xref: /linux/net/bluetooth/sco.c (revision 00a6d7b6762c27d441e9ac8faff36384bc0fc180)
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4 
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6 
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10 
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24 
25 /* Bluetooth SCO sockets. */
26 
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 
31 #include <net/bluetooth/bluetooth.h>
32 #include <net/bluetooth/hci_core.h>
33 #include <net/bluetooth/sco.h>
34 
35 static bool disable_esco;
36 
37 static const struct proto_ops sco_sock_ops;
38 
39 static struct bt_sock_list sco_sk_list = {
40 	.lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
41 };
42 
43 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent);
44 static void sco_chan_del(struct sock *sk, int err);
45 
46 static void sco_sock_close(struct sock *sk);
47 static void sco_sock_kill(struct sock *sk);
48 
49 /* ---- SCO timers ---- */
50 static void sco_sock_timeout(unsigned long arg)
51 {
52 	struct sock *sk = (struct sock *) arg;
53 
54 	BT_DBG("sock %p state %d", sk, sk->sk_state);
55 
56 	bh_lock_sock(sk);
57 	sk->sk_err = ETIMEDOUT;
58 	sk->sk_state_change(sk);
59 	bh_unlock_sock(sk);
60 
61 	sco_sock_kill(sk);
62 	sock_put(sk);
63 }
64 
65 static void sco_sock_set_timer(struct sock *sk, long timeout)
66 {
67 	BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
68 	sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
69 }
70 
71 static void sco_sock_clear_timer(struct sock *sk)
72 {
73 	BT_DBG("sock %p state %d", sk, sk->sk_state);
74 	sk_stop_timer(sk, &sk->sk_timer);
75 }
76 
77 /* ---- SCO connections ---- */
78 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
79 {
80 	struct hci_dev *hdev = hcon->hdev;
81 	struct sco_conn *conn = hcon->sco_data;
82 
83 	if (conn)
84 		return conn;
85 
86 	conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
87 	if (!conn)
88 		return NULL;
89 
90 	spin_lock_init(&conn->lock);
91 
92 	hcon->sco_data = conn;
93 	conn->hcon = hcon;
94 
95 	if (hdev->sco_mtu > 0)
96 		conn->mtu = hdev->sco_mtu;
97 	else
98 		conn->mtu = 60;
99 
100 	BT_DBG("hcon %p conn %p", hcon, conn);
101 
102 	return conn;
103 }
104 
105 static struct sock *sco_chan_get(struct sco_conn *conn)
106 {
107 	struct sock *sk = NULL;
108 	sco_conn_lock(conn);
109 	sk = conn->sk;
110 	sco_conn_unlock(conn);
111 	return sk;
112 }
113 
114 static int sco_conn_del(struct hci_conn *hcon, int err)
115 {
116 	struct sco_conn *conn = hcon->sco_data;
117 	struct sock *sk;
118 
119 	if (!conn)
120 		return 0;
121 
122 	BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
123 
124 	/* Kill socket */
125 	sk = sco_chan_get(conn);
126 	if (sk) {
127 		bh_lock_sock(sk);
128 		sco_sock_clear_timer(sk);
129 		sco_chan_del(sk, err);
130 		bh_unlock_sock(sk);
131 		sco_sock_kill(sk);
132 	}
133 
134 	hcon->sco_data = NULL;
135 	kfree(conn);
136 	return 0;
137 }
138 
139 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
140 			struct sock *parent)
141 {
142 	int err = 0;
143 
144 	sco_conn_lock(conn);
145 	if (conn->sk)
146 		err = -EBUSY;
147 	else
148 		__sco_chan_add(conn, sk, parent);
149 
150 	sco_conn_unlock(conn);
151 	return err;
152 }
153 
154 static int sco_connect(struct sock *sk)
155 {
156 	struct sco_conn *conn;
157 	struct hci_conn *hcon;
158 	struct hci_dev  *hdev;
159 	int err, type;
160 
161 	BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
162 
163 	hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src);
164 	if (!hdev)
165 		return -EHOSTUNREACH;
166 
167 	hci_dev_lock(hdev);
168 
