xref: /linux/net/bluetooth/sco.c (revision 0883c2c06fb5bcf5b9e008270827e63c09a88c1e)
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4 
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6 
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10 
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24 
25 /* Bluetooth SCO sockets. */
26 
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 
31 #include <net/bluetooth/bluetooth.h>
32 #include <net/bluetooth/hci_core.h>
33 #include <net/bluetooth/sco.h>
34 
35 static bool disable_esco;
36 
37 static const struct proto_ops sco_sock_ops;
38 
39 static struct bt_sock_list sco_sk_list = {
40 	.lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
41 };
42 
43 /* ---- SCO connections ---- */
44 struct sco_conn {
45 	struct hci_conn	*hcon;
46 
47 	spinlock_t	lock;
48 	struct sock	*sk;
49 
50 	unsigned int    mtu;
51 };
52 
53 #define sco_conn_lock(c)	spin_lock(&c->lock);
54 #define sco_conn_unlock(c)	spin_unlock(&c->lock);
55 
56 static void sco_sock_close(struct sock *sk);
57 static void sco_sock_kill(struct sock *sk);
58 
59 /* ----- SCO socket info ----- */
60 #define sco_pi(sk) ((struct sco_pinfo *) sk)
61 
62 struct sco_pinfo {
63 	struct bt_sock	bt;
64 	bdaddr_t	src;
65 	bdaddr_t	dst;
66 	__u32		flags;
67 	__u16		setting;
68 	struct sco_conn	*conn;
69 };
70 
71 /* ---- SCO timers ---- */
72 #define SCO_CONN_TIMEOUT	(HZ * 40)
73 #define SCO_DISCONN_TIMEOUT	(HZ * 2)
74 
75 static void sco_sock_timeout(unsigned long arg)
76 {
77 	struct sock *sk = (struct sock *)arg;
78 
79 	BT_DBG("sock %p state %d", sk, sk->sk_state);
80 
81 	bh_lock_sock(sk);
82 	sk->sk_err = ETIMEDOUT;
83 	sk->sk_state_change(sk);
84 	bh_unlock_sock(sk);
85 
86 	sco_sock_kill(sk);
87 	sock_put(sk);
88 }
89 
90 static void sco_sock_set_timer(struct sock *sk, long timeout)
91 {
92 	BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
93 	sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
94 }
95 
96 static void sco_sock_clear_timer(struct sock *sk)
97 {
98 	BT_DBG("sock %p state %d", sk, sk->sk_state);
99 	sk_stop_timer(sk, &sk->sk_timer);
100 }
101 
102 /* ---- SCO connections ---- */
103 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
104 {
105 	struct hci_dev *hdev = hcon->hdev;
106 	struct sco_conn *conn = hcon->sco_data;
107 
108 	if (conn)
109 		return conn;
110 
111 	conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
112 	if (!conn)
113 		return NULL;
114 
115 	spin_lock_init(&conn->lock);
116 
117 	hcon->sco_data = conn;
118 	conn->hcon = hcon;
119 
120 	if (hdev->sco_mtu > 0)
121 		conn->mtu = hdev->sco_mtu;
122 	else
123 		conn->mtu = 60;
124 
125 	BT_DBG("hcon %p conn %p", hcon, conn);
126 
127 	return conn;
128 }
129 
130 /* Delete channel.
