1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 BlueZ - Bluetooth protocol stack for Linux 4 Copyright (C) 2000-2001 Qualcomm Incorporated 5 6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 7 8 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 9 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 10 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 11 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 12 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 13 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 17 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 18 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 19 SOFTWARE IS DISCLAIMED. 20 */ 21 22 /* Bluetooth SCO sockets. */ 23 24 #include <linux/module.h> 25 #include <linux/debugfs.h> 26 #include <linux/seq_file.h> 27 #include <linux/sched/signal.h> 28 #include <linux/uio.h> 29 30 #include <net/bluetooth/bluetooth.h> 31 #include <net/bluetooth/hci_core.h> 32 #include <net/bluetooth/sco.h> 33 34 static bool disable_esco; 35 36 static const struct proto_ops sco_sock_ops; 37 38 static struct bt_sock_list sco_sk_list = { 39 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 40 }; 41 42 /* ---- SCO connections ---- */ 43 struct sco_conn { 44 struct hci_conn *hcon; 45 46 spinlock_t lock; 47 struct sock *sk; 48 49 struct delayed_work timeout_work; 50 51 unsigned int mtu; 52 struct kref ref; 53 }; 54 55 #define sco_conn_lock(c) spin_lock(&c->lock) 56 #define sco_conn_unlock(c) spin_unlock(&c->lock) 57 58 static void sco_sock_close(struct sock *sk); 59 static void sco_sock_kill(struct sock *sk); 60 61 /* ----- SCO socket info ----- */ 62 #define sco_pi(sk) ((struct sco_pinfo *) sk) 63 64 struct sco_pinfo { 65 struct bt_sock bt; 66 bdaddr_t src; 67 bdaddr_t dst; 68 __u32 flags; 69 __u16 setting; 70 struct bt_codec codec; 71 struct sco_conn *conn; 72 }; 73 74 /* ---- SCO timers ---- */ 75 #define SCO_CONN_TIMEOUT (HZ * 40) 76 #define SCO_DISCONN_TIMEOUT (HZ * 2) 77 78 static void sco_conn_free(struct kref *ref) 79 { 80 struct sco_conn *conn = container_of(ref, struct sco_conn, ref); 81 82 BT_DBG("conn %p", conn); 83 84 if (conn->sk) 85 sco_pi(conn->sk)->conn = NULL; 86 87 if (conn->hcon) { 88 conn->hcon->sco_data = NULL; 89 hci_conn_drop(conn->hcon); 90 } 91 92 /* Ensure no more work items will run since hci_conn has been dropped */ 93 disable_delayed_work_sync(&conn->timeout_work); 94 95 kfree(conn); 96 } 97 98 static void sco_conn_put(struct sco_conn *conn) 99 { 100 if (!conn) 101 return; 102 103 BT_DBG("conn %p refcnt %d", conn, kref_read(&conn->ref)); 104 105 kref_put(&conn->ref, sco_conn_free); 106 } 107 108 static struct sco_conn *sco_conn_hold(struct sco_conn *conn) 109 { 110 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref)); 111 112 kref_get(&conn->ref); 113 return conn; 114 } 115 116 static struct sco_conn *sco_conn_hold_unless_zero(struct sco_conn *conn) 117 { 118 if (!conn) 119 return NULL; 120 121 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref)); 122 123 if (!kref_get_unless_zero(&conn->ref)) 124 return NULL; 125 126 return conn; 127 } 128 129 static struct sock *sco_sock_hold(struct sco_conn *conn) 130 { 131 if (!conn || !bt_sock_linked(&sco_sk_list, conn->sk)) 132 return NULL; 133 134 sock_hold(conn->sk); 135 136 return conn->sk; 137 } 138 139 static void sco_sock_timeout(struct work_struct *work) 140 { 141 struct sco_conn *conn = container_of(work, struct sco_conn, 142 timeout_work.work); 143 struct sock *sk; 144 145 conn = sco_conn_hold_unless_zero(conn); 146 if (!conn) 147 return; 148 149 sco_conn_lock(conn); 150 if (!conn->hcon) { 151 sco_conn_unlock(conn); 152 sco_conn_put(conn); 153 return; 154 } 155 sk = sco_sock_hold(conn); 156 