178 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 179 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 180 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout); 181 } 182 183 static void sco_sock_clear_timer(struct sock *sk) 184 { 185 if (!sco_pi(sk)->conn) 186 return; 187 188 BT_DBG("sock %p state %d", sk, sk->sk_state); 189 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 190 } 191 192 /* ---- SCO connections ---- */ 193 static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 194 { 195 struct sco_conn *conn = hcon->sco_data; 196 197 conn = sco_conn_hold_unless_zero(conn); 198 if (conn) { 199 if (!conn->hcon) { 200 sco_conn_lock(conn); 201 conn->hcon = hcon; 202 sco_conn_unlock(conn); 203 } 204 return conn; 205 } 206 207 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); 208 if (!conn) 209 return NULL; 210 211 kref_init(&conn->ref); 212 spin_lock_init(&conn->lock); 213 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout); 214 215 hcon->sco_data = conn; 216 conn->hcon = hcon; 217 conn->mtu = hcon->mtu; 218 219 if (hcon->mtu > 0) 220 conn->mtu = hcon->mtu; 221 else 222 conn->mtu = 60; 223 224 BT_DBG("hcon %p conn %p", hcon, conn); 225 226 return conn; 227 } 228 229 /* Delete channel. 230 * Must be called on the locked socket. */ 231 static void sco_chan_del(struct sock *sk, int err) 232 { 233 struct sco_conn *conn; 234 235 conn = sco_pi(sk)->conn; 236 sco_pi(sk)->conn = NULL; 237 238 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 239 240 if (conn) { 241 sco_conn_lock(conn); 242 conn->sk = NULL; 243 sco_conn_unlock(conn); 244 sco_conn_put(conn); 245 } 246 247 sk->sk_state = BT_CLOSED; 248 sk->sk_err = err; 249 sk->sk_state_change(sk); 250 251 sock_set_flag(sk, SOCK_ZAPPED); 252 } 253 254 static void sco_conn_del(struct hci_conn *hcon, int err) 255 { 256 struct sco_conn *conn = hcon->sco_data; 257 struct sock *sk; 258 259 conn = sco_conn_hold_unless_zero(conn); 260 if (!conn) 261 return; 262 263 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 264 265 sco_conn_lock(conn); 266 sk = sco_sock_hold(conn); 267 sco_conn_unlock(conn); 268 sco_conn_put(conn); 269 270 if (!sk) { 271 sco_conn_put(conn); 272 return; 273 } 274 275 /* Kill socket */ 276 lock_sock(sk); 277 sco_sock_clear_timer(sk); 278 sco_chan_del(sk, err); 279 release_sock(sk); 280 sock_put(sk); 281 } 282 283 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, 284 struct sock *parent) 285 { 286 BT_DBG("conn %p", conn); 287 288 sco_pi(sk)->conn = conn; 289 conn->sk = sk; 290 291 if (parent) 292 bt_accept_enqueue(parent, sk, true); 293 } 294 295 static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 296 struct sock *parent) 297 { 298 int err = 0; 299 300 sco_conn_lock(conn); 301 if (conn->sk) 302 err = -EBUSY; 303 else 304 __sco_chan_add(conn, sk, parent); 305 306 sco_conn_unlock(conn); 307 return err; 308 } 309 310 static int sco_connect(struct sock *sk) 311 { 312 struct sco_conn *conn; 313 struct hci_conn *hcon; 314 struct hci_dev *hdev; 315 int err, type; 316 317 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 318 319 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 320 if (!hdev) 321 return -EHOSTUNREACH; 322 323 hci_dev_lock(hdev); 324 325 if (lmp_esco_capable(hdev) && !disable_esco) 326 type = ESCO_LINK; 327 else 328 type = SCO_LINK; 329 330 switch (sco_pi(sk)->setting & SCO_AIRMODE_MASK) { 331 case SCO_AIRMODE_TRANSP: 332 if (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)) { 333 err = -EOPNOTSUPP; 334 goto unlock; 335 } 336 break; 337 } 338 339 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, 340 sco_pi(sk)->setting, &sco_pi(sk)->codec, 341 sk->sk_sndtimeo); 342 if (IS_ERR(hcon)) { 343 err = PTR_ERR(hcon); 344 goto unlock; 345 } 346 347 conn = sco_conn_add(hcon); 348 if (!conn) { 349 hci_conn_drop(hcon); 350 err = -ENOMEM; 