131  * Must be called on the locked socket. */
132 static void sco_chan_del(struct sock *sk, int err)
133 {
134 	struct sco_conn *conn;
135 
136 	conn = sco_pi(sk)->conn;
137 
138 	BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
139 
140 	if (conn) {
141 		sco_conn_lock(conn);
142 		conn->sk = NULL;
143 		sco_pi(sk)->conn = NULL;
144 		sco_conn_unlock(conn);
145 
146 		if (conn->hcon)
147 			hci_conn_drop(conn->hcon);
148 	}
149 
150 	sk->sk_state = BT_CLOSED;
151 	sk->sk_err   = err;
152 	sk->sk_state_change(sk);
153 
154 	sock_set_flag(sk, SOCK_ZAPPED);
155 }
156 
157 static void sco_conn_del(struct hci_conn *hcon, int err)
158 {
159 	struct sco_conn *conn = hcon->sco_data;
160 	struct sock *sk;
161 
162 	if (!conn)
163 		return;
164 
165 	BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
166 
167 	/* Kill socket */
168 	sco_conn_lock(conn);
169 	sk = conn->sk;
170 	sco_conn_unlock(conn);
171 
172 	if (sk) {
173 		sock_hold(sk);
174 		bh_lock_sock(sk);
175 		sco_sock_clear_timer(sk);
176 		sco_chan_del(sk, err);
177 		bh_unlock_sock(sk);
178 		sco_sock_kill(sk);
179 		sock_put(sk);
180 	}
181 
182 	hcon->sco_data = NULL;
183 	kfree(conn);
184 }
185 
186 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
187 			   struct sock *parent)
188 {
189 	BT_DBG("conn %p", conn);
190 
191 	sco_pi(sk)->conn = conn;
192 	conn->sk = sk;
193 
194 	if (parent)
195 		bt_accept_enqueue(parent, sk);
196 }
197 
198 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
199 			struct sock *parent)
200 {
201 	int err = 0;
202 
203 	sco_conn_lock(conn);
204 	if (conn->sk)
205 		err = -EBUSY;
206 	else
207 		__sco_chan_add(conn, sk, parent);
208 
209 	sco_conn_unlock(conn);
210 	return err;
211 }
212 
213 static int sco_connect(struct sock *sk)
214 {
215 	struct sco_conn *conn;
216 	struct hci_conn *hcon;
217 	struct hci_dev  *hdev;
218 	int err, type;
219 
220 	BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
221 
222 	hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src);
223 	if (!hdev)
224 		return -EHOSTUNREACH;
225 
226 	hci_dev_lock(hdev);
227 
228 	if (lmp_esco_capable(hdev) && !disable_esco)
229 		type = ESCO_LINK;
230 	else
231 		type = SCO_LINK;
232 
233 	if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
234 	    (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
235 		err = -EOPNOTSUPP;
236 		goto done;
237 	}
238 
239 	hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
240 			       sco_pi(sk)->setting);
241 	if (IS_ERR(hcon)) {
242 		err = PTR_ERR(hcon);
243 		goto done;
244 	}
245 
246 	conn = sco_conn_add(hcon);
247 	if (!conn) {
248 		hci_conn_drop(hcon);
249 		err = -ENOMEM;
250 		goto done;
251 	}
252 
253 	/* Update source addr of the socket */
254 	bacpy(&sco_pi(sk)->src, &hcon->src);
255 
256 	err = sco_chan_add(conn, sk, NULL);
257 	if (err)
258 		goto done;
259 
260 	if (hcon->state == BT_CONNECTED) {
261 		sco_sock_clear_timer(sk);
262 		sk->sk_state = BT_CONNECTED;
263 	} else {
264 		sk->sk_state = BT_CONNECT;
265 		sco_sock_set_timer(sk, sk->sk_sndtimeo);
266 	}
267 
268 done:
269 	hci_dev_unlock(hdev);
270 	hci_dev_put(hdev);
271 	return err;
272 }
273 
274 static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
275 {
276 	struct sco_conn *conn = sco_pi(sk)->conn;
277 	struct sk_buff *skb;
278 	int err;
279 
280 	/* Check outgoing MTU */
281 	if (len > conn->mtu)
282 		return -EINVAL;
283 
284 	BT_DBG("sk %p len %d", sk, len);
285 
286 	skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
287 	if (!skb)
288 		return err;
289 
290 	if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
291 		kfree_skb(skb);
292 		return -EFAULT;
293 	}
294 
295 	hci_send_sco(conn->hcon, skb);
296 
297 	return len;
298 }
299 
300 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
301 {
302 	struct sock *sk;
303 
304 	sco_conn_lock(conn);
305 	sk = conn->sk;
306 	sco_conn_unlock(conn);
307 
308 	if (!sk)
309 		goto drop;
310 
311 	BT_DBG("sk %p len %d", sk, skb->len);
312 
313 	if (sk->sk_state != BT_CONNECTED)
314 		goto drop;
315 
316 	if (!sock_queue_rcv_skb(sk, skb))
317 		return;
318 
319 drop:
320 	kfree_skb(skb);
321 }
322 
323 /* -------- Socket interface ---------- */
324 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
325 {
326 	struct sock *sk;
327 
328 	sk_for_each(sk, &sco_sk_list.head) {
329 		if (sk->sk_state != BT_LISTEN)
330 			continue;
331 
332 		if (!bacmp(&sco_pi(sk)->src, ba))
333 			return sk;
334 	}
335 
336 	return NULL;
337 }
338 
339 /* Find socket listening on source bdaddr.
340  * Returns closest match.
