xref: /linux/net/bluetooth/sco.c (revision 0d456bad36d42d16022be045c8a53ddbb59ee478)
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4 
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6 
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10 
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24 
25 /* Bluetooth SCO sockets. */
26 
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 
31 #include <net/bluetooth/bluetooth.h>
32 #include <net/bluetooth/hci_core.h>
33 #include <net/bluetooth/sco.h>
34 
35 static bool disable_esco;
36 
37 static const struct proto_ops sco_sock_ops;
38 
39 static struct bt_sock_list sco_sk_list = {
40 	.lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
41 };
42 
43 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent);
44 static void sco_chan_del(struct sock *sk, int err);
45 
46 static void sco_sock_close(struct sock *sk);
47 static void sco_sock_kill(struct sock *sk);
48 
49 /* ---- SCO timers ---- */
50 static void sco_sock_timeout(unsigned long arg)
51 {
52 	struct sock *sk = (struct sock *) arg;
53 
54 	BT_DBG("sock %p state %d", sk, sk->sk_state);
55 
56 	bh_lock_sock(sk);
57 	sk->sk_err = ETIMEDOUT;
58 	sk->sk_state_change(sk);
59 	bh_unlock_sock(sk);
60 
61 	sco_sock_kill(sk);
62 	sock_put(sk);
63 }
64 
65 static void sco_sock_set_timer(struct sock *sk, long timeout)
66 {
67 	BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
68 	sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
69 }
70 
71 static void sco_sock_clear_timer(struct sock *sk)
72 {
73 	BT_DBG("sock %p state %d", sk, sk->sk_state);
74 	sk_stop_timer(sk, &sk->sk_timer);
75 }
76 
77 /* ---- SCO connections ---- */
78 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
79 {
80 	struct hci_dev *hdev = hcon->hdev;
81 	struct sco_conn *conn = hcon->sco_data;
82 
83 	if (conn)
84 		return conn;
85 
86 	conn = kzalloc(sizeof(struct sco_conn), GFP_ATOMIC);
87 	if (!conn)
88 		return NULL;
89 
90 	spin_lock_init(&conn->lock);
91 
92 	hcon->sco_data = conn;
93 	conn->hcon = hcon;
94 
95 	conn->src = &hdev->bdaddr;
96 	conn->dst = &hcon->dst;
97 
98 	if (hdev->sco_mtu > 0)
99 		conn->mtu = hdev->sco_mtu;
100 	else
101 		conn->mtu = 60;
102 
103 	BT_DBG("hcon %p conn %p", hcon, conn);
104 
105 	return conn;
106 }
107 
108 static struct sock *sco_chan_get(struct sco_conn *conn)
109 {
110 	struct sock *sk = NULL;
111 	sco_conn_lock(conn);
112 	sk = conn->sk;
113 	sco_conn_unlock(conn);
114 	return sk;
115 }
116 
117 static int sco_conn_del(struct hci_conn *hcon, int err)
118 {
119 	struct sco_conn *conn = hcon->sco_data;
120 	struct sock *sk;
121 
122 	if (!conn)
123 		return 0;
124 
125 	BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
126 
127 	/* Kill socket */
128 	sk = sco_chan_get(conn);
129 	if (sk) {
130 		bh_lock_sock(sk);
131 		sco_sock_clear_timer(sk);
132 		sco_chan_del(sk, err);
133 		bh_unlock_sock(sk);
134 		sco_sock_kill(sk);
135 	}
136 
137 	hcon->sco_data = NULL;
138 	kfree(conn);