sco_conn_unlock(conn); 157 sco_conn_put(conn); 158 159 if (!sk) 160 return; 161 162 BT_DBG("sock %p state %d", sk, sk->sk_state); 163 164 lock_sock(sk); 165 sk->sk_err = ETIMEDOUT; 166 sk->sk_state_change(sk); 167 release_sock(sk); 168 sock_put(sk); 169 } 170 171 static void sco_sock_set_timer(struct sock *sk, long timeout) 172 { 173 if (!sco_pi(sk)->conn) 174 return; 175 176 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 177 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 178 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout); 179 } 180 181 static void sco_sock_clear_timer(struct sock *sk) 182 { 183 if (!sco_pi(sk)->conn) 184 return; 185 186 BT_DBG("sock %p state %d", sk, sk->sk_state); 187 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 188 } 189 190 /* ---- SCO connections ---- */ 191 static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 192 { 193 struct sco_conn *conn = hcon->sco_data; 194 195 conn = sco_conn_hold_unless_zero(conn); 196 if (conn) { 197 if (!conn->hcon) { 198 sco_conn_lock(conn); 199 conn->hcon = hcon; 200 sco_conn_unlock(conn); 201 } 202 return conn; 203 } 204 205 conn = kzalloc_obj(struct sco_conn); 206 if (!conn) 207 return NULL; 208 209 kref_init(&conn->ref); 210 spin_lock_init(&conn->lock); 211 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout); 212 213 hcon->sco_data = conn; 214 conn->hcon = hcon; 215 conn->mtu = hcon->mtu; 216 217 if (hcon->mtu > 0) 218 conn->mtu = hcon->mtu; 219 else 220 conn->mtu = 60; 221 222 BT_DBG("hcon %p conn %p", hcon, conn); 223 224 return conn; 225 } 226 227 /* Delete channel. 228 * Must be called on the locked socket. */ 229 static void sco_chan_del(struct sock *sk, int err) 230 { 231 struct sco_conn *conn; 232 233 conn = sco_pi(sk)->conn; 234 sco_pi(sk)->conn = NULL; 235 236 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 237 238 if (conn) { 239 sco_conn_lock(conn); 240 conn->sk = NULL; 241 sco_conn_unlock(conn); 242 sco_conn_put(conn); 243 } 244 245 sk->sk_state = BT_CLOSED; 246 sk->sk_err = err; 247 sk->sk_state_change(sk); 248 249 sock_set_flag(sk, SOCK_ZAPPED); 250 } 251 252 static void sco_conn_del(struct hci_conn *hcon, int err) 253 { 254 struct sco_conn *conn = hcon->sco_data; 255 struct sock *sk; 256 257 conn = sco_conn_hold_unless_zero(conn); 258 if (!conn) 259 return; 260 261 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 262 263 sco_conn_lock(conn); 264 sk = sco_sock_hold(conn); 265 sco_conn_unlock(conn); 266 sco_conn_put(conn); 267 268 if (!sk) { 269 sco_conn_put(conn); 270 return; 271 } 272 273 /* Kill socket */ 274 lock_sock(sk); 275 sco_sock_clear_timer(sk); 276 sco_chan_del(sk, err); 277 release_sock(sk); 278 sock_put(sk); 279 } 280 281 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, 282 struct sock *parent) 283 { 284 BT_DBG("conn %p", conn); 285 286 sco_pi(sk)->conn = conn; 287 conn->sk = sk; 288 289 if (parent) 290 bt_accept_enqueue(parent, sk, true); 291 } 292 293 static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 294 struct sock *parent) 295 { 296 int err = 0; 297 298 sco_conn_lock(conn); 299 if (conn->sk || sco_pi(sk)->conn) 300 err = -EBUSY; 301 else 302 __sco_chan_add(conn, sk, parent); 303 304 sco_conn_unlock(conn); 305 return err; 306 } 307 308 static int sco_connect(struct sock *sk) 309 { 310 struct sco_conn *conn; 311 struct hci_conn *hcon; 312 struct hci_dev *hdev; 313 bdaddr_t src, dst; 314 struct bt_codec codec; 315 __u16 setting; 316 int err, type; 317 318 lock_sock(sk); 319 bacpy(&src, &sco_pi(sk)->src); 320 bacpy(&dst, &sco_pi(sk)->dst); 321 setting = sco_pi(sk)->setting; 322 codec = sco_pi(sk)->codec; 323 release_sock(sk); 324 325 BT_DBG("%pMR -> %pMR", &src, &dst); 326 327 hdev = hci_get_route(&dst, &src, BDADDR_BREDR); 