169 	if (lmp_esco_capable(hdev) && !disable_esco)
170 		type = ESCO_LINK;
171 	else
172 		type = SCO_LINK;
173 
174 	if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
175 	    (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
176 		err = -EOPNOTSUPP;
177 		goto done;
178 	}
179 
180 	hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
181 			       sco_pi(sk)->setting);
182 	if (IS_ERR(hcon)) {
183 		err = PTR_ERR(hcon);
184 		goto done;
185 	}
186 
187 	conn = sco_conn_add(hcon);
188 	if (!conn) {
189 		hci_conn_drop(hcon);
190 		err = -ENOMEM;
191 		goto done;
192 	}
193 
194 	/* Update source addr of the socket */
195 	bacpy(&sco_pi(sk)->src, &hcon->src);
196 
197 	err = sco_chan_add(conn, sk, NULL);
198 	if (err)
199 		goto done;
200 
201 	if (hcon->state == BT_CONNECTED) {
202 		sco_sock_clear_timer(sk);
203 		sk->sk_state = BT_CONNECTED;
204 	} else {
205 		sk->sk_state = BT_CONNECT;
206 		sco_sock_set_timer(sk, sk->sk_sndtimeo);
207 	}
208 
209 done:
210 	hci_dev_unlock(hdev);
211 	hci_dev_put(hdev);
212 	return err;
213 }
214 
215 static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
216 {
217 	struct sco_conn *conn = sco_pi(sk)->conn;
218 	struct sk_buff *skb;
219 	int err;
220 
221 	/* Check outgoing MTU */
222 	if (len > conn->mtu)
223 		return -EINVAL;
224 
225 	BT_DBG("sk %p len %d", sk, len);
226 
227 	skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
228 	if (!skb)
229 		return err;
230 
231 	if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
232 		kfree_skb(skb);
233 		return -EFAULT;
234 	}
235 
236 	hci_send_sco(conn->hcon, skb);
237 
238 	return len;
239 }
240 
241 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
242 {
243 	struct sock *sk = sco_chan_get(conn);
244 
245 	if (!sk)
246 		goto drop;
247 
248 	BT_DBG("sk %p len %d", sk, skb->len);
249 
250 	if (sk->sk_state != BT_CONNECTED)
251 		goto drop;
252 
253 	if (!sock_queue_rcv_skb(sk, skb))
254 		return;
255 
256 drop:
257 	kfree_skb(skb);
258 }
259 
260 /* -------- Socket interface ---------- */
261 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
262 {
263 	struct sock *sk;
264 
265 	sk_for_each(sk, &sco_sk_list.head) {
266 		if (sk->sk_state != BT_LISTEN)
267 			continue;
268 
269 		if (!bacmp(&sco_pi(sk)->src, ba))
270 			return sk;
271 	}
272 
273 	return NULL;
274 }
275 
276 /* Find socket listening on source bdaddr.
277  * Returns closest match.
278  */
279 static struct sock *sco_get_sock_listen(bdaddr_t *src)
280 {
281 	struct sock *sk = NULL, *sk1 = NULL;
282 
283 	read_lock(&sco_sk_list.lock);
284 
285 	sk_for_each(sk, &sco_sk_list.head) {
286 		if (sk->sk_state != BT_LISTEN)
287 			continue;
288 
289 		/* Exact match. */
290 		if (!bacmp(&sco_pi(sk)->src, src))
291 			break;
292 
293 		/* Closest match */
294 		if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
295 			sk1 = sk;
296 	}
297 
298 	read_unlock(&sco_sk_list.lock);
299 
300 	return sk ? sk : sk1;
301 }
302 
303 static void sco_sock_destruct(struct sock *sk)
304 {
305 	BT_DBG("sk %p", sk);
306 
307 	skb_queue_purge(&sk->sk_receive_queue);
308 	skb_queue_purge(&sk->sk_write_queue);
309 }
310 
311 static void sco_sock_cleanup_listen(struct sock *parent)
312 {
313 	struct sock *sk;
314 
315 	BT_DBG("parent %p", parent);
316 
317 	/* Close not yet accepted channels */
318 	while ((sk = bt_accept_dequeue(parent, NULL))) {
319 		sco_sock_close(sk);
320 		sco_sock_kill(sk);
321 	}
322 
323 	parent->sk_state  = BT_CLOSED;
324 	sock_set_flag(parent, SOCK_ZAPPED);
325 }
326 
327 /* Kill socket (only if zapped and orphan)
328  * Must be called on unlocked socket.
