1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth SCO sockets. */ 26 27 #include <linux/module.h> 28 #include <linux/debugfs.h> 29 #include <linux/seq_file.h> 30 #include <linux/sched/signal.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/sco.h> 35 36 static bool disable_esco; 37 38 static const struct proto_ops sco_sock_ops; 39 40 static struct bt_sock_list sco_sk_list = { 41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 42 }; 43 44 /* ---- SCO connections ---- */ 45 struct sco_conn { 46 struct hci_conn *hcon; 47 48 spinlock_t lock; 49 struct sock *sk; 50 51 struct delayed_work timeout_work; 52 53 unsigned int mtu; 54 }; 55 56 #define sco_conn_lock(c) spin_lock(&c->lock) 57 #define sco_conn_unlock(c) spin_unlock(&c->lock) 58 59 static void sco_sock_close(struct sock *sk); 60 static void sco_sock_kill(struct sock *sk); 61 62 /* ----- SCO socket info ----- */ 63 #define sco_pi(sk) ((struct sco_pinfo *) sk) 64 65 struct sco_pinfo { 66 struct bt_sock bt; 67 bdaddr_t src; 68 bdaddr_t dst; 69 __u32 flags; 70 __u16 setting; 71 struct bt_codec codec; 72 struct sco_conn *conn; 73 }; 74 75 /* ---- SCO timers ---- */ 76 #define SCO_CONN_TIMEOUT (HZ * 40) 77 #define SCO_DISCONN_TIMEOUT (HZ * 2) 78 79 static void sco_sock_timeout(struct work_struct *work) 80 { 81 struct sco_conn *conn = container_of(work, struct sco_conn, 82 timeout_work.work); 83 struct sock *sk; 84 85 sco_conn_lock(conn); 86 sk = conn->sk; 87 if (sk) 88 sock_hold(sk); 89 sco_conn_unlock(conn); 90 91 if (!sk) 92 return; 93 94 BT_DBG("sock %p state %d", sk, sk->sk_state); 95 96 lock_sock(sk); 97 sk->sk_err = ETIMEDOUT; 98 sk->sk_state_change(sk); 99 release_sock(sk); 100 sock_put(sk); 101 } 102 103 static void sco_sock_set_timer(struct sock *sk, long timeout) 104 { 105 if (!sco_pi(sk)->conn) 106 return; 107 108 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 109 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 110 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout); 111 } 112 113 static void sco_sock_clear_timer(struct sock *sk) 114 { 115 if (!sco_pi(sk)->conn) 116 return; 117 118 BT_DBG("sock %p state %d", sk, sk->sk_state); 119 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 120 } 121 122 /* ---- SCO connections ---- */ 123 static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 124 { 125 struct hci_dev *hdev = hcon->hdev; 126 struct sco_conn *conn = hcon->sco_data; 127 128 if (conn) { 129 if (!conn->hcon) 130 conn->hcon = hcon; 131 return conn; 132 } 133 134 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); 135 if (!conn) 136 return NULL; 137 138 spin_lock_init(&conn->lock); 139 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout); 140 141 hcon->sco_data = conn; 142 conn->hcon = hcon; 143 144 if (hdev->sco_mtu > 0) 145 conn->mtu = hdev->sco_mtu; 146 else 147 conn->mtu = 60; 148 149 BT_DBG("hcon %p conn %p", hcon, conn); 150 151 return conn; 152 } 153 154 /* Delete channel. 155 * Must be called on the locked socket. */ 156 static void sco_chan_del(struct sock *sk, int err) 157 { 158 struct sco_conn *conn; 159 160 conn = sco_pi(sk)->conn; 161 162 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 163 164 if (conn) { 165 sco_conn_lock(conn); 166 conn->sk = NULL; 167 sco_pi(sk)->conn = NULL; 168 sco_conn_unlock(conn); 169 170 if (conn->hcon) 171 hci_conn_drop(conn->hcon); 172 } 173 174 sk->sk_state = BT_CLOSED; 175 sk->sk_err = err; 176 sk->sk_state_change(sk); 177 178 sock_set_flag(sk, SOCK_ZAPPED); 179 } 180 181 static void sco_conn_del(struct hci_conn *hcon, int err) 182 { 183 struct sco_conn *conn = hcon->sco_data; 184 struct sock *sk; 185 186 if (!conn) 187 return; 188 189 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 190 191 /* Kill socket */ 192 sco_conn_lock(conn); 193 sk = conn->sk; 194 if (sk) 195 sock_hold(sk); 196 sco_conn_unlock(conn); 197 198 if (sk) { 199 lock_sock(sk); 200 sco_sock_clear_timer(sk); 201 sco_chan_del(sk, err); 202 release_sock(sk); 203 sock_put(sk); 204 } 205 206 /* Ensure no more work items will run before freeing conn. */ 207 cancel_delayed_work_sync(&conn->timeout_work); 