341  */
342 static struct sock *sco_get_sock_listen(bdaddr_t *src)
343 {
344 	struct sock *sk = NULL, *sk1 = NULL;
345 
346 	read_lock(&sco_sk_list.lock);
347 
348 	sk_for_each(sk, &sco_sk_list.head) {
349 		if (sk->sk_state != BT_LISTEN)
350 			continue;
351 
352 		/* Exact match. */
353 		if (!bacmp(&sco_pi(sk)->src, src))
354 			break;
355 
356 		/* Closest match */
357 		if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
358 			sk1 = sk;
359 	}
360 
361 	read_unlock(&sco_sk_list.lock);
362 
363 	return sk ? sk : sk1;
364 }
365 
366 static void sco_sock_destruct(struct sock *sk)
367 {
368 	BT_DBG("sk %p", sk);
369 
370 	skb_queue_purge(&sk->sk_receive_queue);
371 	skb_queue_purge(&sk->sk_write_queue);
372 }
373 
374 static void sco_sock_cleanup_listen(struct sock *parent)
375 {
376 	struct sock *sk;
377 
378 	BT_DBG("parent %p", parent);
379 
380 	/* Close not yet accepted channels */
381 	while ((sk = bt_accept_dequeue(parent, NULL))) {
382 		sco_sock_close(sk);
383 		sco_sock_kill(sk);
384 	}
385 
386 	parent->sk_state  = BT_CLOSED;
387 	sock_set_flag(parent, SOCK_ZAPPED);
388 }
389 
390 /* Kill socket (only if zapped and orphan)
391  * Must be called on unlocked socket.
392  */
393 static void sco_sock_kill(struct sock *sk)
394 {
395 	if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
396 		return;
397 
398 	BT_DBG("sk %p state %d", sk, sk->sk_state);
399 
400 	/* Kill poor orphan */
401 	bt_sock_unlink(&sco_sk_list, sk);
402 	sock_set_flag(sk, SOCK_DEAD);
403 	sock_put(sk);
404 }
405 
406 static void __sco_sock_close(struct sock *sk)
407 {
408 	BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
409 
410 	switch (sk->sk_state) {
411 	case BT_LISTEN:
412 		sco_sock_cleanup_listen(sk);
413 		break;
414 
415 	case BT_CONNECTED:
416 	case BT_CONFIG:
417 		if (sco_pi(sk)->conn->hcon) {
418 			sk->sk_state = BT_DISCONN;
419 			sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
420 			sco_conn_lock(sco_pi(sk)->conn);
421 			hci_conn_drop(sco_pi(sk)->conn->hcon);
422 			sco_pi(sk)->conn->hcon = NULL;
423 			sco_conn_unlock(sco_pi(sk)->conn);
424 		} else
425 			sco_chan_del(sk, ECONNRESET);
426 		break;
427 
428 	case BT_CONNECT2:
429 	case BT_CONNECT:
430 	case BT_DISCONN:
431 		sco_chan_del(sk, ECONNRESET);
432 		break;
433 
434 	default:
435 		sock_set_flag(sk, SOCK_ZAPPED);
436 		break;
437 	}
438 }
439 
440 /* Must be called on unlocked socket. */
441 static void sco_sock_close(struct sock *sk)
442 {
443 	sco_sock_clear_timer(sk);
444 	lock_sock(sk);
445 	__sco_sock_close(sk);
446 	release_sock(sk);
447 	sco_sock_kill(sk);
448 }
449 
450 static void sco_sock_init(struct sock *sk, struct sock *parent)
451 {
452 	BT_DBG("sk %p", sk);
453 
454 	if (parent) {
455 		sk->sk_type = parent->sk_type;
456 		bt_sk(sk)->flags = bt_sk(parent)->flags;
457 		security_sk_clone(parent, sk);
458 	}
459 }
460 
461 static struct proto sco_proto = {
462 	.name		= "SCO",
463 	.owner		= THIS_MODULE,
464 	.obj_size	= sizeof(struct sco_pinfo)
465 };
466 
467 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
468 				   int proto, gfp_t prio, int kern)
469 {
470 	struct sock *sk;
471 
472 	sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
473 	if (!sk)
474 		return NULL;
475 
476 	sock_init_data(sock, sk);
477 	INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
478 
479 	sk->sk_destruct = sco_sock_destruct;
480 	sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
481 
482 	sock_reset_flag(sk, SOCK_ZAPPED);
483 
484 	sk->sk_protocol = proto;
485 	sk->sk_state    = BT_OPEN;
486 
487 	sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
488 
489 	setup_timer(&sk->sk_timer, sco_sock_timeout, (unsigned long)sk);