351 goto unlock; 352 } 353 354 lock_sock(sk); 355 356 err = sco_chan_add(conn, sk, NULL); 357 if (err) { 358 release_sock(sk); 359 goto unlock; 360 } 361 362 /* Update source addr of the socket */ 363 bacpy(&sco_pi(sk)->src, &hcon->src); 364 365 if (hcon->state == BT_CONNECTED) { 366 sco_sock_clear_timer(sk); 367 sk->sk_state = BT_CONNECTED; 368 } else { 369 sk->sk_state = BT_CONNECT; 370 sco_sock_set_timer(sk, sk->sk_sndtimeo); 371 } 372 373 release_sock(sk); 374 375 unlock: 376 hci_dev_unlock(hdev); 377 hci_dev_put(hdev); 378 return err; 379 } 380 381 static int sco_send_frame(struct sock *sk, struct sk_buff *skb) 382 { 383 struct sco_conn *conn = sco_pi(sk)->conn; 384 int len = skb->len; 385 386 /* Check outgoing MTU */ 387 if (len > conn->mtu) 388 return -EINVAL; 389 390 BT_DBG("sk %p len %d", sk, len); 391 392 hci_send_sco(conn->hcon, skb); 393 394 return len; 395 } 396 397 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 398 { 399 struct sock *sk; 400 401 sco_conn_lock(conn); 402 sk = conn->sk; 403 sco_conn_unlock(conn); 404 405 if (!sk) 406 goto drop; 407 408 BT_DBG("sk %p len %u", sk, skb->len); 409 410 if (sk->sk_state != BT_CONNECTED) 411 goto drop; 412 413 if (!sock_queue_rcv_skb(sk, skb)) 414 return; 415 416 drop: 417 kfree_skb(skb); 418 } 419 420 /* -------- Socket interface ---------- */ 421 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 422 { 423 struct sock *sk; 424 425 sk_for_each(sk, &sco_sk_list.head) { 426 if (sk->sk_state != BT_LISTEN) 427 continue; 428 429 if (!bacmp(&sco_pi(sk)->src, ba)) 430 return sk; 431 } 432 433 return NULL; 434 } 435 436 /* Find socket listening on source bdaddr. 437 * Returns closest match. 438 */ 439 static struct sock *sco_get_sock_listen(bdaddr_t *src) 440 { 441 struct sock *sk = NULL, *sk1 = NULL; 442 443 read_lock(&sco_sk_list.lock); 444 445 sk_for_each(sk, &sco_sk_list.head) { 446 if (sk->sk_state != BT_LISTEN) 447 continue; 448 449 /* Exact match. */ 450 if (!bacmp(&sco_pi(sk)->src, src)) 451 break; 452 453 /* Closest match */ 454 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 455 sk1 = sk; 456 } 457 458 read_unlock(&sco_sk_list.lock); 459 460 return sk ? sk : sk1; 461 } 462 463 static void sco_sock_destruct(struct sock *sk) 464 { 465 BT_DBG("sk %p", sk); 466 467 sco_conn_put(sco_pi(sk)->conn); 468 469 skb_queue_purge(&sk->sk_receive_queue); 470 skb_queue_purge(&sk->sk_write_queue); 471 } 472 473 static void sco_sock_cleanup_listen(struct sock *parent) 474 { 475 struct sock *sk; 476 477 BT_DBG("parent %p", parent); 478 479 /* Close not yet accepted channels */ 480 while ((sk = bt_accept_dequeue(parent, NULL))) { 481 sco_sock_close(sk); 482 sco_sock_kill(sk); 483 } 484 485 parent->sk_state = BT_CLOSED; 486 sock_set_flag(parent, SOCK_ZAPPED); 487 } 488 489 /* Kill socket (only if zapped and orphan) 490 * Must be called on unlocked socket. 491 */ 492 static void sco_sock_kill(struct sock *sk) 493 { 494 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 495 return; 496 497 BT_DBG("sk %p state %d", sk, sk->sk_state); 498 499 /* Kill poor orphan */ 500 bt_sock_unlink(&sco_sk_list, sk); 501 sock_set_flag(sk, SOCK_DEAD); 502 sock_put(sk); 503 } 504 505 static void __sco_sock_close(struct sock *sk) 506 { 507 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 508 509 switch (sk->sk_state) { 510 case BT_LISTEN: 511 sco_sock_cleanup_listen(sk); 512 break; 513 514 case BT_CONNECTED: 515 case BT_CONFIG: 516 case BT_CONNECT2: 517 case BT_CONNECT: 518 case BT_DISCONN: 519 sco_chan_del(sk, ECONNRESET); 520 break; 521 522 default: 523 sock_set_flag(sk, SOCK_ZAPPED); 524 break; 525 } 526 527 } 528 529 /* Must be called on unlocked socket. */ 530 static void sco_sock_close(struct sock *sk) 531 { 532 lock_sock(sk); 533 sco_sock_clear_timer(sk); 534 __sco_sock_close(sk); 535 release_sock(sk); 536 } 537 