208 209 hcon->sco_data = NULL; 210 kfree(conn); 211 } 212 213 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, 214 struct sock *parent) 215 { 216 BT_DBG("conn %p", conn); 217 218 sco_pi(sk)->conn = conn; 219 conn->sk = sk; 220 221 if (parent) 222 bt_accept_enqueue(parent, sk, true); 223 } 224 225 static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 226 struct sock *parent) 227 { 228 int err = 0; 229 230 sco_conn_lock(conn); 231 if (conn->sk) 232 err = -EBUSY; 233 else 234 __sco_chan_add(conn, sk, parent); 235 236 sco_conn_unlock(conn); 237 return err; 238 } 239 240 static int sco_connect(struct sock *sk) 241 { 242 struct sco_conn *conn; 243 struct hci_conn *hcon; 244 struct hci_dev *hdev; 245 int err, type; 246 247 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 248 249 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 250 if (!hdev) 251 return -EHOSTUNREACH; 252 253 hci_dev_lock(hdev); 254 255 if (lmp_esco_capable(hdev) && !disable_esco) 256 type = ESCO_LINK; 257 else 258 type = SCO_LINK; 259 260 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT && 261 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) { 262 err = -EOPNOTSUPP; 263 goto unlock; 264 } 265 266 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, 267 sco_pi(sk)->setting, &sco_pi(sk)->codec, 268 sk->sk_sndtimeo); 269 if (IS_ERR(hcon)) { 270 err = PTR_ERR(hcon); 271 goto unlock; 272 } 273 274 conn = sco_conn_add(hcon); 275 if (!conn) { 276 hci_conn_drop(hcon); 277 err = -ENOMEM; 278 goto unlock; 279 } 280 281 lock_sock(sk); 282 283 err = sco_chan_add(conn, sk, NULL); 284 if (err) { 285 release_sock(sk); 286 goto unlock; 287 } 288 289 /* Update source addr of the socket */ 290 bacpy(&sco_pi(sk)->src, &hcon->src); 291 292 if (hcon->state == BT_CONNECTED) { 293 sco_sock_clear_timer(sk); 294 sk->sk_state = BT_CONNECTED; 295 } else { 296 sk->sk_state = BT_CONNECT; 297 sco_sock_set_timer(sk, sk->sk_sndtimeo); 298 } 299 300 release_sock(sk); 301 302 unlock: 303 hci_dev_unlock(hdev); 304 hci_dev_put(hdev); 305 return err; 306 } 307 308 static int sco_send_frame(struct sock *sk, struct sk_buff *skb) 309 { 310 struct sco_conn *conn = sco_pi(sk)->conn; 311 int len = skb->len; 312 313 /* Check outgoing MTU */ 314 if (len > conn->mtu) 315 return -EINVAL; 316 317 BT_DBG("sk %p len %d", sk, len); 318 319 hci_send_sco(conn->hcon, skb); 320 321 return len; 322 } 323 324 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 325 { 326 struct sock *sk; 327 328 sco_conn_lock(conn); 329 sk = conn->sk; 330 sco_conn_unlock(conn); 331 332 if (!sk) 333 goto drop; 334 335 BT_DBG("sk %p len %u", sk, skb->len); 336 337 if (sk->sk_state != BT_CONNECTED) 338 goto drop; 339 340 if (!sock_queue_rcv_skb(sk, skb)) 341 return; 342 343 drop: 344 kfree_skb(skb); 345 } 346 347 /* -------- Socket interface ---------- */ 348 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 349 { 350 struct sock *sk; 351 352 sk_for_each(sk, &sco_sk_list.head) { 353 if (sk->sk_state != BT_LISTEN) 354 continue; 355 356 if (!bacmp(&sco_pi(sk)->src, ba)) 357 return sk; 358 } 359 360 return NULL; 361 } 362 363 /* Find socket listening on source bdaddr. 364 * Returns closest match. 365 */ 366 static struct sock *sco_get_sock_listen(bdaddr_t *src) 367 { 368 struct sock *sk = NULL, *sk1 = NULL; 369 370 read_lock(&sco_sk_list.lock); 371 372 sk_for_each(sk, &sco_sk_list.head) { 373 if (sk->sk_state != BT_LISTEN) 374 continue; 375 376 /* Exact match. */ 377 if (!bacmp(&sco_pi(sk)->src, src)) 378 break; 379 380 /* Closest match */ 381 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 382 sk1 = sk; 383 } 384 385 read_unlock(&sco_sk_list.lock); 386 387 return sk ? sk : sk1; 388 } 389 390 static void sco_sock_destruct(struct sock *sk) 391 { 392 BT_DBG("sk %p", sk); 393 394 skb_queue_purge(&sk->sk_receive_queue); 395 skb_queue_purge(&sk->sk_write_queue); 396 } 397 398 static void sco_sock_cleanup_listen(struct sock *parent) 399 { 400 struct sock *sk; 401 402 BT_DBG("parent %p", parent); 403 404 /* Close not yet accepted channels */ 405 while ((sk = bt_accept_dequeue(parent, NULL))) { 406 sco_sock_close(sk); 407 sco_sock_kill(sk); 408 } 409 410 parent->sk_state = BT_CLOSED; 411 sock_set_flag(parent, SOCK_ZAPPED); 412 } 413 414 /* Kill socket (only if zapped and orphan) 415 * Must be called on unlocked socket. 