329  */
330 static void sco_sock_kill(struct sock *sk)
331 {
332 	if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
333 		return;
334 
335 	BT_DBG("sk %p state %d", sk, sk->sk_state);
336 
337 	/* Kill poor orphan */
338 	bt_sock_unlink(&sco_sk_list, sk);
339 	sock_set_flag(sk, SOCK_DEAD);
340 	sock_put(sk);
341 }
342 
343 static void __sco_sock_close(struct sock *sk)
344 {
345 	BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
346 
347 	switch (sk->sk_state) {
348 	case BT_LISTEN:
349 		sco_sock_cleanup_listen(sk);
350 		break;
351 
352 	case BT_CONNECTED:
353 	case BT_CONFIG:
354 		if (sco_pi(sk)->conn->hcon) {
355 			sk->sk_state = BT_DISCONN;
356 			sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
357 			hci_conn_drop(sco_pi(sk)->conn->hcon);
358 			sco_pi(sk)->conn->hcon = NULL;
359 		} else
360 			sco_chan_del(sk, ECONNRESET);
361 		break;
362 
363 	case BT_CONNECT2:
364 	case BT_CONNECT:
365 	case BT_DISCONN:
366 		sco_chan_del(sk, ECONNRESET);
367 		break;
368 
369 	default:
370 		sock_set_flag(sk, SOCK_ZAPPED);
371 		break;
372 	}
373 }
374 
375 /* Must be called on unlocked socket. */
376 static void sco_sock_close(struct sock *sk)
377 {
378 	sco_sock_clear_timer(sk);
379 	lock_sock(sk);
380 	__sco_sock_close(sk);
381 	release_sock(sk);
382 	sco_sock_kill(sk);
383 }
384 
385 static void sco_sock_init(struct sock *sk, struct sock *parent)
386 {
387 	BT_DBG("sk %p", sk);
388 
389 	if (parent) {
390 		sk->sk_type = parent->sk_type;
391 		bt_sk(sk)->flags = bt_sk(parent)->flags;
392 		security_sk_clone(parent, sk);
393 	}
394 }
395 
396 static struct proto sco_proto = {
397 	.name		= "SCO",
398 	.owner		= THIS_MODULE,
399 	.obj_size	= sizeof(struct sco_pinfo)
400 };
401 
402 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
403 {
404 	struct sock *sk;
405 
406 	sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto);
407 	if (!sk)
408 		return NULL;
409 
410 	sock_init_data(sock, sk);
411 	INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
412 
413 	sk->sk_destruct = sco_sock_destruct;
414 	sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
415 
416 	sock_reset_flag(sk, SOCK_ZAPPED);
417 
418 	sk->sk_protocol = proto;
419 	sk->sk_state    = BT_OPEN;
420 
421 	sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
422 
423 	setup_timer(&sk->sk_timer, sco_sock_timeout, (unsigned long)sk);
424 
425 	bt_sock_link(&sco_sk_list, sk);
426 	return sk;
427 }
428 
429 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
430 			   int kern)
431 {
432 	struct sock *sk;
433 
434 	BT_DBG("sock %p", sock);
435 
436 	sock->state = SS_UNCONNECTED;
437 
438 	if (sock->type != SOCK_SEQPACKET)
439 		return -ESOCKTNOSUPPORT;
440 
441 	sock->ops = &sco_sock_ops;
442 
443 	sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC);
444 	if (!sk)
445 		return -ENOMEM;
446 
447 	sco_sock_init(sk, NULL);
448 	return 0;
449 }
450 
451 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
452 {
453 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
454 	struct sock *sk = sock->sk;
455 	int err = 0;
456 
457 	BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
458 
459 	if (!addr || addr->sa_family != AF_BLUETOOTH)
460 		return -EINVAL;
461 
462 	lock_sock(sk);
463 
464 	if (sk->sk_state != BT_OPEN) {
465 		err = -EBADFD;
466 		goto done;
467 	}
468 
469 	if (sk->sk_type != SOCK_SEQPACKET) {
470 		err = -EINVAL;
471 		goto done;
472 	}
473 
474 	bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
475 
476 	sk->sk_state = BT_BOUND;
477 
478 done:
479 	release_sock(sk);
480 	return err;
481 }
482 