538 static void sco_sock_init(struct sock *sk, struct sock *parent) 539 { 540 BT_DBG("sk %p", sk); 541 542 if (parent) { 543 sk->sk_type = parent->sk_type; 544 bt_sk(sk)->flags = bt_sk(parent)->flags; 545 security_sk_clone(parent, sk); 546 } 547 } 548 549 static struct proto sco_proto = { 550 .name = "SCO", 551 .owner = THIS_MODULE, 552 .obj_size = sizeof(struct sco_pinfo) 553 }; 554 555 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, 556 int proto, gfp_t prio, int kern) 557 { 558 struct sock *sk; 559 560 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern); 561 if (!sk) 562 return NULL; 563 564 sk->sk_destruct = sco_sock_destruct; 565 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 566 567 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 568 sco_pi(sk)->codec.id = BT_CODEC_CVSD; 569 sco_pi(sk)->codec.cid = 0xffff; 570 sco_pi(sk)->codec.vid = 0xffff; 571 sco_pi(sk)->codec.data_path = 0x00; 572 573 bt_sock_link(&sco_sk_list, sk); 574 return sk; 575 } 576 577 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 578 int kern) 579 { 580 struct sock *sk; 581 582 BT_DBG("sock %p", sock); 583 584 sock->state = SS_UNCONNECTED; 585 586 if (sock->type != SOCK_SEQPACKET) 587 return -ESOCKTNOSUPPORT; 588 589 sock->ops = &sco_sock_ops; 590 591 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 592 if (!sk) 593 return -ENOMEM; 594 595 sco_sock_init(sk, NULL); 596 return 0; 597 } 598 599 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, 600 int addr_len) 601 { 602 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 603 struct sock *sk = sock->sk; 604 int err = 0; 605 606 if (!addr || addr_len < sizeof(struct sockaddr_sco) || 607 addr->sa_family != AF_BLUETOOTH) 608 return -EINVAL; 609 610 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 611 612 lock_sock(sk); 613 614 if (sk->sk_state != BT_OPEN) { 615 err = -EBADFD; 616 goto done; 617 } 618 619 if (sk->sk_type != SOCK_SEQPACKET) { 620 err = -EINVAL; 621 goto done; 622 } 623 624 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 625 626 sk->sk_state = BT_BOUND; 627 628 done: 629 release_sock(sk); 630 return err; 631 } 632 633 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 634 { 635 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 636 struct sock *sk = sock->sk; 637 int err; 638 639 BT_DBG("sk %p", sk); 640 641 if (alen < sizeof(struct sockaddr_sco) || 642 addr->sa_family != AF_BLUETOOTH) 643 return -EINVAL; 644 645 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 646 return -EBADFD; 647 648 if (sk->sk_type != SOCK_SEQPACKET) 649 err = -EINVAL; 650 651 lock_sock(sk); 652 /* Set destination address and psm */ 653 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 654 release_sock(sk); 655 656 err = sco_connect(sk); 657 if (err) 658 return err; 659 660 lock_sock(sk); 661 662 err = bt_sock_wait_state(sk, BT_CONNECTED, 663 sock_sndtimeo(sk, flags & O_NONBLOCK)); 664 665 release_sock(sk); 666 return err; 667 } 668 669 static int sco_sock_listen(struct socket *sock, int backlog) 670 { 671 struct sock *sk = sock->sk; 672 bdaddr_t *src = &sco_pi(sk)->src; 673 int err = 0; 674 675 BT_DBG("sk %p backlog %d", sk, backlog); 676 677 lock_sock(sk); 678 679 if (sk->sk_state != BT_BOUND) { 680 err = -EBADFD; 681 goto done; 682 } 683 684 if (sk->sk_type != SOCK_SEQPACKET) { 685 err = -EINVAL; 686 goto done; 687 } 688 689 write_lock(&sco_sk_list.lock); 690 691 if (__sco_get_sock_listen_by_addr(src)) { 692 err = -EADDRINUSE; 693 goto unlock; 694 } 695 696 sk->sk_max_ack_backlog = backlog; 697 sk->sk_ack_backlog = 0; 698 699 sk->sk_state = BT_LISTEN; 700 701 unlock: 702 write_unlock(&sco_sk_list.lock); 703 704 done: 705 release_sock(sk); 706 return err; 707 } 708 709 static int sco_sock_accept(struct socket *sock, struct socket *newsock, 710 struct proto_accept_arg *arg) 711 { 712 