416 */ 417 static void sco_sock_kill(struct sock *sk) 418 { 419 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 420 return; 421 422 BT_DBG("sk %p state %d", sk, sk->sk_state); 423 424 /* Kill poor orphan */ 425 bt_sock_unlink(&sco_sk_list, sk); 426 sock_set_flag(sk, SOCK_DEAD); 427 sock_put(sk); 428 } 429 430 static void __sco_sock_close(struct sock *sk) 431 { 432 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 433 434 switch (sk->sk_state) { 435 case BT_LISTEN: 436 sco_sock_cleanup_listen(sk); 437 break; 438 439 case BT_CONNECTED: 440 case BT_CONFIG: 441 if (sco_pi(sk)->conn->hcon) { 442 sk->sk_state = BT_DISCONN; 443 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 444 sco_conn_lock(sco_pi(sk)->conn); 445 hci_conn_drop(sco_pi(sk)->conn->hcon); 446 sco_pi(sk)->conn->hcon = NULL; 447 sco_conn_unlock(sco_pi(sk)->conn); 448 } else 449 sco_chan_del(sk, ECONNRESET); 450 break; 451 452 case BT_CONNECT2: 453 case BT_CONNECT: 454 case BT_DISCONN: 455 sco_chan_del(sk, ECONNRESET); 456 break; 457 458 default: 459 sock_set_flag(sk, SOCK_ZAPPED); 460 break; 461 } 462 463 } 464 465 /* Must be called on unlocked socket. */ 466 static void sco_sock_close(struct sock *sk) 467 { 468 lock_sock(sk); 469 sco_sock_clear_timer(sk); 470 __sco_sock_close(sk); 471 release_sock(sk); 472 } 473 474 static void sco_sock_init(struct sock *sk, struct sock *parent) 475 { 476 BT_DBG("sk %p", sk); 477 478 if (parent) { 479 sk->sk_type = parent->sk_type; 480 bt_sk(sk)->flags = bt_sk(parent)->flags; 481 security_sk_clone(parent, sk); 482 } 483 } 484 485 static struct proto sco_proto = { 486 .name = "SCO", 487 .owner = THIS_MODULE, 488 .obj_size = sizeof(struct sco_pinfo) 489 }; 490 491 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, 492 int proto, gfp_t prio, int kern) 493 { 494 struct sock *sk; 495 496 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern); 497 if (!sk) 498 return NULL; 499 500 sk->sk_destruct = sco_sock_destruct; 501 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 502 503 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 504 sco_pi(sk)->codec.id = BT_CODEC_CVSD; 505 sco_pi(sk)->codec.cid = 0xffff; 506 sco_pi(sk)->codec.vid = 0xffff; 507 sco_pi(sk)->codec.data_path = 0x00; 508 509 bt_sock_link(&sco_sk_list, sk); 510 return sk; 511 } 512 513 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 514 int kern) 515 { 516 struct sock *sk; 517 518 BT_DBG("sock %p", sock); 519 520 sock->state = SS_UNCONNECTED; 521 522 if (sock->type != SOCK_SEQPACKET) 523 return -ESOCKTNOSUPPORT; 524 525 sock->ops = &sco_sock_ops; 526 527 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 528 if (!sk) 529 return -ENOMEM; 530 531 sco_sock_init(sk, NULL); 532 return 0; 533 } 534 535 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, 536 int addr_len) 537 { 538 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 539 struct sock *sk = sock->sk; 540 int err = 0; 541 542 if (!addr || addr_len < sizeof(struct sockaddr_sco) || 543 addr->sa_family != AF_BLUETOOTH) 544 return -EINVAL; 545 546 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 547 548 lock_sock(sk); 549 550 if (sk->sk_state != BT_OPEN) { 551 err = -EBADFD; 552 goto done; 553 } 554 555 if (sk->sk_type != SOCK_SEQPACKET) { 556 err = -EINVAL; 557 goto done; 558 } 559 560 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 561 562 sk->sk_state = BT_BOUND; 563 564 done: 565 release_sock(sk); 566 return err; 567 } 568 569 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 570 { 571 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 572 struct sock *sk = sock->sk; 573 int err; 574 575 BT_DBG("sk %p", sk); 576 577 if (alen < sizeof(struct sockaddr_sco) || 578 addr->sa_family != AF_BLUETOOTH) 579 return -EINVAL; 580 581 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 582 return -EBADFD; 583 584 