139 	return 0;
140 }
141 
142 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
143 			struct sock *parent)
144 {
145 	int err = 0;
146 
147 	sco_conn_lock(conn);
148 	if (conn->sk)
149 		err = -EBUSY;
150 	else
151 		__sco_chan_add(conn, sk, parent);
152 
153 	sco_conn_unlock(conn);
154 	return err;
155 }
156 
157 static int sco_connect(struct sock *sk)
158 {
159 	bdaddr_t *src = &bt_sk(sk)->src;
160 	bdaddr_t *dst = &bt_sk(sk)->dst;
161 	struct sco_conn *conn;
162 	struct hci_conn *hcon;
163 	struct hci_dev  *hdev;
164 	int err, type;
165 
166 	BT_DBG("%pMR -> %pMR", src, dst);
167 
168 	hdev = hci_get_route(dst, src);
169 	if (!hdev)
170 		return -EHOSTUNREACH;
171 
172 	hci_dev_lock(hdev);
173 
174 	if (lmp_esco_capable(hdev) && !disable_esco)
175 		type = ESCO_LINK;
176 	else
177 		type = SCO_LINK;
178 
179 	hcon = hci_connect(hdev, type, dst, BDADDR_BREDR, BT_SECURITY_LOW,
180 			   HCI_AT_NO_BONDING);
181 	if (IS_ERR(hcon)) {
182 		err = PTR_ERR(hcon);
183 		goto done;
184 	}
185 
186 	conn = sco_conn_add(hcon);
187 	if (!conn) {
188 		hci_conn_put(hcon);
189 		err = -ENOMEM;
190 		goto done;
191 	}
192 
193 	/* Update source addr of the socket */
194 	bacpy(src, conn->src);
195 
196 	err = sco_chan_add(conn, sk, NULL);
197 	if (err)
198 		goto done;
199 
200 	if (hcon->state == BT_CONNECTED) {
201 		sco_sock_clear_timer(sk);
202 		sk->sk_state = BT_CONNECTED;
203 	} else {
204 		sk->sk_state = BT_CONNECT;
205 		sco_sock_set_timer(sk, sk->sk_sndtimeo);
206 	}
207 
208 done:
209 	hci_dev_unlock(hdev);
210 	hci_dev_put(hdev);
211 	return err;
212 }
213 
214 static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
215 {
216 	struct sco_conn *conn = sco_pi(sk)->conn;
217 	struct sk_buff *skb;
218 	int err;
219 
220 	/* Check outgoing MTU */
221 	if (len > conn->mtu)
222 		return -EINVAL;
223 
224 	BT_DBG("sk %p len %d", sk, len);
225 
226 	skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
227 	if (!skb)
228 		return err;
229 
230 	if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
231 		kfree_skb(skb);
232 		return -EFAULT;
233 	}
234 
235 	hci_send_sco(conn->hcon, skb);
236 
237 	return len;
238 }
239 
240 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
241 {
242 	struct sock *sk = sco_chan_get(conn);
243 
244 	if (!sk)
245 		goto drop;
246 
247 	BT_DBG("sk %p len %d", sk, skb->len);
248 
249 	if (sk->sk_state != BT_CONNECTED)
250 		goto drop;
251 
252 	if (!sock_queue_rcv_skb(sk, skb))
253 		return;
254 
255 drop:
256 	kfree_skb(skb);
257 }
258 
259 /* -------- Socket interface ---------- */
260 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
261 {
262 	struct hlist_node *node;
263 	struct sock *sk;
264 
265 	sk_for_each(sk, node, &sco_sk_list.head) {
266 		if (sk->sk_state != BT_LISTEN)
267 			continue;
268 
269 		if (!bacmp(&bt_sk(sk)->src, ba))
270 			return sk;
271 	}
272 
273 	return NULL;
274 }
275 
276 /* Find socket listening on source bdaddr.
277  * Returns closest match.