DEFINE_WAIT_FUNC(wait, woken_wake_function); 713 struct sock *sk = sock->sk, *ch; 714 long timeo; 715 int err = 0; 716 717 lock_sock(sk); 718 719 timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK); 720 721 BT_DBG("sk %p timeo %ld", sk, timeo); 722 723 /* Wait for an incoming connection. (wake-one). */ 724 add_wait_queue_exclusive(sk_sleep(sk), &wait); 725 while (1) { 726 if (sk->sk_state != BT_LISTEN) { 727 err = -EBADFD; 728 break; 729 } 730 731 ch = bt_accept_dequeue(sk, newsock); 732 if (ch) 733 break; 734 735 if (!timeo) { 736 err = -EAGAIN; 737 break; 738 } 739 740 if (signal_pending(current)) { 741 err = sock_intr_errno(timeo); 742 break; 743 } 744 745 release_sock(sk); 746 747 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 748 lock_sock(sk); 749 } 750 remove_wait_queue(sk_sleep(sk), &wait); 751 752 if (err) 753 goto done; 754 755 newsock->state = SS_CONNECTED; 756 757 BT_DBG("new socket %p", ch); 758 759 done: 760 release_sock(sk); 761 return err; 762 } 763 764 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, 765 int peer) 766 { 767 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 768 struct sock *sk = sock->sk; 769 770 BT_DBG("sock %p, sk %p", sock, sk); 771 772 addr->sa_family = AF_BLUETOOTH; 773 774 if (peer) 775 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 776 else 777 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 778 779 return sizeof(struct sockaddr_sco); 780 } 781 782 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, 783 size_t len) 784 { 785 struct sock *sk = sock->sk; 786 struct sk_buff *skb; 787 int err; 788 789 BT_DBG("sock %p, sk %p", sock, sk); 790 791 err = sock_error(sk); 792 if (err) 793 return err; 794 795 if (msg->msg_flags & MSG_OOB) 796 return -EOPNOTSUPP; 797 798 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0); 799 if (IS_ERR(skb)) 800 return PTR_ERR(skb); 801 802 lock_sock(sk); 803 804 if (sk->sk_state == BT_CONNECTED) 805 err = sco_send_frame(sk, skb); 806 else 807 err = -ENOTCONN; 808 809 release_sock(sk); 810 811 if (err < 0) 812 kfree_skb(skb); 813 return err; 814 } 815 816 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 817 { 818 struct hci_dev *hdev = conn->hdev; 819 820 BT_DBG("conn %p", conn); 821 822 conn->state = BT_CONFIG; 823 824 if (!lmp_esco_capable(hdev)) { 825 struct hci_cp_accept_conn_req cp; 826 827 bacpy(&cp.bdaddr, &conn->dst); 828 cp.role = 0x00; /* Ignored */ 829 830 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 831 } else { 832 struct hci_cp_accept_sync_conn_req cp; 833 834 bacpy(&cp.bdaddr, &conn->dst); 835 cp.pkt_type = cpu_to_le16(conn->pkt_type); 836 837 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 838 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 839 cp.content_format = cpu_to_le16(setting); 840 841 switch (setting & SCO_AIRMODE_MASK) { 842 case SCO_AIRMODE_TRANSP: 843 if (conn->pkt_type & ESCO_2EV3) 844 cp.max_latency = cpu_to_le16(0x0008); 845 else 846 cp.max_latency = cpu_to_le16(0x000D); 847 cp.retrans_effort = 0x02; 848 break; 849 case SCO_AIRMODE_CVSD: 850 cp.max_latency = cpu_to_le16(0xffff); 851 cp.retrans_effort = 0xff; 852 break; 853 default: 854 /* use CVSD settings as fallback */ 855 cp.max_latency = cpu_to_le16(0xffff); 856 cp.retrans_effort = 0xff; 857 break; 858 } 859 860 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 861 sizeof(cp), &cp); 862 } 863 } 864 865 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, 866 size_t len, int flags) 867 { 868 struct sock *sk = sock->sk; 869 struct sco_pinfo *pi = sco_pi(sk); 870 871 lock_sock(sk); 872 873 if (sk->sk_state == BT_CONNECT2 && 874 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 875 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 876 sk->sk_state = BT_CONFIG; 877 878 release_sock(sk); 879 return 0; 880 } 881 882 release_sock(sk); 883 884 