490 
491 	bt_sock_link(&sco_sk_list, sk);
492 	return sk;
493 }
494 
495 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
496 			   int kern)
497 {
498 	struct sock *sk;
499 
500 	BT_DBG("sock %p", sock);
501 
502 	sock->state = SS_UNCONNECTED;
503 
504 	if (sock->type != SOCK_SEQPACKET)
505 		return -ESOCKTNOSUPPORT;
506 
507 	sock->ops = &sco_sock_ops;
508 
509 	sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
510 	if (!sk)
511 		return -ENOMEM;
512 
513 	sco_sock_init(sk, NULL);
514 	return 0;
515 }
516 
517 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
518 			 int addr_len)
519 {
520 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
521 	struct sock *sk = sock->sk;
522 	int err = 0;
523 
524 	BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
525 
526 	if (!addr || addr->sa_family != AF_BLUETOOTH)
527 		return -EINVAL;
528 
529 	if (addr_len < sizeof(struct sockaddr_sco))
530 		return -EINVAL;
531 
532 	lock_sock(sk);
533 
534 	if (sk->sk_state != BT_OPEN) {
535 		err = -EBADFD;
536 		goto done;
537 	}
538 
539 	if (sk->sk_type != SOCK_SEQPACKET) {
540 		err = -EINVAL;
541 		goto done;
542 	}
543 
544 	bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
545 
546 	sk->sk_state = BT_BOUND;
547 
548 done:
549 	release_sock(sk);
550 	return err;
551 }
552 
553 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
554 {
555 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
556 	struct sock *sk = sock->sk;
557 	int err;
558 
559 	BT_DBG("sk %p", sk);
560 
561 	if (alen < sizeof(struct sockaddr_sco) ||
562 	    addr->sa_family != AF_BLUETOOTH)
563 		return -EINVAL;
564 
565 	if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
566 		return -EBADFD;
567 
568 	if (sk->sk_type != SOCK_SEQPACKET)
569 		return -EINVAL;
570 
571 	lock_sock(sk);
572 
573 	/* Set destination address and psm */
574 	bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
575 
576 	err = sco_connect(sk);
577 	if (err)
578 		goto done;
579 
580 	err = bt_sock_wait_state(sk, BT_CONNECTED,
581 				 sock_sndtimeo(sk, flags & O_NONBLOCK));
582 
583 done:
584 	release_sock(sk);
585 	return err;
586 }
587 
588 static int sco_sock_listen(struct socket *sock, int backlog)
589 {
590 	struct sock *sk = sock->sk;
591 	bdaddr_t *src = &sco_pi(sk)->src;
592 	int err = 0;
593 
594 	BT_DBG("sk %p backlog %d", sk, backlog);
595 
596 	lock_sock(sk);
597 
598 	if (sk->sk_state != BT_BOUND) {
599 		err = -EBADFD;
600 		goto done;
601 	}
602 
603 	if (sk->sk_type != SOCK_SEQPACKET) {
604 		err = -EINVAL;
605 		goto done;
606 	}
607 
608 	write_lock(&sco_sk_list.lock);
609 
610 	if (__sco_get_sock_listen_by_addr(src)) {
611 		err = -EADDRINUSE;
612 		goto unlock;
613 	}
614 
615 	sk->sk_max_ack_backlog = backlog;
616 	sk->sk_ack_backlog = 0;
617 
618 	sk->sk_state = BT_LISTEN;
619 
620 unlock:
621 	write_unlock(&sco_sk_list.lock);
622 
623 done:
624 	release_sock(sk);
625 	return err;
626 }
627 
628 static int sco_sock_accept(struct socket *sock, struct socket *newsock,
629 			   int flags)
630 {
631 	DEFINE_WAIT_FUNC(wait, woken_wake_function);
632 	struct sock *sk = sock->sk, *ch;
633 	long timeo;
634 	int err = 0;
635 
636 	lock_sock(sk);
637 
638 	timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
639 
640 	BT_DBG("sk %p timeo %ld", sk, timeo);
641 
642 	/* Wait for an incoming connection. (wake-one). */
643 	add_wait_queue_exclusive(sk_sleep(sk), &wait);
644 	while (1) {
645 		if (sk->sk_state != BT_LISTEN) {
646 			err = -EBADFD;
647 			break;
648 		}
649 
650 		ch = bt_accept_dequeue(sk, newsock);
651 		if (ch)
652 			break;
653 
654 		if (!timeo) {
655 			err = -EAGAIN;
656 			break;
657 		}
658 
659 		if (signal_pending(current)) {