278  */
279 static struct sock *sco_get_sock_listen(bdaddr_t *src)
280 {
281 	struct sock *sk = NULL, *sk1 = NULL;
282 	struct hlist_node *node;
283 
284 	read_lock(&sco_sk_list.lock);
285 
286 	sk_for_each(sk, node, &sco_sk_list.head) {
287 		if (sk->sk_state != BT_LISTEN)
288 			continue;
289 
290 		/* Exact match. */
291 		if (!bacmp(&bt_sk(sk)->src, src))
292 			break;
293 
294 		/* Closest match */
295 		if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
296 			sk1 = sk;
297 	}
298 
299 	read_unlock(&sco_sk_list.lock);
300 
301 	return node ? sk : sk1;
302 }
303 
304 static void sco_sock_destruct(struct sock *sk)
305 {
306 	BT_DBG("sk %p", sk);
307 
308 	skb_queue_purge(&sk->sk_receive_queue);
309 	skb_queue_purge(&sk->sk_write_queue);
310 }
311 
312 static void sco_sock_cleanup_listen(struct sock *parent)
313 {
314 	struct sock *sk;
315 
316 	BT_DBG("parent %p", parent);
317 
318 	/* Close not yet accepted channels */
319 	while ((sk = bt_accept_dequeue(parent, NULL))) {
320 		sco_sock_close(sk);
321 		sco_sock_kill(sk);
322 	}
323 
324 	parent->sk_state  = BT_CLOSED;
325 	sock_set_flag(parent, SOCK_ZAPPED);
326 }
327 
328 /* Kill socket (only if zapped and orphan)
329  * Must be called on unlocked socket.
330  */
331 static void sco_sock_kill(struct sock *sk)
332 {
333 	if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
334 		return;
335 
336 	BT_DBG("sk %p state %d", sk, sk->sk_state);
337 
338 	/* Kill poor orphan */
339 	bt_sock_unlink(&sco_sk_list, sk);
340 	sock_set_flag(sk, SOCK_DEAD);
341 	sock_put(sk);
342 }
343 
344 static void __sco_sock_close(struct sock *sk)
345 {
346 	BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
347 
348 	switch (sk->sk_state) {
349 	case BT_LISTEN:
350 		sco_sock_cleanup_listen(sk);
351 		break;
352 
353 	case BT_CONNECTED:
354 	case BT_CONFIG:
355 		if (sco_pi(sk)->conn) {
356 			sk->sk_state = BT_DISCONN;
357 			sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
358 			hci_conn_put(sco_pi(sk)->conn->hcon);
359 			sco_pi(sk)->conn->hcon = NULL;
360 		} else
361 			sco_chan_del(sk, ECONNRESET);
362 		break;
363 
364 	case BT_CONNECT:
365 	case BT_DISCONN:
366 		sco_chan_del(sk, ECONNRESET);
367 		break;
368 
369 	default:
370 		sock_set_flag(sk, SOCK_ZAPPED);
371 		break;
372 	}
373 }
374 
375 /* Must be called on unlocked socket. */
376 static void sco_sock_close(struct sock *sk)
377 {
378 	sco_sock_clear_timer(sk);
379 	lock_sock(sk);
380 	__sco_sock_close(sk);
381 	release_sock(sk);
382 	sco_sock_kill(sk);
383 }
384 
385 static void sco_sock_init(struct sock *sk, struct sock *parent)
386 {
387 	BT_DBG("sk %p", sk);
388 
389 	if (parent) {
390 		sk->sk_type = parent->sk_type;
391 		bt_sk(sk)->flags = bt_sk(parent)->flags;
392 		security_sk_clone(parent, sk);
393 	}
394 }
395 
396 static struct proto sco_proto = {
397 	.name		= "SCO",
398 	.owner		= THIS_MODULE,
399 	.obj_size	= sizeof(struct sco_pinfo)
400 };
401 
402 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
403 {
404 	struct sock *sk;
405 
406 	sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto);
407 	if (!sk)
408 		return NULL;
409 
410 	sock_init_data(sock, sk);
411 	INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
412 
413 	sk->sk_destruct = sco_sock_destruct;