return bt_sock_recvmsg(sock, msg, len, flags); 885 } 886 887 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, 888 sockptr_t optval, unsigned int optlen) 889 { 890 struct sock *sk = sock->sk; 891 int err = 0; 892 struct bt_voice voice; 893 u32 opt; 894 struct bt_codecs *codecs; 895 struct hci_dev *hdev; 896 __u8 buffer[255]; 897 898 BT_DBG("sk %p", sk); 899 900 lock_sock(sk); 901 902 switch (optname) { 903 904 case BT_DEFER_SETUP: 905 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 906 err = -EINVAL; 907 break; 908 } 909 910 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen); 911 if (err) 912 break; 913 914 if (opt) 915 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 916 else 917 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 918 break; 919 920 case BT_VOICE: 921 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 922 sk->sk_state != BT_CONNECT2) { 923 err = -EINVAL; 924 break; 925 } 926 927 voice.setting = sco_pi(sk)->setting; 928 929 err = copy_safe_from_sockptr(&voice, sizeof(voice), optval, 930 optlen); 931 if (err) 932 break; 933 934 sco_pi(sk)->setting = voice.setting; 935 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 936 BDADDR_BREDR); 937 if (!hdev) { 938 err = -EBADFD; 939 break; 940 } 941 942 switch (sco_pi(sk)->setting & SCO_AIRMODE_MASK) { 943 case SCO_AIRMODE_TRANSP: 944 if (enhanced_sync_conn_capable(hdev)) 945 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT; 946 break; 947 } 948 949 hci_dev_put(hdev); 950 break; 951 952 case BT_PKT_STATUS: 953 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen); 954 if (err) 955 break; 956 957 if (opt) 958 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 959 else 960 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 961 break; 962 963 case BT_CODEC: 964 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 965 sk->sk_state != BT_CONNECT2) { 966 err = -EINVAL; 967 break; 968 } 969 970 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 971 BDADDR_BREDR); 972 if (!hdev) { 973 err = -EBADFD; 974 break; 975 } 976 977 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 978 hci_dev_put(hdev); 979 err = -EOPNOTSUPP; 980 break; 981 } 982 983 if (!hdev->get_data_path_id) { 984 hci_dev_put(hdev); 985 err = -EOPNOTSUPP; 986 break; 987 } 988 989 if (optlen < sizeof(struct bt_codecs) || 990 optlen > sizeof(buffer)) { 991 hci_dev_put(hdev); 992 err = -EINVAL; 993 break; 994 } 995 996 err = copy_struct_from_sockptr(buffer, sizeof(buffer), optval, 997 optlen); 998 if (err) { 999 hci_dev_put(hdev); 1000 break; 1001 } 1002 1003 codecs = (void *)buffer; 1004 1005 if (codecs->num_codecs > 1) { 1006 hci_dev_put(hdev); 1007 err = -EINVAL; 1008 break; 1009 } 1010 1011 sco_pi(sk)->codec = codecs->codecs[0]; 1012 hci_dev_put(hdev); 1013 break; 1014 1015 default: 1016 err = -ENOPROTOOPT; 1017 break; 1018 } 1019 1020 release_sock(sk); 1021 return err; 1022 } 1023 1024 static int sco_sock_getsockopt_old(struct socket *sock, int optname, 1025 char __user *optval, int __user *optlen) 1026 { 1027 struct sock *sk = sock->sk; 1028 struct sco_options opts; 1029 struct sco_conninfo cinfo; 1030 int err = 0; 1031 size_t len; 1032 1033 BT_DBG("sk %p", sk); 1034 1035 if (get_user(len, optlen)) 1036 return -EFAULT; 1037 1038 lock_sock(sk); 1039 1040 switch (optname) { 1041 case SCO_OPTIONS: 1042 if (sk->sk_state != BT_CONNECTED && 1043 !(sk->sk_state == BT_CONNECT2 && 1044 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1045 err = -ENOTCONN; 1046 break; 1047 } 1048 1049 opts.mtu = sco_pi(sk)->conn->mtu; 1050 1051 BT_DBG("mtu %u", opts.mtu); 1052 1053 len = min(len, sizeof(opts)); 1054 if (copy_to_user(optval, (char *)&opts, len)) 1055 err = -EFAULT; 1056 1057 break; 1058 1059 case SCO_CONNINFO: 1060 if (sk->sk_state != BT_CONNECTED && 1061 !