660 			err = sock_intr_errno(timeo);
661 			break;
662 		}
663 
664 		release_sock(sk);
665 
666 		timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
667 		lock_sock(sk);
668 	}
669 	remove_wait_queue(sk_sleep(sk), &wait);
670 
671 	if (err)
672 		goto done;
673 
674 	newsock->state = SS_CONNECTED;
675 
676 	BT_DBG("new socket %p", ch);
677 
678 done:
679 	release_sock(sk);
680 	return err;
681 }
682 
683 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
684 			    int *len, int peer)
685 {
686 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
687 	struct sock *sk = sock->sk;
688 
689 	BT_DBG("sock %p, sk %p", sock, sk);
690 
691 	addr->sa_family = AF_BLUETOOTH;
692 	*len = sizeof(struct sockaddr_sco);
693 
694 	if (peer)
695 		bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
696 	else
697 		bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
698 
699 	return 0;
700 }
701 
702 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
703 			    size_t len)
704 {
705 	struct sock *sk = sock->sk;
706 	int err;
707 
708 	BT_DBG("sock %p, sk %p", sock, sk);
709 
710 	err = sock_error(sk);
711 	if (err)
712 		return err;
713 
714 	if (msg->msg_flags & MSG_OOB)
715 		return -EOPNOTSUPP;
716 
717 	lock_sock(sk);
718 
719 	if (sk->sk_state == BT_CONNECTED)
720 		err = sco_send_frame(sk, msg, len);
721 	else
722 		err = -ENOTCONN;
723 
724 	release_sock(sk);
725 	return err;
726 }
727 
728 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
729 {
730 	struct hci_dev *hdev = conn->hdev;
731 
732 	BT_DBG("conn %p", conn);
733 
734 	conn->state = BT_CONFIG;
735 
736 	if (!lmp_esco_capable(hdev)) {
737 		struct hci_cp_accept_conn_req cp;
738 
739 		bacpy(&cp.bdaddr, &conn->dst);
740 		cp.role = 0x00; /* Ignored */
741 
742 		hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
743 	} else {
744 		struct hci_cp_accept_sync_conn_req cp;
745 
746 		bacpy(&cp.bdaddr, &conn->dst);
747 		cp.pkt_type = cpu_to_le16(conn->pkt_type);
748 
749 		cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
750 		cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
751 		cp.content_format = cpu_to_le16(setting);
752 
753 		switch (setting & SCO_AIRMODE_MASK) {
754 		case SCO_AIRMODE_TRANSP:
755 			if (conn->pkt_type & ESCO_2EV3)
756 				cp.max_latency = cpu_to_le16(0x0008);
757 			else
758 				cp.max_latency = cpu_to_le16(0x000D);
759 			cp.retrans_effort = 0x02;
760 			break;
761 		case SCO_AIRMODE_CVSD:
762 			cp.max_latency = cpu_to_le16(0xffff);
763 			cp.retrans_effort = 0xff;
764 			break;
765 		}
766 
767 		hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
768 			     sizeof(cp), &cp);
769 	}
770 }
771 
772 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
773 			    size_t len, int flags)
774 {
775 	struct sock *sk = sock->sk;
776 	struct sco_pinfo *pi = sco_pi(sk);
777 
778 	lock_sock(sk);
779 
780 	if (sk->sk_state == BT_CONNECT2 &&
781 	    test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
782 		sco_conn_defer_accept(pi->conn->hcon, pi->setting);
783 		sk->sk_state = BT_CONFIG;
784 
785 		release_sock(sk);
786 		return 0;
787 	}
788 
789 	release_sock(sk);
790 
791 	return bt_sock_recvmsg(sock, msg, len, flags);
792 }
793 
794 static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
795 			       char __user *optval, unsigned int optlen)
796 {
797 	struct sock *sk = sock->sk;
798 	int len, err = 0;
799 	struct bt_voice voice;
800 	u32 opt;
801 
802 	BT_DBG("sk %p", sk);
803 
804 	lock_sock(sk);
805 
806 	switch (optname) {
807 
808 	case BT_DEFER_SETUP:
809 		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
810 			err = -EINVAL;
811 			break;
812 		}
813 