if (sk->sk_type != SOCK_SEQPACKET) 585 err = -EINVAL; 586 587 lock_sock(sk); 588 /* Set destination address and psm */ 589 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 590 release_sock(sk); 591 592 err = sco_connect(sk); 593 if (err) 594 return err; 595 596 lock_sock(sk); 597 598 err = bt_sock_wait_state(sk, BT_CONNECTED, 599 sock_sndtimeo(sk, flags & O_NONBLOCK)); 600 601 release_sock(sk); 602 return err; 603 } 604 605 static int sco_sock_listen(struct socket *sock, int backlog) 606 { 607 struct sock *sk = sock->sk; 608 bdaddr_t *src = &sco_pi(sk)->src; 609 int err = 0; 610 611 BT_DBG("sk %p backlog %d", sk, backlog); 612 613 lock_sock(sk); 614 615 if (sk->sk_state != BT_BOUND) { 616 err = -EBADFD; 617 goto done; 618 } 619 620 if (sk->sk_type != SOCK_SEQPACKET) { 621 err = -EINVAL; 622 goto done; 623 } 624 625 write_lock(&sco_sk_list.lock); 626 627 if (__sco_get_sock_listen_by_addr(src)) { 628 err = -EADDRINUSE; 629 goto unlock; 630 } 631 632 sk->sk_max_ack_backlog = backlog; 633 sk->sk_ack_backlog = 0; 634 635 sk->sk_state = BT_LISTEN; 636 637 unlock: 638 write_unlock(&sco_sk_list.lock); 639 640 done: 641 release_sock(sk); 642 return err; 643 } 644 645 static int sco_sock_accept(struct socket *sock, struct socket *newsock, 646 int flags, bool kern) 647 { 648 DEFINE_WAIT_FUNC(wait, woken_wake_function); 649 struct sock *sk = sock->sk, *ch; 650 long timeo; 651 int err = 0; 652 653 lock_sock(sk); 654 655 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 656 657 BT_DBG("sk %p timeo %ld", sk, timeo); 658 659 /* Wait for an incoming connection. (wake-one). */ 660 add_wait_queue_exclusive(sk_sleep(sk), &wait); 661 while (1) { 662 if (sk->sk_state != BT_LISTEN) { 663 err = -EBADFD; 664 break; 665 } 666 667 ch = bt_accept_dequeue(sk, newsock); 668 if (ch) 669 break; 670 671 if (!timeo) { 672 err = -EAGAIN; 673 break; 674 } 675 676 if (signal_pending(current)) { 677 err = sock_intr_errno(timeo); 678 break; 679 } 680 681 release_sock(sk); 682 683 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 684 lock_sock(sk); 685 } 686 remove_wait_queue(sk_sleep(sk), &wait); 687 688 if (err) 689 goto done; 690 691 newsock->state = SS_CONNECTED; 692 693 BT_DBG("new socket %p", ch); 694 695 done: 696 release_sock(sk); 697 return err; 698 } 699 700 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, 701 int peer) 702 { 703 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 704 struct sock *sk = sock->sk; 705 706 BT_DBG("sock %p, sk %p", sock, sk); 707 708 addr->sa_family = AF_BLUETOOTH; 709 710 if (peer) 711 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 712 else 713 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 714 715 return sizeof(struct sockaddr_sco); 716 } 717 718 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, 719 size_t len) 720 { 721 struct sock *sk = sock->sk; 722 struct sk_buff *skb; 723 int err; 724 725 BT_DBG("sock %p, sk %p", sock, sk); 726 727 err = sock_error(sk); 728 if (err) 729 return err; 730 731 if (msg->msg_flags & MSG_OOB) 732 return -EOPNOTSUPP; 733 734 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0); 735 if (IS_ERR(skb)) 736 return PTR_ERR(skb); 737 738 lock_sock(sk); 739 740 if (sk->sk_state == BT_CONNECTED) 741 err = sco_send_frame(sk, skb); 742 else 743 err = -ENOTCONN; 744 745 release_sock(sk); 746 747 if (err < 0) 748 kfree_skb(skb); 749 return err; 750 } 751 752 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 753 { 754 struct hci_dev *hdev = conn->hdev; 755 756 BT_DBG("conn %p", conn); 757 758 conn->state = BT_CONFIG; 759 760 if (!lmp_esco_capable(hdev)) { 761 struct hci_cp_accept_conn_req cp; 762 763 bacpy(&cp.bdaddr, &conn->dst); 764 cp.role = 0x00; /* Ignored */ 765 766 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 767 } else { 768 struct hci_cp_accept_sync_conn_req cp; 769 770 bacpy(&cp.bdaddr, &conn->dst); 771 cp.pkt_type = cpu_to_le16(conn->pkt_type); 772 773 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 774 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 775 cp.content_format = cpu_to_le16(setting); 776 777 switch (setting & SCO_AIRMODE_MASK) { 778 case SCO_AIRMODE_TRANSP: 779 if (conn->pkt_type & ESCO_2EV3) 780 cp.max_latency = cpu_to_le16(0x0008); 781 else 782 cp.max_latency = cpu_to_le16(0x000D); 783 cp.retrans_effort = 0x02; 784 break; 785 case SCO_AIRMODE_CVSD: 786 cp.max_latency = cpu_to_le16(0xffff); 787 cp.retrans_effort = 0xff; 788 break; 789 default: 790 /* use CVSD settings as fallback */ 791 cp.max_latency = cpu_to_le16(0xffff); 792 cp.retrans_effort = 0xff; 793 break; 794 } 795 796 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 797 sizeof(cp), &cp); 798 } 799 } 800 801 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, 802 size_t len, int flags) 803 { 804 struct sock *sk = sock->sk; 805 struct sco_pinfo *pi = sco_pi(sk); 806 807 lock_sock(sk); 808 809 if (sk->sk_state == BT_CONNECT2 && 810 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 811 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 812 sk->sk_state = BT_CONFIG; 813 814 release_sock(sk); 815 return 0; 816 } 817 818 release_sock(sk); 819 820 return bt_sock_recvmsg(sock, msg, len, flags); 821 } 822 823 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, 824 sockptr_t optval, unsigned int optlen) 825 { 826 struct sock *sk = sock->sk; 827 int err = 0; 828 struct bt_voice voice; 829 u32 opt; 830 struct bt_codecs *codecs; 831 struct hci_dev *hdev; 832 __u8 buffer[255]; 833 834 BT_DBG("sk %p", sk); 835 836 lock_sock(sk); 837 838 switch (optname) { 839 840 case BT_DEFER_SETUP: 841 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 842 err = -EINVAL; 843 break; 844 } 845 846 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen); 847 if (err) 848 break; 849 850 if (opt) 851 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 852 else 853 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 854 break; 855 856 case BT_VOICE: 857 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 858 sk->sk_state != BT_CONNECT2) { 859 err = -EINVAL; 860 break; 861 } 862 863 voice.setting = sco_pi(sk)->setting; 864 865 err = bt_copy_from_sockptr(&voice, sizeof(voice), optval, 866 optlen); 867 if (err) 868 break; 869 870 /* Explicitly check for these values */ 871 if (voice.setting != BT_VOICE_TRANSPARENT && 872 voice.setting != BT_VOICE_CVSD_16BIT) { 873 err = -EINVAL; 874 break; 875 } 876 877 sco_pi(sk)->setting = voice.setting; 878 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 879 BDADDR_BREDR); 880 if (!hdev) { 881 err = -EBADFD; 882 break; 883 } 884 if (enhanced_sync_conn_capable(hdev) && 885 voice.setting == BT_VOICE_TRANSPARENT) 886 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT; 887 hci_dev_put(hdev); 888 break; 889 890 case BT_PKT_STATUS: 891 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen); 892 if (err) 893 break; 894 895 if (opt) 896 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 897 else 898 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 899 break; 900 901 case BT_CODEC: 902 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 903 sk->sk_state != BT_CONNECT2) { 904 err = -EINVAL; 905 break; 906 } 907 908 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 909 BDADDR_BREDR); 910 if (!hdev) { 911 err = -EBADFD; 912 break; 913 } 914 915 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 916 hci_dev_put(hdev); 917 err = -EOPNOTSUPP; 918 break; 919 } 920 921 if (!hdev->get_data_path_id) { 922 hci_dev_put(hdev); 923 err = -EOPNOTSUPP; 924 break; 925 } 926 927 if (optlen < sizeof(struct bt_codecs) || 928 optlen > sizeof(buffer)) { 929 hci_dev_put(hdev); 930 err = -EINVAL; 931 break; 932 } 933 934 err = bt_copy_from_sockptr(buffer, optlen, optval, optlen); 935 if (err) { 936 hci_dev_put(hdev); 937 break; 938 } 939 940 codecs = (void *)buffer; 941 942 if (codecs->num_codecs > 1) { 943 hci_dev_put(hdev); 944 err = -EINVAL; 945 break; 946 } 947 948 sco_pi(sk)->codec = codecs->codecs[0]; 949 hci_dev_put(hdev); 950 break; 951 952 default: 953 err = -ENOPROTOOPT; 954 break; 955 } 956 957 release_sock(sk); 958 return err; 959 } 960 961 static int sco_sock_getsockopt_old(struct socket *sock, int optname, 962 char __user *optval, int __user *optlen) 963 { 964 struct sock *sk = sock->sk; 965 struct sco_options opts; 966 struct sco_conninfo cinfo; 967 int err = 0; 968 size_t len; 969 970 BT_DBG("sk %p", sk); 971 972 if (get_user(len, optlen)) 973 return -EFAULT; 974 975 lock_sock(sk); 976 977 switch (optname) { 978 case SCO_OPTIONS: 979 if (sk->sk_state != BT_CONNECTED && 980 !