328 if (!hdev) 329 return -EHOSTUNREACH; 330 331 hci_dev_lock(hdev); 332 333 if (lmp_esco_capable(hdev) && !disable_esco) 334 type = ESCO_LINK; 335 else 336 type = SCO_LINK; 337 338 switch (setting & SCO_AIRMODE_MASK) { 339 case SCO_AIRMODE_TRANSP: 340 if (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)) { 341 err = -EOPNOTSUPP; 342 goto unlock; 343 } 344 break; 345 } 346 347 hcon = hci_connect_sco(hdev, type, &dst, 348 setting, &codec, 349 READ_ONCE(sk->sk_sndtimeo)); 350 if (IS_ERR(hcon)) { 351 err = PTR_ERR(hcon); 352 goto unlock; 353 } 354 355 conn = sco_conn_add(hcon); 356 if (!conn) { 357 hci_conn_drop(hcon); 358 err = -ENOMEM; 359 goto unlock; 360 } 361 362 lock_sock(sk); 363 364 /* Recheck state after reacquiring the socket lock, as another 365 * thread may have changed it (e.g., closed the socket). 366 */ 367 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 368 release_sock(sk); 369 hci_conn_drop(hcon); 370 err = -EBADFD; 371 goto unlock; 372 } 373 374 err = sco_chan_add(conn, sk, NULL); 375 if (err) { 376 release_sock(sk); 377 hci_conn_drop(hcon); 378 goto unlock; 379 } 380 381 /* Update source addr of the socket */ 382 bacpy(&sco_pi(sk)->src, &hcon->src); 383 384 if (hcon->state == BT_CONNECTED) { 385 sco_sock_clear_timer(sk); 386 sk->sk_state = BT_CONNECTED; 387 } else { 388 sk->sk_state = BT_CONNECT; 389 sco_sock_set_timer(sk, READ_ONCE(sk->sk_sndtimeo)); 390 } 391 392 release_sock(sk); 393 394 unlock: 395 hci_dev_unlock(hdev); 396 hci_dev_put(hdev); 397 return err; 398 } 399 400 static int sco_send_frame(struct sock *sk, struct sk_buff *skb, 401 const struct sockcm_cookie *sockc) 402 { 403 struct sco_conn *conn = sco_pi(sk)->conn; 404 int len = skb->len; 405 406 /* Check outgoing MTU */ 407 if (len > conn->mtu) 408 return -EINVAL; 409 410 BT_DBG("sk %p len %d", sk, len); 411 412 hci_setup_tx_timestamp(skb, 1, sockc); 413 hci_send_sco(conn->hcon, skb); 414 415 return len; 416 } 417 418 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 419 { 420 struct sock *sk; 421 422 sco_conn_lock(conn); 423 sk = sco_sock_hold(conn); 424 sco_conn_unlock(conn); 425 426 if (!sk) 427 goto drop; 428 429 BT_DBG("sk %p len %u", sk, skb->len); 430 431 if (sk->sk_state != BT_CONNECTED) 432 goto drop_put; 433 434 if (!sock_queue_rcv_skb(sk, skb)) { 435 sock_put(sk); 436 return; 437 } 438 439 drop_put: 440 sock_put(sk); 441 drop: 442 kfree_skb(skb); 443 } 444 445 /* -------- Socket interface ---------- */ 446 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 447 { 448 struct sock *sk; 449 450 sk_for_each(sk, &sco_sk_list.head) { 451 if (sk->sk_state != BT_LISTEN) 452 continue; 453 454 if (!bacmp(&sco_pi(sk)->src, ba)) 455 return sk; 456 } 457 458 return NULL; 459 } 460 461 /* Find socket listening on source bdaddr. 462 * Returns closest match. 463 */ 464 static struct sock *sco_get_sock_listen(bdaddr_t *src) 465 { 466 struct sock *sk = NULL, *sk1 = NULL; 467 468 read_lock(&sco_sk_list.lock); 469 470 sk_for_each(sk, &sco_sk_list.head) { 471 if (sk->sk_state != BT_LISTEN) 472 continue; 473 474 /* Exact match. */ 475 if (!bacmp(&sco_pi(sk)->src, src)) 476 break; 477 478 /* Closest match */ 479 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 480 sk1 = sk; 481 } 482 483 sk = sk ? sk : sk1; 484 if (sk) 485 sock_hold(sk); 486 487 read_unlock(&sco_sk_list.lock); 488 489 return sk; 490 } 491 492 static void sco_sock_destruct(struct sock *sk) 493 { 494 BT_DBG("sk %p", sk); 495 496 sco_conn_put(sco_pi(sk)->conn); 497 498 skb_queue_purge(&sk->sk_receive_queue); 499 skb_queue_purge(&sk->sk_write_queue); 500 skb_queue_purge(&sk->sk_error_queue); 501 } 502 503 static void sco_sock_cleanup_listen(struct sock *parent) 504 { 505 struct sock *sk; 506 507 BT_DBG("parent %p", parent); 508 509 /* Close not yet accepted channels */ 510 while ((sk = bt_accept_dequeue(parent, NULL))) { 511 sco_sock_close(sk); 512 sco_sock_kill(sk); 513 /* Drop the reference handed back by bt_accept_dequeue(). */ 514 sock_put(sk); 515 } 516 517 parent->sk_state = BT_CLOSED; 518 sock_set_flag(parent, SOCK_ZAPPED); 519 } 520 521 /* Kill socket (only if zapped and orphan) 522 * Must be called on unlocked socket. 