483 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
484 {
485 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
486 	struct sock *sk = sock->sk;
487 	int err;
488 
489 	BT_DBG("sk %p", sk);
490 
491 	if (alen < sizeof(struct sockaddr_sco) ||
492 	    addr->sa_family != AF_BLUETOOTH)
493 		return -EINVAL;
494 
495 	if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
496 		return -EBADFD;
497 
498 	if (sk->sk_type != SOCK_SEQPACKET)
499 		return -EINVAL;
500 
501 	lock_sock(sk);
502 
503 	/* Set destination address and psm */
504 	bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
505 
506 	err = sco_connect(sk);
507 	if (err)
508 		goto done;
509 
510 	err = bt_sock_wait_state(sk, BT_CONNECTED,
511 				 sock_sndtimeo(sk, flags & O_NONBLOCK));
512 
513 done:
514 	release_sock(sk);
515 	return err;
516 }
517 
518 static int sco_sock_listen(struct socket *sock, int backlog)
519 {
520 	struct sock *sk = sock->sk;
521 	bdaddr_t *src = &sco_pi(sk)->src;
522 	int err = 0;
523 
524 	BT_DBG("sk %p backlog %d", sk, backlog);
525 
526 	lock_sock(sk);
527 
528 	if (sk->sk_state != BT_BOUND) {
529 		err = -EBADFD;
530 		goto done;
531 	}
532 
533 	if (sk->sk_type != SOCK_SEQPACKET) {
534 		err = -EINVAL;
535 		goto done;
536 	}
537 
538 	write_lock(&sco_sk_list.lock);
539 
540 	if (__sco_get_sock_listen_by_addr(src)) {
541 		err = -EADDRINUSE;
542 		goto unlock;
543 	}
544 
545 	sk->sk_max_ack_backlog = backlog;
546 	sk->sk_ack_backlog = 0;
547 
548 	sk->sk_state = BT_LISTEN;
549 
550 unlock:
551 	write_unlock(&sco_sk_list.lock);
552 
553 done:
554 	release_sock(sk);
555 	return err;
556 }
557 
558 static int sco_sock_accept(struct socket *sock, struct socket *newsock, int flags)
559 {
560 	DECLARE_WAITQUEUE(wait, current);
561 	struct sock *sk = sock->sk, *ch;
562 	long timeo;
563 	int err = 0;
564 
565 	lock_sock(sk);
566 
567 	timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
568 
569 	BT_DBG("sk %p timeo %ld", sk, timeo);
570 
571 	/* Wait for an incoming connection. (wake-one). */
572 	add_wait_queue_exclusive(sk_sleep(sk), &wait);
573 	while (1) {
574 		set_current_state(TASK_INTERRUPTIBLE);
575 
576 		if (sk->sk_state != BT_LISTEN) {
577 			err = -EBADFD;
578 			break;
579 		}
580 
581 		ch = bt_accept_dequeue(sk, newsock);
582 		if (ch)
583 			break;
584 
585 		if (!timeo) {
586 			err = -EAGAIN;
587 			break;
588 		}
589 
590 		if (signal_pending(current)) {
591 			err = sock_intr_errno(timeo);
592 			break;
593 		}
594 
595 		release_sock(sk);
596 		timeo = schedule_timeout(timeo);
597 		lock_sock(sk);
598 	}
599 	__set_current_state(TASK_RUNNING);
600 	remove_wait_queue(sk_sleep(sk), &wait);
601 
602 	if (err)
603 		goto done;
604 
605 	newsock->state = SS_CONNECTED;
606 
607 	BT_DBG("new socket %p", ch);
608 
609 done:
610 	release_sock(sk);
611 	return err;
612 }
613 
614 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
615 {
616 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
617 	struct sock *sk = sock->sk;
618 
619 	BT_DBG("sock %p, sk %p", sock, sk);
620 
621 	addr->sa_family = AF_BLUETOOTH;
622 	*len = sizeof(struct sockaddr_sco);
623 
624 	if (peer)
625 		bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
626 	else
627 		bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
628 
629 	return 0;
630 }
631 
632 static int sco_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
633 			    struct msghdr *msg, size_t len)
634 {
635 	struct sock *sk = sock->sk;
636 	int err;
637 
638 	BT_DBG("sock %p, sk %p", sock, sk);
639 
640 	err = sock_error(sk);
641 	if (err)
642 		return err;
643 
644 	if (msg->msg_flags & MSG_OOB)