(sk->sk_state == BT_CONNECT2 && 981 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 982 err = -ENOTCONN; 983 break; 984 } 985 986 opts.mtu = sco_pi(sk)->conn->mtu; 987 988 BT_DBG("mtu %u", opts.mtu); 989 990 len = min(len, sizeof(opts)); 991 if (copy_to_user(optval, (char *)&opts, len)) 992 err = -EFAULT; 993 994 break; 995 996 case SCO_CONNINFO: 997 if (sk->sk_state != BT_CONNECTED && 998 !(sk->sk_state == BT_CONNECT2 && 999 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1000 err = -ENOTCONN; 1001 break; 1002 } 1003 1004 memset(&cinfo, 0, sizeof(cinfo)); 1005 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 1006 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 1007 1008 len = min(len, sizeof(cinfo)); 1009 if (copy_to_user(optval, (char *)&cinfo, len)) 1010 err = -EFAULT; 1011 1012 break; 1013 1014 default: 1015 err = -ENOPROTOOPT; 1016 break; 1017 } 1018 1019 release_sock(sk); 1020 return err; 1021 } 1022 1023 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, 1024 char __user *optval, int __user *optlen) 1025 { 1026 struct sock *sk = sock->sk; 1027 int len, err = 0; 1028 struct bt_voice voice; 1029 u32 phys; 1030 int buf_len; 1031 struct codec_list *c; 1032 u8 num_codecs, i, __user *ptr; 1033 struct hci_dev *hdev; 1034 struct hci_codec_caps *caps; 1035 struct bt_codec codec; 1036 1037 BT_DBG("sk %p", sk); 1038 1039 if (level == SOL_SCO) 1040 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 1041 1042 if (get_user(len, optlen)) 1043 return -EFAULT; 1044 1045 lock_sock(sk); 1046 1047 switch (optname) { 1048 1049 case BT_DEFER_SETUP: 1050 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1051 err = -EINVAL; 1052 break; 1053 } 1054 1055 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1056 (u32 __user *)optval)) 1057 err = -EFAULT; 1058 1059 break; 1060 1061 case BT_VOICE: 1062 voice.setting = sco_pi(sk)->setting; 1063 1064 len = min_t(unsigned int, len, sizeof(voice)); 1065 if (copy_to_user(optval, (char *)&voice, len)) 1066 err = -EFAULT; 1067 1068 break; 1069 1070 case BT_PHY: 1071 if (sk->sk_state != BT_CONNECTED) { 1072 err = -ENOTCONN; 1073 break; 1074 } 1075 1076 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon); 1077 1078 if (put_user(phys, (u32 __user *) optval)) 1079 err = -EFAULT; 1080 break; 1081 1082 case BT_PKT_STATUS: 1083 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags), 1084 (int __user *)optval)) 1085 err = -EFAULT; 1086 break; 1087 1088 case BT_SNDMTU: 1089 case BT_RCVMTU: 1090 if (sk->sk_state != BT_CONNECTED) { 1091 err = -ENOTCONN; 1092 break; 1093 } 1094 1095 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval)) 1096 err = -EFAULT; 1097 break; 1098 1099 case BT_CODEC: 1100 num_codecs = 0; 1101 buf_len = 0; 1102 1103 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 1104 if (!hdev) { 1105 err = -EBADFD; 1106 break; 1107 } 1108 1109 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 1110 hci_dev_put(hdev); 1111 err = -EOPNOTSUPP; 1112 break; 1113 } 1114 1115 if (!hdev->get_data_path_id) { 1116 hci_dev_put(hdev); 1117 err = -EOPNOTSUPP; 1118 break; 1119 } 1120 1121 release_sock(sk); 1122 1123 /* find total buffer size required to copy codec + caps */ 1124 hci_dev_lock(hdev); 1125 list_for_each_entry(c, &hdev->local_codecs, list) { 1126 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1127 continue; 1128 num_codecs++; 1129 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1130 buf_len += 1 + caps->len; 1131 caps = (void *)&caps->data[caps->len]; 1132 } 1133 buf_len += sizeof(struct bt_codec); 1134 } 1135 hci_dev_unlock(hdev); 1136 1137 buf_len += sizeof(struct bt_codecs); 1138 if (buf_len > len) { 1139 hci_dev_put(hdev); 1140 return -ENOBUFS; 1141 } 1142 