814 		if (get_user(opt, (u32 __user *) optval)) {
815 			err = -EFAULT;
816 			break;
817 		}
818 
819 		if (opt)
820 			set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
821 		else
822 			clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
823 		break;
824 
825 	case BT_VOICE:
826 		if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
827 		    sk->sk_state != BT_CONNECT2) {
828 			err = -EINVAL;
829 			break;
830 		}
831 
832 		voice.setting = sco_pi(sk)->setting;
833 
834 		len = min_t(unsigned int, sizeof(voice), optlen);
835 		if (copy_from_user((char *)&voice, optval, len)) {
836 			err = -EFAULT;
837 			break;
838 		}
839 
840 		/* Explicitly check for these values */
841 		if (voice.setting != BT_VOICE_TRANSPARENT &&
842 		    voice.setting != BT_VOICE_CVSD_16BIT) {
843 			err = -EINVAL;
844 			break;
845 		}
846 
847 		sco_pi(sk)->setting = voice.setting;
848 		break;
849 
850 	default:
851 		err = -ENOPROTOOPT;
852 		break;
853 	}
854 
855 	release_sock(sk);
856 	return err;
857 }
858 
859 static int sco_sock_getsockopt_old(struct socket *sock, int optname,
860 				   char __user *optval, int __user *optlen)
861 {
862 	struct sock *sk = sock->sk;
863 	struct sco_options opts;
864 	struct sco_conninfo cinfo;
865 	int len, err = 0;
866 
867 	BT_DBG("sk %p", sk);
868 
869 	if (get_user(len, optlen))
870 		return -EFAULT;
871 
872 	lock_sock(sk);
873 
874 	switch (optname) {
875 	case SCO_OPTIONS:
876 		if (sk->sk_state != BT_CONNECTED &&
877 		    !(sk->sk_state == BT_CONNECT2 &&
878 		      test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
879 			err = -ENOTCONN;
880 			break;
881 		}
882 
883 		opts.mtu = sco_pi(sk)->conn->mtu;
884 
885 		BT_DBG("mtu %d", opts.mtu);
886 
887 		len = min_t(unsigned int, len, sizeof(opts));
888 		if (copy_to_user(optval, (char *)&opts, len))
889 			err = -EFAULT;
890 
891 		break;
892 
893 	case SCO_CONNINFO:
894 		if (sk->sk_state != BT_CONNECTED &&
895 		    !(sk->sk_state == BT_CONNECT2 &&
896 		      test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
897 			err = -ENOTCONN;
898 			break;
899 		}
900 
901 		memset(&cinfo, 0, sizeof(cinfo));
902 		cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
903 		memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
904 
905 		len = min_t(unsigned int, len, sizeof(cinfo));
906 		if (copy_to_user(optval, (char *)&cinfo, len))
907 			err = -EFAULT;
908 
909 		break;
910 
911 	default:
912 		err = -ENOPROTOOPT;
913 		break;
914 	}
915 
916 	release_sock(sk);
917 	return err;
918 }
919 
920 static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
921 			       char __user *optval, int __user *optlen)
922 {
923 	struct sock *sk = sock->sk;
924 	int len, err = 0;
925 	struct bt_voice voice;
926 
927 	BT_DBG("sk %p", sk);
928 
929 	if (level == SOL_SCO)
930 		return sco_sock_getsockopt_old(sock, optname, optval, optlen);
931 
932 	if (get_user(len, optlen))
933 		return -EFAULT;
934 
935 	lock_sock(sk);
936 
937 	switch (optname) {
938 
939 	case BT_DEFER_SETUP:
940 		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
941 			err = -EINVAL;
942 			break;
943 		}
944 
945 		if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
946 			     (u32 __user *)optval))
947 			err = -EFAULT;
948 
949 		break;
950 
951 	case BT_VOICE:
952 		voice.setting = sco_pi(sk)->setting;
953 
954 		len = min_t(unsigned int, len, sizeof(voice));
955 		if (copy_to_user(optval, (char *)&voice, len))
956 			err = -EFAULT;
957 
958 		break;
959 
960 	default:
961 		err = -ENOPROTOOPT;
962 		break;
963 	}
964 
965 	release_sock(sk);
966 	return err;
967 }
968 
969 static int sco_sock_shutdown(struct socket *sock, int how)
970 {
971 	struct sock *sk = sock->sk;