(sk->sk_state == BT_CONNECT2 && 1062 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1063 err = -ENOTCONN; 1064 break; 1065 } 1066 1067 memset(&cinfo, 0, sizeof(cinfo)); 1068 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 1069 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 1070 1071 len = min(len, sizeof(cinfo)); 1072 if (copy_to_user(optval, (char *)&cinfo, len)) 1073 err = -EFAULT; 1074 1075 break; 1076 1077 default: 1078 err = -ENOPROTOOPT; 1079 break; 1080 } 1081 1082 release_sock(sk); 1083 return err; 1084 } 1085 1086 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, 1087 char __user *optval, int __user *optlen) 1088 { 1089 struct sock *sk = sock->sk; 1090 int len, err = 0; 1091 struct bt_voice voice; 1092 u32 phys; 1093 int buf_len; 1094 struct codec_list *c; 1095 u8 num_codecs, i, __user *ptr; 1096 struct hci_dev *hdev; 1097 struct hci_codec_caps *caps; 1098 struct bt_codec codec; 1099 1100 BT_DBG("sk %p", sk); 1101 1102 if (level == SOL_SCO) 1103 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 1104 1105 if (get_user(len, optlen)) 1106 return -EFAULT; 1107 1108 lock_sock(sk); 1109 1110 switch (optname) { 1111 1112 case BT_DEFER_SETUP: 1113 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1114 err = -EINVAL; 1115 break; 1116 } 1117 1118 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1119 (u32 __user *)optval)) 1120 err = -EFAULT; 1121 1122 break; 1123 1124 case BT_VOICE: 1125 voice.setting = sco_pi(sk)->setting; 1126 1127 len = min_t(unsigned int, len, sizeof(voice)); 1128 if (copy_to_user(optval, (char *)&voice, len)) 1129 err = -EFAULT; 1130 1131 break; 1132 1133 case BT_PHY: 1134 if (sk->sk_state != BT_CONNECTED) { 1135 err = -ENOTCONN; 1136 break; 1137 } 1138 1139 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon); 1140 1141 if (put_user(phys, (u32 __user *) optval)) 1142 err = -EFAULT; 1143 break; 1144 1145 case BT_PKT_STATUS: 1146 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags), 1147 (int __user *)optval)) 1148 err = -EFAULT; 1149 break; 1150 1151 case BT_SNDMTU: 1152 case BT_RCVMTU: 1153 if (sk->sk_state != BT_CONNECTED) { 1154 err = -ENOTCONN; 1155 break; 1156 } 1157 1158 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval)) 1159 err = -EFAULT; 1160 break; 1161 1162 case BT_CODEC: 1163 num_codecs = 0; 1164 buf_len = 0; 1165 1166 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 1167 if (!hdev) { 1168 err = -EBADFD; 1169 break; 1170 } 1171 1172 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 1173 hci_dev_put(hdev); 1174 err = -EOPNOTSUPP; 1175 break; 1176 } 1177 1178 if (!hdev->get_data_path_id) { 1179 hci_dev_put(hdev); 1180 err = -EOPNOTSUPP; 1181 break; 1182 } 1183 1184 release_sock(sk); 1185 1186 /* find total buffer size required to copy codec + caps */ 1187 hci_dev_lock(hdev); 1188 list_for_each_entry(c, &hdev->local_codecs, list) { 1189 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1190 continue; 1191 num_codecs++; 1192 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1193 buf_len += 1 + caps->len; 1194 caps = (void *)&caps->data[caps->len]; 1195 } 1196 buf_len += sizeof(struct bt_codec); 1197 } 1198 hci_dev_unlock(hdev); 1199 1200 buf_len += sizeof(struct bt_codecs); 1201 if (buf_len > len) { 1202 hci_dev_put(hdev); 1203 return -ENOBUFS; 1204 } 1205 ptr = optval; 1206 1207 if (put_user(num_codecs, ptr)) { 1208 hci_dev_put(hdev); 1209 return -EFAULT; 1210 } 1211 ptr += sizeof(num_codecs); 1212 1213 /* Iterate all the codecs supported over SCO and populate 1214 * codec data 1215 */ 1216 hci_dev_lock(hdev); 1217 list_for_each_entry(c, &hdev->local_codecs, list) { 1218 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1219 continue; 1220 1221 codec.id = c->id; 1222 codec.cid = c->cid; 1223 codec.vid = c->vid; 1224 err = hdev->get_data_path_id(hdev, &codec.data_path); 1225 if (err < 0) 1226 break; 1227 