414 	sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
415 
416 	sock_reset_flag(sk, SOCK_ZAPPED);
417 
418 	sk->sk_protocol = proto;
419 	sk->sk_state    = BT_OPEN;
420 
421 	setup_timer(&sk->sk_timer, sco_sock_timeout, (unsigned long)sk);
422 
423 	bt_sock_link(&sco_sk_list, sk);
424 	return sk;
425 }
426 
427 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
428 			   int kern)
429 {
430 	struct sock *sk;
431 
432 	BT_DBG("sock %p", sock);
433 
434 	sock->state = SS_UNCONNECTED;
435 
436 	if (sock->type != SOCK_SEQPACKET)
437 		return -ESOCKTNOSUPPORT;
438 
439 	sock->ops = &sco_sock_ops;
440 
441 	sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC);
442 	if (!sk)
443 		return -ENOMEM;
444 
445 	sco_sock_init(sk, NULL);
446 	return 0;
447 }
448 
449 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
450 {
451 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
452 	struct sock *sk = sock->sk;
453 	int err = 0;
454 
455 	BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
456 
457 	if (!addr || addr->sa_family != AF_BLUETOOTH)
458 		return -EINVAL;
459 
460 	lock_sock(sk);
461 
462 	if (sk->sk_state != BT_OPEN) {
463 		err = -EBADFD;
464 		goto done;
465 	}
466 
467 	if (sk->sk_type != SOCK_SEQPACKET) {
468 		err = -EINVAL;
469 		goto done;
470 	}
471 
472 	bacpy(&bt_sk(sk)->src, &sa->sco_bdaddr);
473 
474 	sk->sk_state = BT_BOUND;
475 
476 done:
477 	release_sock(sk);
478 	return err;
479 }
480 
481 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
482 {
483 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
484 	struct sock *sk = sock->sk;
485 	int err = 0;
486 
487 
488 	BT_DBG("sk %p", sk);
489 
490 	if (alen < sizeof(struct sockaddr_sco) ||
491 	    addr->sa_family != AF_BLUETOOTH)
492 		return -EINVAL;
493 
494 	if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
495 		return -EBADFD;
496 
497 	if (sk->sk_type != SOCK_SEQPACKET)
498 		return -EINVAL;
499 
500 	lock_sock(sk);
501 
502 	/* Set destination address and psm */
503 	bacpy(&bt_sk(sk)->dst, &sa->sco_bdaddr);
504 
505 	err = sco_connect(sk);
506 	if (err)
507 		goto done;
508 
509 	err = bt_sock_wait_state(sk, BT_CONNECTED,
510 				 sock_sndtimeo(sk, flags & O_NONBLOCK));
511 
512 done:
513 	release_sock(sk);
514 	return err;
515 }
516 
517 static int sco_sock_listen(struct socket *sock, int backlog)
518 {
519 	struct sock *sk = sock->sk;
520 	bdaddr_t *src = &bt_sk(sk)->src;
521 	int err = 0;
522 
523 	BT_DBG("sk %p backlog %d", sk, backlog);
524 
525 	lock_sock(sk);
526 
527 	if (sk->sk_state != BT_BOUND) {
528 		err = -EBADFD;
529 		goto done;
530 	}
531 
532 	if (sk->sk_type != SOCK_SEQPACKET) {
533 		err = -EINVAL;
534 		goto done;
535 	}
536 
537 	write_lock(&sco_sk_list.lock);
538 
539 	if (__sco_get_sock_listen_by_addr(src)) {
540 		err = -EADDRINUSE;
541 		goto unlock;
542 	}
543 
544 	sk->sk_max_ack_backlog = backlog;
545 	sk->sk_ack_backlog = 0;
546 
547 	sk->sk_state = BT_LISTEN;
548 
549 unlock:
550 	write_unlock(&sco_sk_list.lock);
551 
552 done:
553 	release_sock(sk);
554 	return err;
555 }
556 
557 static int sco_sock_accept(struct socket *sock, struct socket *newsock, int flags)
558 {
559 	DECLARE_WAITQUEUE(wait, current);
560 	struct sock *sk = sock->sk, *ch;
561 	long timeo;
562 	int err = 0;
563 
564 	lock_sock(sk);
565 