972 	int err = 0;
973 
974 	BT_DBG("sock %p, sk %p", sock, sk);
975 
976 	if (!sk)
977 		return 0;
978 
979 	sock_hold(sk);
980 	lock_sock(sk);
981 
982 	if (!sk->sk_shutdown) {
983 		sk->sk_shutdown = SHUTDOWN_MASK;
984 		sco_sock_clear_timer(sk);
985 		__sco_sock_close(sk);
986 
987 		if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
988 		    !(current->flags & PF_EXITING))
989 			err = bt_sock_wait_state(sk, BT_CLOSED,
990 						 sk->sk_lingertime);
991 	}
992 
993 	release_sock(sk);
994 	sock_put(sk);
995 
996 	return err;
997 }
998 
999 static int sco_sock_release(struct socket *sock)
1000 {
1001 	struct sock *sk = sock->sk;
1002 	int err = 0;
1003 
1004 	BT_DBG("sock %p, sk %p", sock, sk);
1005 
1006 	if (!sk)
1007 		return 0;
1008 
1009 	sco_sock_close(sk);
1010 
1011 	if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1012 	    !(current->flags & PF_EXITING)) {
1013 		lock_sock(sk);
1014 		err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1015 		release_sock(sk);
1016 	}
1017 
1018 	sock_orphan(sk);
1019 	sco_sock_kill(sk);
1020 	return err;
1021 }
1022 
1023 static void sco_conn_ready(struct sco_conn *conn)
1024 {
1025 	struct sock *parent;
1026 	struct sock *sk = conn->sk;
1027 
1028 	BT_DBG("conn %p", conn);
1029 
1030 	if (sk) {
1031 		sco_sock_clear_timer(sk);
1032 		bh_lock_sock(sk);
1033 		sk->sk_state = BT_CONNECTED;
1034 		sk->sk_state_change(sk);
1035 		bh_unlock_sock(sk);
1036 	} else {
1037 		sco_conn_lock(conn);
1038 
1039 		if (!conn->hcon) {
1040 			sco_conn_unlock(conn);
1041 			return;
1042 		}
1043 
1044 		parent = sco_get_sock_listen(&conn->hcon->src);
1045 		if (!parent) {
1046 			sco_conn_unlock(conn);
1047 			return;
1048 		}
1049 
1050 		bh_lock_sock(parent);
1051 
1052 		sk = sco_sock_alloc(sock_net(parent), NULL,
1053 				    BTPROTO_SCO, GFP_ATOMIC, 0);
1054 		if (!sk) {
1055 			bh_unlock_sock(parent);
1056 			sco_conn_unlock(conn);
1057 			return;
1058 		}
1059 
1060 		sco_sock_init(sk, parent);
1061 
1062 		bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1063 		bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1064 
1065 		hci_conn_hold(conn->hcon);
1066 		__sco_chan_add(conn, sk, parent);
1067 
1068 		if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1069 			sk->sk_state = BT_CONNECT2;
1070 		else
1071 			sk->sk_state = BT_CONNECTED;
1072 
1073 		/* Wake up parent */
1074 		parent->sk_data_ready(parent);
1075 
1076 		bh_unlock_sock(parent);
1077 
1078 		sco_conn_unlock(conn);
1079 	}
1080 }
1081 
1082 /* ----- SCO interface with lower layer (HCI) ----- */
1083 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1084 {
1085 	struct sock *sk;
1086 	int lm = 0;
1087 
1088 	BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1089 
1090 	/* Find listening sockets */
1091 	read_lock(&sco_sk_list.lock);
1092 	sk_for_each(sk, &sco_sk_list.head) {
1093 		if (sk->sk_state != BT_LISTEN)
1094 			continue;
1095 
1096 		if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1097 		    !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1098 			lm |= HCI_LM_ACCEPT;
1099 
1100 			if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1101 				*flags |= HCI_PROTO_DEFER;
1102 			break;
1103 		}
1104 	}
1105 	read_unlock(&sco_sk_list.lock);
1106 
1107 	return lm;
1108 }
1109 
1110 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1111 {
1112 	if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1113 		return;
1114 
1115 	BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1116 
1117 	if (!status) {
1118 		struct sco_conn *conn;
1119 
1120 		conn = sco_conn_add(hcon);
1121 		if (conn)
1122 			sco_conn_ready(conn);
1123 	} else
1124 		sco_conn_del(hcon, bt_to_errno(status));