codec.num_caps = c->num_caps; 1228 if (copy_to_user(ptr, &codec, sizeof(codec))) { 1229 err = -EFAULT; 1230 break; 1231 } 1232 ptr += sizeof(codec); 1233 1234 /* find codec capabilities data length */ 1235 len = 0; 1236 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1237 len += 1 + caps->len; 1238 caps = (void *)&caps->data[caps->len]; 1239 } 1240 1241 /* copy codec capabilities data */ 1242 if (len && copy_to_user(ptr, c->caps, len)) { 1243 err = -EFAULT; 1244 break; 1245 } 1246 ptr += len; 1247 } 1248 1249 hci_dev_unlock(hdev); 1250 hci_dev_put(hdev); 1251 1252 lock_sock(sk); 1253 1254 if (!err && put_user(buf_len, optlen)) 1255 err = -EFAULT; 1256 1257 break; 1258 1259 default: 1260 err = -ENOPROTOOPT; 1261 break; 1262 } 1263 1264 release_sock(sk); 1265 return err; 1266 } 1267 1268 static int sco_sock_shutdown(struct socket *sock, int how) 1269 { 1270 struct sock *sk = sock->sk; 1271 int err = 0; 1272 1273 BT_DBG("sock %p, sk %p", sock, sk); 1274 1275 if (!sk) 1276 return 0; 1277 1278 sock_hold(sk); 1279 lock_sock(sk); 1280 1281 if (!sk->sk_shutdown) { 1282 sk->sk_shutdown = SHUTDOWN_MASK; 1283 sco_sock_clear_timer(sk); 1284 __sco_sock_close(sk); 1285 1286 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1287 !(current->flags & PF_EXITING)) 1288 err = bt_sock_wait_state(sk, BT_CLOSED, 1289 sk->sk_lingertime); 1290 } 1291 1292 release_sock(sk); 1293 sock_put(sk); 1294 1295 return err; 1296 } 1297 1298 static int sco_sock_release(struct socket *sock) 1299 { 1300 struct sock *sk = sock->sk; 1301 int err = 0; 1302 1303 BT_DBG("sock %p, sk %p", sock, sk); 1304 1305 if (!sk) 1306 return 0; 1307 1308 sco_sock_close(sk); 1309 1310 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) && 1311 !(current->flags & PF_EXITING)) { 1312 lock_sock(sk); 1313 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1314 release_sock(sk); 1315 } 1316 1317 sock_orphan(sk); 1318 sco_sock_kill(sk); 1319 return err; 1320 } 1321 1322 static void sco_conn_ready(struct sco_conn *conn) 1323 { 1324 struct sock *parent; 1325 struct sock *sk = conn->sk; 1326 1327 BT_DBG("conn %p", conn); 1328 1329 if (sk) { 1330 lock_sock(sk); 1331 sco_sock_clear_timer(sk); 1332 sk->sk_state = BT_CONNECTED; 1333 sk->sk_state_change(sk); 1334 release_sock(sk); 1335 } else { 1336 sco_conn_lock(conn); 1337 1338 if (!conn->hcon) { 1339 sco_conn_unlock(conn); 1340 return; 1341 } 1342 1343 parent = sco_get_sock_listen(&conn->hcon->src); 1344 if (!parent) { 1345 sco_conn_unlock(conn); 1346 return; 1347 } 1348 1349 lock_sock(parent); 1350 1351 sk = sco_sock_alloc(sock_net(parent), NULL, 1352 BTPROTO_SCO, GFP_ATOMIC, 0); 1353 if (!sk) { 1354 release_sock(parent); 1355 sco_conn_unlock(conn); 1356 return; 1357 } 1358 1359 sco_sock_init(sk, parent); 1360 1361 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1362 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1363 1364 sco_conn_hold(conn); 1365 hci_conn_hold(conn->hcon); 1366 __sco_chan_add(conn, sk, parent); 1367 1368 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1369 sk->sk_state = BT_CONNECT2; 1370 else 1371 sk->sk_state = BT_CONNECTED; 1372 1373 /* Wake up parent */ 1374 parent->sk_data_ready(parent); 1375 1376 release_sock(parent); 1377 1378 sco_conn_unlock(conn); 1379 } 1380 } 1381 1382 /* ----- SCO interface with lower layer (HCI) ----- */ 1383 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1384 { 1385 struct sock *sk; 1386 int lm = 0; 1387 1388 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1389 1390 /* Find listening sockets */ 1391 read_lock(&sco_sk_list.lock); 1392 sk_for_each(sk, &sco_sk_list.head) { 1393 if (sk->sk_state != BT_LISTEN) 1394 continue; 1395 1396 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1397 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1398 lm |= HCI_LM_ACCEPT; 1399 1400 