523 */ 524 static void sco_sock_kill(struct sock *sk) 525 { 526 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 527 return; 528 529 BT_DBG("sk %p state %d", sk, sk->sk_state); 530 531 /* Sock is dead, so set conn->sk to NULL to avoid possible UAF */ 532 lock_sock(sk); 533 if (sco_pi(sk)->conn) { 534 sco_conn_lock(sco_pi(sk)->conn); 535 sco_pi(sk)->conn->sk = NULL; 536 sco_conn_unlock(sco_pi(sk)->conn); 537 } 538 release_sock(sk); 539 540 /* Kill poor orphan */ 541 bt_sock_unlink(&sco_sk_list, sk); 542 sock_set_flag(sk, SOCK_DEAD); 543 sock_put(sk); 544 } 545 546 static void __sco_sock_close(struct sock *sk) 547 { 548 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 549 550 switch (sk->sk_state) { 551 case BT_LISTEN: 552 sco_sock_cleanup_listen(sk); 553 break; 554 555 case BT_CONNECTED: 556 case BT_CONFIG: 557 case BT_CONNECT2: 558 case BT_CONNECT: 559 case BT_DISCONN: 560 sco_chan_del(sk, ECONNRESET); 561 break; 562 563 default: 564 sock_set_flag(sk, SOCK_ZAPPED); 565 break; 566 } 567 568 } 569 570 /* Must be called on unlocked socket. */ 571 static void sco_sock_close(struct sock *sk) 572 { 573 lock_sock(sk); 574 sco_sock_clear_timer(sk); 575 __sco_sock_close(sk); 576 release_sock(sk); 577 } 578 579 static void sco_sock_init(struct sock *sk, struct sock *parent) 580 { 581 BT_DBG("sk %p", sk); 582 583 if (parent) { 584 sk->sk_type = parent->sk_type; 585 bt_sk(sk)->flags = bt_sk(parent)->flags; 586 security_sk_clone(parent, sk); 587 } 588 } 589 590 static struct proto sco_proto = { 591 .name = "SCO", 592 .owner = THIS_MODULE, 593 .obj_size = sizeof(struct sco_pinfo) 594 }; 595 596 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, 597 int proto, gfp_t prio, int kern) 598 { 599 struct sock *sk; 600 601 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern); 602 if (!sk) 603 return NULL; 604 605 sk->sk_destruct = sco_sock_destruct; 606 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 607 608 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 609 sco_pi(sk)->codec.id = BT_CODEC_CVSD; 610 sco_pi(sk)->codec.cid = 0xffff; 611 sco_pi(sk)->codec.vid = 0xffff; 612 sco_pi(sk)->codec.data_path = 0x00; 613 614 bt_sock_link(&sco_sk_list, sk); 615 return sk; 616 } 617 618 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 619 int kern) 620 { 621 struct sock *sk; 622 623 BT_DBG("sock %p", sock); 624 625 sock->state = SS_UNCONNECTED; 626 627 if (sock->type != SOCK_SEQPACKET) 628 return -ESOCKTNOSUPPORT; 629 630 sock->ops = &sco_sock_ops; 631 632 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 633 if (!sk) 634 return -ENOMEM; 635 636 sco_sock_init(sk, NULL); 637 return 0; 638 } 639 640 static int sco_sock_bind(struct socket *sock, struct sockaddr_unsized *addr, 641 int addr_len) 642 { 643 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 644 struct sock *sk = sock->sk; 645 int err = 0; 646 647 if (!addr || addr_len < sizeof(struct sockaddr_sco) || 648 addr->sa_family != AF_BLUETOOTH) 649 return -EINVAL; 650 651 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 652 653 lock_sock(sk); 654 655 if (sk->sk_state != BT_OPEN) { 656 err = -EBADFD; 657 goto done; 658 } 659 660 if (sk->sk_type != SOCK_SEQPACKET) { 661 err = -EINVAL; 662 goto done; 663 } 664 665 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 666 667 sk->sk_state = BT_BOUND; 668 669 done: 670 release_sock(sk); 671 return err; 672 } 673 674 static int sco_sock_connect(struct socket *sock, struct sockaddr_unsized *addr, int alen, int flags) 675 { 676 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 677 struct sock *sk = sock->sk; 678 int err; 679 680 BT_DBG("sk %p", sk); 681 682 if (alen < sizeof(struct sockaddr_sco) || 683 addr->sa_family != AF_BLUETOOTH) 684 return -EINVAL; 685 686 lock_sock(sk); 687 688 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 689 release_sock(sk); 690 return -EBADFD; 691 } 692 693 if (sk->sk_type != SOCK_SEQPACKET) { 694 release_sock(sk); 695 return -EINVAL; 696 } 697 698 /* Set destination address and psm */ 699 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 700 release_sock(sk); 701 702 err = sco_connect(sk); 703 if (err) 704 return err; 705 706 lock_sock(sk); 707 708 err = bt_sock_wait_state(sk, BT_CONNECTED, 709 sock_sndtimeo(sk, flags & O_NONBLOCK)); 710 711 release_sock(sk); 712 return err; 713 } 714 715 static int sco_sock_listen(struct socket *sock, int backlog) 716 { 717 struct sock *sk = sock->sk; 718 bdaddr_t *src = &sco_pi(sk)->src; 719 int err = 0; 720 721 BT_DBG("sk %p backlog %d", sk, backlog); 722 723 lock_sock(sk); 724 725 if (sk->sk_state != BT_BOUND) { 726 err = -EBADFD; 727 goto done; 728 } 729 730 if (sk->sk_type != SOCK_SEQPACKET) { 731 err = -EINVAL; 732 goto done; 733 } 734 735 write_lock(&sco_sk_list.lock); 736 737 if (__sco_get_sock_listen_by_addr(src)) { 738 err = -EADDRINUSE; 739 goto unlock; 740 } 741 742 sk->sk_max_ack_backlog = backlog; 743 sk->sk_ack_backlog = 0; 744 745 sk->sk_state = BT_LISTEN; 746 747 unlock: 748 write_unlock(&sco_sk_list.lock); 749 750 done: 751 release_sock(sk); 752 return err; 753 } 754 755 static int sco_sock_accept(struct socket *sock, struct socket *newsock, 756 struct proto_accept_arg *arg) 757 { 758 DEFINE_WAIT_FUNC(wait, woken_wake_function); 759 struct sock *sk = sock->sk, *ch; 760 long timeo; 761 int err = 0; 762 763 lock_sock(sk); 764 765 timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK); 766 767 BT_DBG("sk %p timeo %ld", sk, timeo); 768 769 /* Wait for an incoming connection. (wake-one). */ 770 add_wait_queue_exclusive(sk_sleep(sk), &wait); 771 while (1) { 772 if (sk->sk_state != BT_LISTEN) { 773 err = -EBADFD; 774 break; 775 } 776 777 ch = bt_accept_dequeue(sk, newsock); 778 if (ch) { 779 /* Drop the bridging ref from bt_accept_dequeue(); 780 * the grafted socket keeps ch alive from here. 781 */ 782 sock_put(ch); 783 break; 784 } 785 786 if (!timeo) { 787 err = -EAGAIN; 788 break; 789 } 790 791 if (signal_pending(current)) { 792 err = sock_intr_errno(timeo); 793 break; 794 } 795 796 release_sock(sk); 797 798 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 799 lock_sock(sk); 800 } 801 remove_wait_queue(sk_sleep(sk), &wait); 802 803 if (err) 804 goto done; 805 806 newsock->state = SS_CONNECTED; 807 808 BT_DBG("new socket %p", ch); 809 810 done: 811 release_sock(sk); 812 return err; 813 } 814 815 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, 816 int peer) 817 { 818 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 819 struct sock *sk = sock->sk; 820 821 BT_DBG("sock %p, sk %p", sock, sk); 822 823 addr->sa_family = AF_BLUETOOTH; 824 825 if (peer) 826 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 827 else 828 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 829 830 return sizeof(struct sockaddr_sco); 831 } 832 833 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, 834 size_t len) 835 { 836 struct sock *sk = sock->sk; 837 struct sk_buff *skb; 838 struct sockcm_cookie sockc; 839 int err; 840 841 BT_DBG("sock %p, sk %p", sock, sk); 842 843 err = sock_error(sk); 844 if (err) 845 