ptr = optval; 1143 1144 if (put_user(num_codecs, ptr)) { 1145 hci_dev_put(hdev); 1146 return -EFAULT; 1147 } 1148 ptr += sizeof(num_codecs); 1149 1150 /* Iterate all the codecs supported over SCO and populate 1151 * codec data 1152 */ 1153 hci_dev_lock(hdev); 1154 list_for_each_entry(c, &hdev->local_codecs, list) { 1155 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1156 continue; 1157 1158 codec.id = c->id; 1159 codec.cid = c->cid; 1160 codec.vid = c->vid; 1161 err = hdev->get_data_path_id(hdev, &codec.data_path); 1162 if (err < 0) 1163 break; 1164 codec.num_caps = c->num_caps; 1165 if (copy_to_user(ptr, &codec, sizeof(codec))) { 1166 err = -EFAULT; 1167 break; 1168 } 1169 ptr += sizeof(codec); 1170 1171 /* find codec capabilities data length */ 1172 len = 0; 1173 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1174 len += 1 + caps->len; 1175 caps = (void *)&caps->data[caps->len]; 1176 } 1177 1178 /* copy codec capabilities data */ 1179 if (len && copy_to_user(ptr, c->caps, len)) { 1180 err = -EFAULT; 1181 break; 1182 } 1183 ptr += len; 1184 } 1185 1186 hci_dev_unlock(hdev); 1187 hci_dev_put(hdev); 1188 1189 lock_sock(sk); 1190 1191 if (!err && put_user(buf_len, optlen)) 1192 err = -EFAULT; 1193 1194 break; 1195 1196 default: 1197 err = -ENOPROTOOPT; 1198 break; 1199 } 1200 1201 release_sock(sk); 1202 return err; 1203 } 1204 1205 static int sco_sock_shutdown(struct socket *sock, int how) 1206 { 1207 struct sock *sk = sock->sk; 1208 int err = 0; 1209 1210 BT_DBG("sock %p, sk %p", sock, sk); 1211 1212 if (!sk) 1213 return 0; 1214 1215 sock_hold(sk); 1216 lock_sock(sk); 1217 1218 if (!sk->sk_shutdown) { 1219 sk->sk_shutdown = SHUTDOWN_MASK; 1220 sco_sock_clear_timer(sk); 1221 __sco_sock_close(sk); 1222 1223 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1224 !(current->flags & PF_EXITING)) 1225 err = bt_sock_wait_state(sk, BT_CLOSED, 1226 sk->sk_lingertime); 1227 } 1228 1229 release_sock(sk); 1230 sock_put(sk); 1231 1232 return err; 1233 } 1234 1235 static int sco_sock_release(struct socket *sock) 1236 { 1237 struct sock *sk = sock->sk; 1238 int err = 0; 1239 1240 BT_DBG("sock %p, sk %p", sock, sk); 1241 1242 if (!sk) 1243 return 0; 1244 1245 sco_sock_close(sk); 1246 1247 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) && 1248 !(current->flags & PF_EXITING)) { 1249 lock_sock(sk); 1250 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1251 release_sock(sk); 1252 } 1253 1254 sock_orphan(sk); 1255 sco_sock_kill(sk); 1256 return err; 1257 } 1258 1259 static void sco_conn_ready(struct sco_conn *conn) 1260 { 1261 struct sock *parent; 1262 struct sock *sk = conn->sk; 1263 1264 BT_DBG("conn %p", conn); 1265 1266 if (sk) { 1267 lock_sock(sk); 1268 sco_sock_clear_timer(sk); 1269 sk->sk_state = BT_CONNECTED; 1270 sk->sk_state_change(sk); 1271 release_sock(sk); 1272 } else { 1273 sco_conn_lock(conn); 1274 1275 if (!conn->hcon) { 1276 sco_conn_unlock(conn); 1277 return; 1278 } 1279 1280 parent = sco_get_sock_listen(&conn->hcon->src); 1281 if (!parent) { 1282 sco_conn_unlock(conn); 1283 return; 1284 } 1285 1286 lock_sock(parent); 1287 1288 sk = sco_sock_alloc(sock_net(parent), NULL, 1289 BTPROTO_SCO, GFP_ATOMIC, 0); 1290 if (!sk) { 1291 release_sock(parent); 1292 sco_conn_unlock(conn); 1293 return; 1294 } 1295 1296 sco_sock_init(sk, parent); 1297 1298 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1299 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1300 1301 hci_conn_hold(conn->hcon); 1302 __sco_chan_add(conn, sk, parent); 1303 1304 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1305 sk->sk_state = BT_CONNECT2; 1306 else 1307 sk->sk_state = BT_CONNECTED; 1308 1309 /* Wake up parent */ 1310 parent->sk_data_ready(parent); 1311 1312 release_sock(parent); 1313 1314 sco_conn_unlock(conn); 1315 } 1316 } 1317 1318 /* ----- SCO interface with lower layer (HCI) ----- */ 1319 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1320 { 1321 struct sock *sk; 1322 int lm = 0; 1323 1324 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1325 1326 /* Find listening sockets */ 1327 