566 	timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
567 
568 	BT_DBG("sk %p timeo %ld", sk, timeo);
569 
570 	/* Wait for an incoming connection. (wake-one). */
571 	add_wait_queue_exclusive(sk_sleep(sk), &wait);
572 	while (1) {
573 		set_current_state(TASK_INTERRUPTIBLE);
574 
575 		if (sk->sk_state != BT_LISTEN) {
576 			err = -EBADFD;
577 			break;
578 		}
579 
580 		ch = bt_accept_dequeue(sk, newsock);
581 		if (ch)
582 			break;
583 
584 		if (!timeo) {
585 			err = -EAGAIN;
586 			break;
587 		}
588 
589 		if (signal_pending(current)) {
590 			err = sock_intr_errno(timeo);
591 			break;
592 		}
593 
594 		release_sock(sk);
595 		timeo = schedule_timeout(timeo);
596 		lock_sock(sk);
597 	}
598 	__set_current_state(TASK_RUNNING);
599 	remove_wait_queue(sk_sleep(sk), &wait);
600 
601 	if (err)
602 		goto done;
603 
604 	newsock->state = SS_CONNECTED;
605 
606 	BT_DBG("new socket %p", ch);
607 
608 done:
609 	release_sock(sk);
610 	return err;
611 }
612 
613 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
614 {
615 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
616 	struct sock *sk = sock->sk;
617 
618 	BT_DBG("sock %p, sk %p", sock, sk);
619 
620 	addr->sa_family = AF_BLUETOOTH;
621 	*len = sizeof(struct sockaddr_sco);
622 
623 	if (peer)
624 		bacpy(&sa->sco_bdaddr, &bt_sk(sk)->dst);
625 	else
626 		bacpy(&sa->sco_bdaddr, &bt_sk(sk)->src);
627 
628 	return 0;
629 }
630 
631 static int sco_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
632 			    struct msghdr *msg, size_t len)
633 {
634 	struct sock *sk = sock->sk;
635 	int err;
636 
637 	BT_DBG("sock %p, sk %p", sock, sk);
638 
639 	err = sock_error(sk);
640 	if (err)
641 		return err;
642 
643 	if (msg->msg_flags & MSG_OOB)
644 		return -EOPNOTSUPP;
645 
646 	lock_sock(sk);
647 
648 	if (sk->sk_state == BT_CONNECTED)
649 		err = sco_send_frame(sk, msg, len);
650 	else
651 		err = -ENOTCONN;
652 
653 	release_sock(sk);
654 	return err;
655 }
656 
657 static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
658 			    struct msghdr *msg, size_t len, int flags)
659 {
660 	struct sock *sk = sock->sk;
661 	struct sco_pinfo *pi = sco_pi(sk);
662 
663 	lock_sock(sk);
664 
665 	if (sk->sk_state == BT_CONNECT2 &&
666 	    test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
667 		hci_conn_accept(pi->conn->hcon, 0);
668 		sk->sk_state = BT_CONFIG;
669 
670 		release_sock(sk);
671 		return 0;
672 	}
673 
674 	release_sock(sk);
675 
676 	return bt_sock_recvmsg(iocb, sock, msg, len, flags);
677 }
678 
679 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
680 {
681 	struct sock *sk = sock->sk;
682 	int err = 0;
683 	u32 opt;
684 
685 	BT_DBG("sk %p", sk);
686 
687 	lock_sock(sk);
688 
689 	switch (optname) {
690 
691 	case BT_DEFER_SETUP:
692 		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
693 			err = -EINVAL;
694 			break;
695 		}
696 
697 		if (get_user(opt, (u32 __user *) optval)) {
698 			err = -EFAULT;
699 			break;
700 		}
701 
702 		if (opt)
703 			set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
704 		else
705 			clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
706 		break;
707 
708 	default:
709 		err = -ENOPROTOOPT;
710 		break;
711 	}
712 
713 	release_sock(sk);
714 	return err;
715 }
716 