645 		return -EOPNOTSUPP;
646 
647 	lock_sock(sk);
648 
649 	if (sk->sk_state == BT_CONNECTED)
650 		err = sco_send_frame(sk, msg, len);
651 	else
652 		err = -ENOTCONN;
653 
654 	release_sock(sk);
655 	return err;
656 }
657 
658 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
659 {
660 	struct hci_dev *hdev = conn->hdev;
661 
662 	BT_DBG("conn %p", conn);
663 
664 	conn->state = BT_CONFIG;
665 
666 	if (!lmp_esco_capable(hdev)) {
667 		struct hci_cp_accept_conn_req cp;
668 
669 		bacpy(&cp.bdaddr, &conn->dst);
670 		cp.role = 0x00; /* Ignored */
671 
672 		hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
673 	} else {
674 		struct hci_cp_accept_sync_conn_req cp;
675 
676 		bacpy(&cp.bdaddr, &conn->dst);
677 		cp.pkt_type = cpu_to_le16(conn->pkt_type);
678 
679 		cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
680 		cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
681 		cp.content_format = cpu_to_le16(setting);
682 
683 		switch (setting & SCO_AIRMODE_MASK) {
684 		case SCO_AIRMODE_TRANSP:
685 			if (conn->pkt_type & ESCO_2EV3)
686 				cp.max_latency = cpu_to_le16(0x0008);
687 			else
688 				cp.max_latency = cpu_to_le16(0x000D);
689 			cp.retrans_effort = 0x02;
690 			break;
691 		case SCO_AIRMODE_CVSD:
692 			cp.max_latency = cpu_to_le16(0xffff);
693 			cp.retrans_effort = 0xff;
694 			break;
695 		}
696 
697 		hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
698 			     sizeof(cp), &cp);
699 	}
700 }
701 
702 static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
703 			    struct msghdr *msg, size_t len, int flags)
704 {
705 	struct sock *sk = sock->sk;
706 	struct sco_pinfo *pi = sco_pi(sk);
707 
708 	lock_sock(sk);
709 
710 	if (sk->sk_state == BT_CONNECT2 &&
711 	    test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
712 		sco_conn_defer_accept(pi->conn->hcon, pi->setting);
713 		sk->sk_state = BT_CONFIG;
714 
715 		release_sock(sk);
716 		return 0;
717 	}
718 
719 	release_sock(sk);
720 
721 	return bt_sock_recvmsg(iocb, sock, msg, len, flags);
722 }
723 
724 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
725 {
726 	struct sock *sk = sock->sk;
727 	int len, err = 0;
728 	struct bt_voice voice;
729 	u32 opt;
730 
731 	BT_DBG("sk %p", sk);
732 
733 	lock_sock(sk);
734 
735 	switch (optname) {
736 
737 	case BT_DEFER_SETUP:
738 		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
739 			err = -EINVAL;
740 			break;
741 		}
742 
743 		if (get_user(opt, (u32 __user *) optval)) {
744 			err = -EFAULT;
745 			break;
746 		}
747 
748 		if (opt)
749 			set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
750 		else
751 			clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
752 		break;
753 
754 	case BT_VOICE:
755 		if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
756 		    sk->sk_state != BT_CONNECT2) {
757 			err = -EINVAL;
758 			break;
759 		}
760 
761 		voice.setting = sco_pi(sk)->setting;
762 
763 		len = min_t(unsigned int, sizeof(voice), optlen);
764 		if (copy_from_user((char *) &voice, optval, len)) {
765 			err = -EFAULT;
766 			break;
767 		}
768 
769 		/* Explicitly check for these values */
770 		if (voice.setting != BT_VOICE_TRANSPARENT &&
771 		    voice.setting != BT_VOICE_CVSD_16BIT) {
772 			err = -EINVAL;
773 			break;
774 		}
775 
776 		sco_pi(sk)->setting = voice.setting;
777 		break;
778 
779 	default:
780 		err = -ENOPROTOOPT;
781 		break;
782 	}
783 
784 	release_sock(sk);
785 	return err;
786 }
787 
788 static int sco_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
789 {
790 	struct sock *sk = sock->sk;
791 	struct sco_options opts;
792 	struct sco_conninfo cinfo;