1125 }
1126 
1127 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1128 {
1129 	if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1130 		return;
1131 
1132 	BT_DBG("hcon %p reason %d", hcon, reason);
1133 
1134 	sco_conn_del(hcon, bt_to_errno(reason));
1135 }
1136 
1137 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1138 {
1139 	struct sco_conn *conn = hcon->sco_data;
1140 
1141 	if (!conn)
1142 		goto drop;
1143 
1144 	BT_DBG("conn %p len %d", conn, skb->len);
1145 
1146 	if (skb->len) {
1147 		sco_recv_frame(conn, skb);
1148 		return;
1149 	}
1150 
1151 drop:
1152 	kfree_skb(skb);
1153 }
1154 
1155 static struct hci_cb sco_cb = {
1156 	.name		= "SCO",
1157 	.connect_cfm	= sco_connect_cfm,
1158 	.disconn_cfm	= sco_disconn_cfm,
1159 };
1160 
1161 static int sco_debugfs_show(struct seq_file *f, void *p)
1162 {
1163 	struct sock *sk;
1164 
1165 	read_lock(&sco_sk_list.lock);
1166 
1167 	sk_for_each(sk, &sco_sk_list.head) {
1168 		seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1169 			   &sco_pi(sk)->dst, sk->sk_state);
1170 	}
1171 
1172 	read_unlock(&sco_sk_list.lock);
1173 
1174 	return 0;
1175 }
1176 
1177 static int sco_debugfs_open(struct inode *inode, struct file *file)
1178 {
1179 	return single_open(file, sco_debugfs_show, inode->i_private);
1180 }
1181 
1182 static const struct file_operations sco_debugfs_fops = {
1183 	.open		= sco_debugfs_open,
1184 	.read		= seq_read,
1185 	.llseek		= seq_lseek,
1186 	.release	= single_release,
1187 };
1188 
1189 static struct dentry *sco_debugfs;
1190 
1191 static const struct proto_ops sco_sock_ops = {
1192 	.family		= PF_BLUETOOTH,
1193 	.owner		= THIS_MODULE,
1194 	.release	= sco_sock_release,
1195 	.bind		= sco_sock_bind,
1196 	.connect	= sco_sock_connect,
1197 	.listen		= sco_sock_listen,
1198 	.accept		= sco_sock_accept,
1199 	.getname	= sco_sock_getname,
1200 	.sendmsg	= sco_sock_sendmsg,
1201 	.recvmsg	= sco_sock_recvmsg,
1202 	.poll		= bt_sock_poll,
1203 	.ioctl		= bt_sock_ioctl,
1204 	.mmap		= sock_no_mmap,
1205 	.socketpair	= sock_no_socketpair,
1206 	.shutdown	= sco_sock_shutdown,
1207 	.setsockopt	= sco_sock_setsockopt,
1208 	.getsockopt	= sco_sock_getsockopt
1209 };
1210 
1211 static const struct net_proto_family sco_sock_family_ops = {
1212 	.family	= PF_BLUETOOTH,
1213 	.owner	= THIS_MODULE,
1214 	.create	= sco_sock_create,
1215 };
1216 
1217 int __init sco_init(void)
1218 {
1219 	int err;
1220 
1221 	BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1222 
1223 	err = proto_register(&sco_proto, 0);
1224 	if (err < 0)
1225 		return err;
1226 
1227 	err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1228 	if (err < 0) {
1229 		BT_ERR("SCO socket registration failed");
1230 		goto error;
1231 	}
1232 
1233 	err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1234 	if (err < 0) {
1235 		BT_ERR("Failed to create SCO proc file");
1236 		bt_sock_unregister(BTPROTO_SCO);
1237 		goto error;
1238 	}
1239 
1240 	BT_INFO("SCO socket layer initialized");
1241 
1242 	hci_register_cb(&sco_cb);
1243 
1244 	if (IS_ERR_OR_NULL(bt_debugfs))
1245 		return 0;
1246 
1247 	sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1248 					  NULL, &sco_debugfs_fops);
1249 
1250 	return 0;
1251 
1252 error:
1253 	proto_unregister(&sco_proto);
1254 	return err;
1255 }
1256 
1257 void sco_exit(void)
1258 {
1259 	bt_procfs_cleanup(&init_net, "sco");
1260 
1261 	debugfs_remove(sco_debugfs);
1262 
1263 	hci_unregister_cb(&sco_cb);
1264 
1265 	bt_sock_unregister(BTPROTO_SCO);
1266 
1267 	proto_unregister(&sco_proto);
1268 }
1269 
1270 module_param(disable_esco, bool, 0644);
1271 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1272