717 static int sco_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
718 {
719 	struct sock *sk = sock->sk;
720 	struct sco_options opts;
721 	struct sco_conninfo cinfo;
722 	int len, err = 0;
723 
724 	BT_DBG("sk %p", sk);
725 
726 	if (get_user(len, optlen))
727 		return -EFAULT;
728 
729 	lock_sock(sk);
730 
731 	switch (optname) {
732 	case SCO_OPTIONS:
733 		if (sk->sk_state != BT_CONNECTED) {
734 			err = -ENOTCONN;
735 			break;
736 		}
737 
738 		opts.mtu = sco_pi(sk)->conn->mtu;
739 
740 		BT_DBG("mtu %d", opts.mtu);
741 
742 		len = min_t(unsigned int, len, sizeof(opts));
743 		if (copy_to_user(optval, (char *)&opts, len))
744 			err = -EFAULT;
745 
746 		break;
747 
748 	case SCO_CONNINFO:
749 		if (sk->sk_state != BT_CONNECTED) {
750 			err = -ENOTCONN;
751 			break;
752 		}
753 
754 		memset(&cinfo, 0, sizeof(cinfo));
755 		cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
756 		memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
757 
758 		len = min_t(unsigned int, len, sizeof(cinfo));
759 		if (copy_to_user(optval, (char *)&cinfo, len))
760 			err = -EFAULT;
761 
762 		break;
763 
764 	default:
765 		err = -ENOPROTOOPT;
766 		break;
767 	}
768 
769 	release_sock(sk);
770 	return err;
771 }
772 
773 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
774 {
775 	struct sock *sk = sock->sk;
776 	int len, err = 0;
777 
778 	BT_DBG("sk %p", sk);
779 
780 	if (level == SOL_SCO)
781 		return sco_sock_getsockopt_old(sock, optname, optval, optlen);
782 
783 	if (get_user(len, optlen))
784 		return -EFAULT;
785 
786 	lock_sock(sk);
787 
788 	switch (optname) {
789 
790 	case BT_DEFER_SETUP:
791 		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
792 			err = -EINVAL;
793 			break;
794 		}
795 
796 		if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
797 			     (u32 __user *) optval))
798 			err = -EFAULT;
799 
800 		break;
801 
802 	default:
803 		err = -ENOPROTOOPT;
804 		break;
805 	}
806 
807 	release_sock(sk);
808 	return err;
809 }
810 
811 static int sco_sock_shutdown(struct socket *sock, int how)
812 {
813 	struct sock *sk = sock->sk;
814 	int err = 0;
815 
816 	BT_DBG("sock %p, sk %p", sock, sk);
817 
818 	if (!sk)
819 		return 0;
820 
821 	lock_sock(sk);
822 	if (!sk->sk_shutdown) {
823 		sk->sk_shutdown = SHUTDOWN_MASK;
824 		sco_sock_clear_timer(sk);
825 		__sco_sock_close(sk);
826 
827 		if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
828 			err = bt_sock_wait_state(sk, BT_CLOSED,
829 						 sk->sk_lingertime);
830 	}
831 	release_sock(sk);
832 	return err;
833 }
834 
835 static int sco_sock_release(struct socket *sock)
836 {
837 	struct sock *sk = sock->sk;
838 	int err = 0;
839 
840 	BT_DBG("sock %p, sk %p", sock, sk);
841 
842 	if (!sk)
843 		return 0;
844 
845 	sco_sock_close(sk);
846 
847 	if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) {
848 		lock_sock(sk);
849 		err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
850 		release_sock(sk);
851 	}
852 
853 	sock_orphan(sk);
854 	sco_sock_kill(sk);
855 	return err;
856 }
857 
858 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent)
859 {
860 	BT_DBG("conn %p", conn);
861 
862 	sco_pi(sk)->conn = conn;
863 	conn->sk = sk;
864 
865 	if (parent)
866 		bt_accept_enqueue(parent, sk);
867 }
868 
869 /* Delete channel.