793 	int len, err = 0;
794 
795 	BT_DBG("sk %p", sk);
796 
797 	if (get_user(len, optlen))
798 		return -EFAULT;
799 
800 	lock_sock(sk);
801 
802 	switch (optname) {
803 	case SCO_OPTIONS:
804 		if (sk->sk_state != BT_CONNECTED &&
805 		    !(sk->sk_state == BT_CONNECT2 &&
806 		      test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
807 			err = -ENOTCONN;
808 			break;
809 		}
810 
811 		opts.mtu = sco_pi(sk)->conn->mtu;
812 
813 		BT_DBG("mtu %d", opts.mtu);
814 
815 		len = min_t(unsigned int, len, sizeof(opts));
816 		if (copy_to_user(optval, (char *)&opts, len))
817 			err = -EFAULT;
818 
819 		break;
820 
821 	case SCO_CONNINFO:
822 		if (sk->sk_state != BT_CONNECTED &&
823 		    !(sk->sk_state == BT_CONNECT2 &&
824 		      test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
825 			err = -ENOTCONN;
826 			break;
827 		}
828 
829 		memset(&cinfo, 0, sizeof(cinfo));
830 		cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
831 		memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
832 
833 		len = min_t(unsigned int, len, sizeof(cinfo));
834 		if (copy_to_user(optval, (char *)&cinfo, len))
835 			err = -EFAULT;
836 
837 		break;
838 
839 	default:
840 		err = -ENOPROTOOPT;
841 		break;
842 	}
843 
844 	release_sock(sk);
845 	return err;
846 }
847 
848 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
849 {
850 	struct sock *sk = sock->sk;
851 	int len, err = 0;
852 	struct bt_voice voice;
853 
854 	BT_DBG("sk %p", sk);
855 
856 	if (level == SOL_SCO)
857 		return sco_sock_getsockopt_old(sock, optname, optval, optlen);
858 
859 	if (get_user(len, optlen))
860 		return -EFAULT;
861 
862 	lock_sock(sk);
863 
864 	switch (optname) {
865 
866 	case BT_DEFER_SETUP:
867 		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
868 			err = -EINVAL;
869 			break;
870 		}
871 
872 		if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
873 			     (u32 __user *) optval))
874 			err = -EFAULT;
875 
876 		break;
877 
878 	case BT_VOICE:
879 		voice.setting = sco_pi(sk)->setting;
880 
881 		len = min_t(unsigned int, len, sizeof(voice));
882 		if (copy_to_user(optval, (char *)&voice, len))
883 			err = -EFAULT;
884 
885 		break;
886 
887 	default:
888 		err = -ENOPROTOOPT;
889 		break;
890 	}
891 
892 	release_sock(sk);
893 	return err;
894 }
895 
896 static int sco_sock_shutdown(struct socket *sock, int how)
897 {
898 	struct sock *sk = sock->sk;
899 	int err = 0;
900 
901 	BT_DBG("sock %p, sk %p", sock, sk);
902 
903 	if (!sk)
904 		return 0;
905 
906 	lock_sock(sk);
907 	if (!sk->sk_shutdown) {
908 		sk->sk_shutdown = SHUTDOWN_MASK;
909 		sco_sock_clear_timer(sk);
910 		__sco_sock_close(sk);
911 
912 		if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
913 			err = bt_sock_wait_state(sk, BT_CLOSED,
914 						 sk->sk_lingertime);
915 	}
916 	release_sock(sk);
917 	return err;
918 }
919 
920 static int sco_sock_release(struct socket *sock)
921 {
922 	struct sock *sk = sock->sk;
923 	int err = 0;
924 
925 	BT_DBG("sock %p, sk %p", sock, sk);
926 
927 	if (!sk)
928 		return 0;
929 
930 	sco_sock_close(sk);
931 
932 	if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) {
933 		lock_sock(sk);
934 		err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
935 		release_sock(sk);
936 	}
937 
938 	sock_orphan(sk);
939 	sco_sock_kill(sk);
940 	return err;
941 }
942 
943 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent)
944 {
945 	BT_DBG("conn %p", conn);
946 
947 	sco_pi(sk)->conn = conn;
948 	conn->sk = sk;
949 
950 	if (parent)
951 		bt_accept_enqueue(parent, sk);
952 }
953 
954 /* Delete channel.