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1401 *flags |= HCI_PROTO_DEFER; 1402 break; 1403 } 1404 } 1405 read_unlock(&sco_sk_list.lock); 1406 1407 return lm; 1408 } 1409 1410 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1411 { 1412 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1413 return; 1414 1415 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status); 1416 1417 if (!status) { 1418 struct sco_conn *conn; 1419 1420 conn = sco_conn_add(hcon); 1421 if (conn) { 1422 sco_conn_ready(conn); 1423 sco_conn_put(conn); 1424 } 1425 } else 1426 sco_conn_del(hcon, bt_to_errno(status)); 1427 } 1428 1429 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1430 { 1431 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1432 return; 1433 1434 BT_DBG("hcon %p reason %d", hcon, reason); 1435 1436 sco_conn_del(hcon, bt_to_errno(reason)); 1437 } 1438 1439 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 1440 { 1441 struct sco_conn *conn = hcon->sco_data; 1442 1443 if (!conn) 1444 goto drop; 1445 1446 BT_DBG("conn %p len %u", conn, skb->len); 1447 1448 if (skb->len) { 1449 sco_recv_frame(conn, skb); 1450 return; 1451 } 1452 1453 drop: 1454 kfree_skb(skb); 1455 } 1456 1457 static struct hci_cb sco_cb = { 1458 .name = "SCO", 1459 .connect_cfm = sco_connect_cfm, 1460 .disconn_cfm = sco_disconn_cfm, 1461 }; 1462 1463 static int sco_debugfs_show(struct seq_file *f, void *p) 1464 { 1465 struct sock *sk; 1466 1467 read_lock(&sco_sk_list.lock); 1468 1469 sk_for_each(sk, &sco_sk_list.head) { 1470 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1471 &sco_pi(sk)->dst, sk->sk_state); 1472 } 1473 1474 read_unlock(&sco_sk_list.lock); 1475 1476 return 0; 1477 } 1478 1479 DEFINE_SHOW_ATTRIBUTE(sco_debugfs); 1480 1481 static struct dentry *sco_debugfs; 1482 1483 static const struct proto_ops sco_sock_ops = { 1484 .family = PF_BLUETOOTH, 1485 .owner = THIS_MODULE, 1486 .release = sco_sock_release, 1487 .bind = sco_sock_bind, 1488 .connect = sco_sock_connect, 1489 .listen = sco_sock_listen, 1490 .accept = sco_sock_accept, 1491 .getname = sco_sock_getname, 1492 .sendmsg = sco_sock_sendmsg, 1493 .recvmsg = sco_sock_recvmsg, 1494 .poll = bt_sock_poll, 1495 .ioctl = bt_sock_ioctl, 1496 .gettstamp = sock_gettstamp, 1497 .mmap = sock_no_mmap, 1498 .socketpair = sock_no_socketpair, 1499 .shutdown = sco_sock_shutdown, 1500 .setsockopt = sco_sock_setsockopt, 1501 .getsockopt = sco_sock_getsockopt 1502 }; 1503 1504 static const struct net_proto_family sco_sock_family_ops = { 1505 .family = PF_BLUETOOTH, 1506 .owner = THIS_MODULE, 1507 .create = sco_sock_create, 1508 }; 1509 1510 int __init sco_init(void) 1511 { 1512 int err; 1513 1514 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1515 1516 err = proto_register(&sco_proto, 0); 1517 if (err < 0) 1518 return err; 1519 1520 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1521 if (err < 0) { 1522 BT_ERR("SCO socket registration failed"); 1523 goto error; 1524 } 1525 1526 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1527 if (err < 0) { 1528 BT_ERR("Failed to create SCO proc file"); 1529 bt_sock_unregister(BTPROTO_SCO); 1530 goto error; 1531 } 1532 1533 BT_INFO("SCO socket layer initialized"); 1534 1535 hci_register_cb(&sco_cb); 1536 1537 if (IS_ERR_OR_NULL(bt_debugfs)) 1538 return 0; 1539 1540 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1541 NULL, &sco_debugfs_fops); 1542 1543 return 0; 1544 1545 error: 1546 proto_unregister(&sco_proto); 1547 return err; 1548 } 1549 1550 void sco_exit(void) 1551 { 1552 bt_procfs_cleanup(&init_net, "sco"); 1553 1554 debugfs_remove(sco_debugfs); 1555 1556 hci_unregister_cb(&sco_cb); 1557 1558 bt_sock_unregister(BTPROTO_SCO); 1559 1560 proto_unregister(&sco_proto); 1561 } 1562 1563 module_param(disable_esco, bool, 0644); 1564 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1565