870  * Must be called on the locked socket. */
871 static void sco_chan_del(struct sock *sk, int err)
872 {
873 	struct sco_conn *conn;
874 
875 	conn = sco_pi(sk)->conn;
876 
877 	BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
878 
879 	if (conn) {
880 		sco_conn_lock(conn);
881 		conn->sk = NULL;
882 		sco_pi(sk)->conn = NULL;
883 		sco_conn_unlock(conn);
884 
885 		if (conn->hcon)
886 			hci_conn_put(conn->hcon);
887 	}
888 
889 	sk->sk_state = BT_CLOSED;
890 	sk->sk_err   = err;
891 	sk->sk_state_change(sk);
892 
893 	sock_set_flag(sk, SOCK_ZAPPED);
894 }
895 
896 static void sco_conn_ready(struct sco_conn *conn)
897 {
898 	struct sock *parent;
899 	struct sock *sk = conn->sk;
900 
901 	BT_DBG("conn %p", conn);
902 
903 	sco_conn_lock(conn);
904 
905 	if (sk) {
906 		sco_sock_clear_timer(sk);
907 		bh_lock_sock(sk);
908 		sk->sk_state = BT_CONNECTED;
909 		sk->sk_state_change(sk);
910 		bh_unlock_sock(sk);
911 	} else {
912 		parent = sco_get_sock_listen(conn->src);
913 		if (!parent)
914 			goto done;
915 
916 		bh_lock_sock(parent);
917 
918 		sk = sco_sock_alloc(sock_net(parent), NULL,
919 				    BTPROTO_SCO, GFP_ATOMIC);
920 		if (!sk) {
921 			bh_unlock_sock(parent);
922 			goto done;
923 		}
924 
925 		sco_sock_init(sk, parent);
926 
927 		bacpy(&bt_sk(sk)->src, conn->src);
928 		bacpy(&bt_sk(sk)->dst, conn->dst);
929 
930 		hci_conn_hold(conn->hcon);
931 		__sco_chan_add(conn, sk, parent);
932 
933 		if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
934 			sk->sk_state = BT_CONNECT2;
935 		else
936 			sk->sk_state = BT_CONNECTED;
937 
938 		/* Wake up parent */
939 		parent->sk_data_ready(parent, 1);
940 
941 		bh_unlock_sock(parent);
942 	}
943 
944 done:
945 	sco_conn_unlock(conn);
946 }
947 
948 /* ----- SCO interface with lower layer (HCI) ----- */
949 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
950 {
951 	struct sock *sk;
952 	struct hlist_node *node;
953 	int lm = 0;
954 
955 	BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
956 
957 	/* Find listening sockets */
958 	read_lock(&sco_sk_list.lock);
959 	sk_for_each(sk, node, &sco_sk_list.head) {
960 		if (sk->sk_state != BT_LISTEN)
961 			continue;
962 
963 		if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr) ||
964 		    !bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
965 			lm |= HCI_LM_ACCEPT;
966 
967 			if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
968 				*flags |= HCI_PROTO_DEFER;
969 			break;
970 		}
971 	}
972 	read_unlock(&sco_sk_list.lock);
973 
974 	return lm;
975 }
976 
977 void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
978 {
979 	BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
980 	if (!status) {
981 		struct sco_conn *conn;
982 
983 		conn = sco_conn_add(hcon);
984 		if (conn)
985 			sco_conn_ready(conn);
986 	} else
987 		sco_conn_del(hcon, bt_to_errno(status));
988 }
989 
990 void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
991 {
992 	BT_DBG("hcon %p reason %d", hcon, reason);
993 
994 	sco_conn_del(hcon, bt_to_errno(reason));
995 }
996 
997 int sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
998 {
999 	struct sco_conn *conn = hcon->sco_data;