955  * Must be called on the locked socket. */
956 static void sco_chan_del(struct sock *sk, int err)
957 {
958 	struct sco_conn *conn;
959 
960 	conn = sco_pi(sk)->conn;
961 
962 	BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
963 
964 	if (conn) {
965 		sco_conn_lock(conn);
966 		conn->sk = NULL;
967 		sco_pi(sk)->conn = NULL;
968 		sco_conn_unlock(conn);
969 
970 		if (conn->hcon)
971 			hci_conn_drop(conn->hcon);
972 	}
973 
974 	sk->sk_state = BT_CLOSED;
975 	sk->sk_err   = err;
976 	sk->sk_state_change(sk);
977 
978 	sock_set_flag(sk, SOCK_ZAPPED);
979 }
980 
981 static void sco_conn_ready(struct sco_conn *conn)
982 {
983 	struct sock *parent;
984 	struct sock *sk = conn->sk;
985 
986 	BT_DBG("conn %p", conn);
987 
988 	if (sk) {
989 		sco_sock_clear_timer(sk);
990 		bh_lock_sock(sk);
991 		sk->sk_state = BT_CONNECTED;
992 		sk->sk_state_change(sk);
993 		bh_unlock_sock(sk);
994 	} else {
995 		sco_conn_lock(conn);
996 
997 		parent = sco_get_sock_listen(&conn->hcon->src);
998 		if (!parent) {
999 			sco_conn_unlock(conn);
1000 			return;
1001 		}
1002 
1003 		bh_lock_sock(parent);
1004 
1005 		sk = sco_sock_alloc(sock_net(parent), NULL,
1006 				    BTPROTO_SCO, GFP_ATOMIC);
1007 		if (!sk) {
1008 			bh_unlock_sock(parent);
1009 			sco_conn_unlock(conn);
1010 			return;
1011 		}
1012 
1013 		sco_sock_init(sk, parent);
1014 
1015 		bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1016 		bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1017 
1018 		hci_conn_hold(conn->hcon);
1019 		__sco_chan_add(conn, sk, parent);
1020 
1021 		if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1022 			sk->sk_state = BT_CONNECT2;
1023 		else
1024 			sk->sk_state = BT_CONNECTED;
1025 
1026 		/* Wake up parent */
1027 		parent->sk_data_ready(parent);
1028 
1029 		bh_unlock_sock(parent);
1030 
1031 		sco_conn_unlock(conn);
1032 	}
1033 }
1034 
1035 /* ----- SCO interface with lower layer (HCI) ----- */
1036 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1037 {
1038 	struct sock *sk;
1039 	int lm = 0;
1040 
1041 	BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1042 
1043 	/* Find listening sockets */
1044 	read_lock(&sco_sk_list.lock);
1045 	sk_for_each(sk, &sco_sk_list.head) {
1046 		if (sk->sk_state != BT_LISTEN)
1047 			continue;
1048 
1049 		if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1050 		    !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1051 			lm |= HCI_LM_ACCEPT;
1052 
1053 			if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1054 				*flags |= HCI_PROTO_DEFER;
1055 			break;
1056 		}
1057 	}
1058 	read_unlock(&sco_sk_list.lock);
1059 
1060 	return lm;
1061 }
1062 
1063 void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1064 {
1065 	BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1066 	if (!status) {
1067 		struct sco_conn *conn;
1068 
1069 		conn = sco_conn_add(hcon);
1070 		if (conn)
1071 			sco_conn_ready(conn);
1072 	} else
1073 		sco_conn_del(hcon, bt_to_errno(status));
1074 }
1075 
1076 void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1077 {
1078 	BT_DBG("hcon %p reason %d", hcon, reason);
1079 
1080 	sco_conn_del(hcon, bt_to_errno(reason));