read_lock(&sco_sk_list.lock); 1328 sk_for_each(sk, &sco_sk_list.head) { 1329 if (sk->sk_state != BT_LISTEN) 1330 continue; 1331 1332 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1333 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1334 lm |= HCI_LM_ACCEPT; 1335 1336 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1337 *flags |= HCI_PROTO_DEFER; 1338 break; 1339 } 1340 } 1341 read_unlock(&sco_sk_list.lock); 1342 1343 return lm; 1344 } 1345 1346 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1347 { 1348 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1349 return; 1350 1351 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status); 1352 1353 if (!status) { 1354 struct sco_conn *conn; 1355 1356 conn = sco_conn_add(hcon); 1357 if (conn) 1358 sco_conn_ready(conn); 1359 } else 1360 sco_conn_del(hcon, bt_to_errno(status)); 1361 } 1362 1363 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1364 { 1365 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1366 return; 1367 1368 BT_DBG("hcon %p reason %d", hcon, reason); 1369 1370 sco_conn_del(hcon, bt_to_errno(reason)); 1371 } 1372 1373 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 1374 { 1375 struct sco_conn *conn = hcon->sco_data; 1376 1377 if (!conn) 1378 goto drop; 1379 1380 BT_DBG("conn %p len %u", conn, skb->len); 1381 1382 if (skb->len) { 1383 sco_recv_frame(conn, skb); 1384 return; 1385 } 1386 1387 drop: 1388 kfree_skb(skb); 1389 } 1390 1391 static struct hci_cb sco_cb = { 1392 .name = "SCO", 1393 .connect_cfm = sco_connect_cfm, 1394 .disconn_cfm = sco_disconn_cfm, 1395 }; 1396 1397 static int sco_debugfs_show(struct seq_file *f, void *p) 1398 { 1399 struct sock *sk; 1400 1401 read_lock(&sco_sk_list.lock); 1402 1403 sk_for_each(sk, &sco_sk_list.head) { 1404 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1405 &sco_pi(sk)->dst, sk->sk_state); 1406 } 1407 1408 read_unlock(&sco_sk_list.lock); 1409 1410 return 0; 1411 } 1412 1413 DEFINE_SHOW_ATTRIBUTE(sco_debugfs); 1414 1415 static struct dentry *sco_debugfs; 1416 1417 static const struct proto_ops sco_sock_ops = { 1418 .family = PF_BLUETOOTH, 1419 .owner = THIS_MODULE, 1420 .release = sco_sock_release, 1421 .bind = sco_sock_bind, 1422 .connect = sco_sock_connect, 1423 .listen = sco_sock_listen, 1424 .accept = sco_sock_accept, 1425 .getname = sco_sock_getname, 1426 .sendmsg = sco_sock_sendmsg, 1427 .recvmsg = sco_sock_recvmsg, 1428 .poll = bt_sock_poll, 1429 .ioctl = bt_sock_ioctl, 1430 .gettstamp = sock_gettstamp, 1431 .mmap = sock_no_mmap, 1432 .socketpair = sock_no_socketpair, 1433 .shutdown = sco_sock_shutdown, 1434 .setsockopt = sco_sock_setsockopt, 1435 .getsockopt = sco_sock_getsockopt 1436 }; 1437 1438 static const struct net_proto_family sco_sock_family_ops = { 1439 .family = PF_BLUETOOTH, 1440 .owner = THIS_MODULE, 1441 .create = sco_sock_create, 1442 }; 1443 1444 int __init sco_init(void) 1445 { 1446 int err; 1447 1448 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1449 1450 err = proto_register(&sco_proto, 0); 1451 if (err < 0) 1452 return err; 1453 1454 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1455 if (err < 0) { 1456 BT_ERR("SCO socket registration failed"); 1457 goto error; 1458 } 1459 1460 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1461 if (err < 0) { 1462 BT_ERR("Failed to create SCO proc file"); 1463 bt_sock_unregister(BTPROTO_SCO); 1464 goto error; 1465 } 1466 1467 BT_INFO("SCO socket layer initialized"); 1468 1469 hci_register_cb(&sco_cb); 1470 1471 if (IS_ERR_OR_NULL(bt_debugfs)) 1472 return 0; 1473 1474 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1475 NULL, &sco_debugfs_fops); 1476 1477 return 0; 1478 1479 error: 1480 proto_unregister(&sco_proto); 1481 return err; 1482 } 1483 1484 void sco_exit(void) 1485 { 1486 bt_procfs_cleanup(&init_net, "sco"); 1487 1488 debugfs_remove(sco_debugfs); 1489 1490 hci_unregister_cb(&sco_cb); 1491 1492 bt_sock_unregister(BTPROTO_SCO); 1493 1494 proto_unregister(&sco_proto); 1495 } 1496 1497 module_param(disable_esco, bool, 0644); 1498 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1499