1000 
1001 	if (!conn)
1002 		goto drop;
1003 
1004 	BT_DBG("conn %p len %d", conn, skb->len);
1005 
1006 	if (skb->len) {
1007 		sco_recv_frame(conn, skb);
1008 		return 0;
1009 	}
1010 
1011 drop:
1012 	kfree_skb(skb);
1013 	return 0;
1014 }
1015 
1016 static int sco_debugfs_show(struct seq_file *f, void *p)
1017 {
1018 	struct sock *sk;
1019 	struct hlist_node *node;
1020 
1021 	read_lock(&sco_sk_list.lock);
1022 
1023 	sk_for_each(sk, node, &sco_sk_list.head) {
1024 		seq_printf(f, "%pMR %pMR %d\n", &bt_sk(sk)->src,
1025 			   &bt_sk(sk)->dst, sk->sk_state);
1026 	}
1027 
1028 	read_unlock(&sco_sk_list.lock);
1029 
1030 	return 0;
1031 }
1032 
1033 static int sco_debugfs_open(struct inode *inode, struct file *file)
1034 {
1035 	return single_open(file, sco_debugfs_show, inode->i_private);
1036 }
1037 
1038 static const struct file_operations sco_debugfs_fops = {
1039 	.open		= sco_debugfs_open,
1040 	.read		= seq_read,
1041 	.llseek		= seq_lseek,
1042 	.release	= single_release,
1043 };
1044 
1045 static struct dentry *sco_debugfs;
1046 
1047 static const struct proto_ops sco_sock_ops = {
1048 	.family		= PF_BLUETOOTH,
1049 	.owner		= THIS_MODULE,
1050 	.release	= sco_sock_release,
1051 	.bind		= sco_sock_bind,
1052 	.connect	= sco_sock_connect,
1053 	.listen		= sco_sock_listen,
1054 	.accept		= sco_sock_accept,
1055 	.getname	= sco_sock_getname,
1056 	.sendmsg	= sco_sock_sendmsg,
1057 	.recvmsg	= sco_sock_recvmsg,
1058 	.poll		= bt_sock_poll,
1059 	.ioctl		= bt_sock_ioctl,
1060 	.mmap		= sock_no_mmap,
1061 	.socketpair	= sock_no_socketpair,
1062 	.shutdown	= sco_sock_shutdown,
1063 	.setsockopt	= sco_sock_setsockopt,
1064 	.getsockopt	= sco_sock_getsockopt
1065 };
1066 
1067 static const struct net_proto_family sco_sock_family_ops = {
1068 	.family	= PF_BLUETOOTH,
1069 	.owner	= THIS_MODULE,
1070 	.create	= sco_sock_create,
1071 };
1072 
1073 int __init sco_init(void)
1074 {
1075 	int err;
1076 
1077 	err = proto_register(&sco_proto, 0);
1078 	if (err < 0)
1079 		return err;
1080 
1081 	err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1082 	if (err < 0) {
1083 		BT_ERR("SCO socket registration failed");
1084 		goto error;
1085 	}
1086 
1087 	err = bt_procfs_init(THIS_MODULE, &init_net, "sco", &sco_sk_list, NULL);
1088 	if (err < 0) {
1089 		BT_ERR("Failed to create SCO proc file");
1090 		bt_sock_unregister(BTPROTO_SCO);
1091 		goto error;
1092 	}
1093 
1094 	if (bt_debugfs) {
1095 		sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1096 						  NULL, &sco_debugfs_fops);
1097 		if (!sco_debugfs)
1098 			BT_ERR("Failed to create SCO debug file");
1099 	}
1100 
1101 	BT_INFO("SCO socket layer initialized");
1102 
1103 	return 0;
1104 
1105 error:
1106 	proto_unregister(&sco_proto);
1107 	return err;
1108 }
1109 
1110 void __exit sco_exit(void)
1111 {
1112 	bt_procfs_cleanup(&init_net, "sco");
1113 
1114 	debugfs_remove(sco_debugfs);
1115 
1116 	if (bt_sock_unregister(BTPROTO_SCO) < 0)
1117 		BT_ERR("SCO socket unregistration failed");
1118 
1119 	proto_unregister(&sco_proto);
1120 }
1121 
1122 module_param(disable_esco, bool, 0644);
1123 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1124