1081 }
1082 
1083 int sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1084 {
1085 	struct sco_conn *conn = hcon->sco_data;
1086 
1087 	if (!conn)
1088 		goto drop;
1089 
1090 	BT_DBG("conn %p len %d", conn, skb->len);
1091 
1092 	if (skb->len) {
1093 		sco_recv_frame(conn, skb);
1094 		return 0;
1095 	}
1096 
1097 drop:
1098 	kfree_skb(skb);
1099 	return 0;
1100 }
1101 
1102 static int sco_debugfs_show(struct seq_file *f, void *p)
1103 {
1104 	struct sock *sk;
1105 
1106 	read_lock(&sco_sk_list.lock);
1107 
1108 	sk_for_each(sk, &sco_sk_list.head) {
1109 		seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1110 			   &sco_pi(sk)->dst, sk->sk_state);
1111 	}
1112 
1113 	read_unlock(&sco_sk_list.lock);
1114 
1115 	return 0;
1116 }
1117 
1118 static int sco_debugfs_open(struct inode *inode, struct file *file)
1119 {
1120 	return single_open(file, sco_debugfs_show, inode->i_private);
1121 }
1122 
1123 static const struct file_operations sco_debugfs_fops = {
1124 	.open		= sco_debugfs_open,
1125 	.read		= seq_read,
1126 	.llseek		= seq_lseek,
1127 	.release	= single_release,
1128 };
1129 
1130 static struct dentry *sco_debugfs;
1131 
1132 static const struct proto_ops sco_sock_ops = {
1133 	.family		= PF_BLUETOOTH,
1134 	.owner		= THIS_MODULE,
1135 	.release	= sco_sock_release,
1136 	.bind		= sco_sock_bind,
1137 	.connect	= sco_sock_connect,
1138 	.listen		= sco_sock_listen,
1139 	.accept		= sco_sock_accept,
1140 	.getname	= sco_sock_getname,
1141 	.sendmsg	= sco_sock_sendmsg,
1142 	.recvmsg	= sco_sock_recvmsg,
1143 	.poll		= bt_sock_poll,
1144 	.ioctl		= bt_sock_ioctl,
1145 	.mmap		= sock_no_mmap,
1146 	.socketpair	= sock_no_socketpair,
1147 	.shutdown	= sco_sock_shutdown,
1148 	.setsockopt	= sco_sock_setsockopt,
1149 	.getsockopt	= sco_sock_getsockopt
1150 };
1151 
1152 static const struct net_proto_family sco_sock_family_ops = {
1153 	.family	= PF_BLUETOOTH,
1154 	.owner	= THIS_MODULE,
1155 	.create	= sco_sock_create,
1156 };
1157 
1158 int __init sco_init(void)
1159 {
1160 	int err;
1161 
1162 	err = proto_register(&sco_proto, 0);
1163 	if (err < 0)
1164 		return err;
1165 
1166 	err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1167 	if (err < 0) {
1168 		BT_ERR("SCO socket registration failed");
1169 		goto error;
1170 	}
1171 
1172 	err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1173 	if (err < 0) {
1174 		BT_ERR("Failed to create SCO proc file");
1175 		bt_sock_unregister(BTPROTO_SCO);
1176 		goto error;
1177 	}
1178 
1179 	BT_INFO("SCO socket layer initialized");
1180 
1181 	if (IS_ERR_OR_NULL(bt_debugfs))
1182 		return 0;
1183 
1184 	sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1185 					  NULL, &sco_debugfs_fops);
1186 
1187 	return 0;
1188 
1189 error:
1190 	proto_unregister(&sco_proto);
1191 	return err;
1192 }
1193 
1194 void __exit sco_exit(void)
1195 {
1196 	bt_procfs_cleanup(&init_net, "sco");
1197 
1198 	debugfs_remove(sco_debugfs);
1199 
1200 	bt_sock_unregister(BTPROTO_SCO);
1201 
1202 	proto_unregister(&sco_proto);
1203 }
1204 
1205 module_param(disable_esco, bool, 0644);
1206 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1207