return err; 846 847 if (msg->msg_flags & MSG_OOB) 848 return -EOPNOTSUPP; 849 850 hci_sockcm_init(&sockc, sk); 851 852 if (msg->msg_controllen) { 853 err = sock_cmsg_send(sk, msg, &sockc); 854 if (err) 855 return err; 856 } 857 858 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0); 859 if (IS_ERR(skb)) 860 return PTR_ERR(skb); 861 862 lock_sock(sk); 863 864 if (sk->sk_state == BT_CONNECTED) 865 err = sco_send_frame(sk, skb, &sockc); 866 else 867 err = -ENOTCONN; 868 869 release_sock(sk); 870 871 if (err < 0) 872 kfree_skb(skb); 873 return err; 874 } 875 876 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 877 { 878 struct hci_dev *hdev = conn->hdev; 879 880 BT_DBG("conn %p", conn); 881 882 conn->state = BT_CONFIG; 883 884 if (!lmp_esco_capable(hdev)) { 885 struct hci_cp_accept_conn_req cp; 886 887 bacpy(&cp.bdaddr, &conn->dst); 888 cp.role = 0x00; /* Ignored */ 889 890 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 891 } else { 892 struct hci_cp_accept_sync_conn_req cp; 893 894 bacpy(&cp.bdaddr, &conn->dst); 895 cp.pkt_type = cpu_to_le16(conn->pkt_type); 896 897 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 898 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 899 cp.content_format = cpu_to_le16(setting); 900 901 switch (setting & SCO_AIRMODE_MASK) { 902 case SCO_AIRMODE_TRANSP: 903 if (conn->pkt_type & ESCO_2EV3) 904 cp.max_latency = cpu_to_le16(0x0008); 905 else 906 cp.max_latency = cpu_to_le16(0x000D); 907 cp.retrans_effort = 0x02; 908 break; 909 case SCO_AIRMODE_CVSD: 910 cp.max_latency = cpu_to_le16(0xffff); 911 cp.retrans_effort = 0xff; 912 break; 913 default: 914 /* use CVSD settings as fallback */ 915 cp.max_latency = cpu_to_le16(0xffff); 916 cp.retrans_effort = 0xff; 917 break; 918 } 919 920 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 921 sizeof(cp), &cp); 922 } 923 } 924 925 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, 926 size_t len, int flags) 927 { 928 struct sock *sk = sock->sk; 929 struct sco_pinfo *pi = sco_pi(sk); 930 931 if (unlikely(flags & MSG_ERRQUEUE)) 932 return sock_recv_errqueue(sk, msg, len, SOL_BLUETOOTH, 933 BT_SCM_ERROR); 934 935 lock_sock(sk); 936 937 if (sk->sk_state == BT_CONNECT2 && 938 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 939 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 940 sk->sk_state = BT_CONFIG; 941 942 release_sock(sk); 943 return 0; 944 } 945 946 release_sock(sk); 947 948 return bt_sock_recvmsg(sock, msg, len, flags); 949 } 950 951 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, 952 sockptr_t optval, unsigned int optlen) 953 { 954 struct sock *sk = sock->sk; 955 int err = 0; 956 struct bt_voice voice; 957 u32 opt; 958 struct bt_codecs *codecs; 959 struct hci_dev *hdev; 960 __u8 buffer[255]; 961 962 BT_DBG("sk %p", sk); 963 964 lock_sock(sk); 965 966 switch (optname) { 967 968 case BT_DEFER_SETUP: 969 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 970 err = -EINVAL; 971 break; 972 } 973 974 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen); 975 if (err) 976 break; 977 978 if (opt) 979 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 980 else 981 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 982 break; 983 984 case BT_VOICE: 985 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 986 sk->sk_state != BT_CONNECT2) { 987 err = -EINVAL; 988 break; 989 } 990 991 voice.setting = sco_pi(sk)->setting; 992 993 err = copy_safe_from_sockptr(&voice, sizeof(voice), optval, 994 optlen); 995 if (err) 996 break; 997 998 sco_pi(sk)->setting = voice.setting; 999 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 1000 BDADDR_BREDR); 1001 if (!hdev) { 1002 err = -EBADFD; 1003 break; 1004 } 1005 1006 switch (sco_pi(sk)->setting & SCO_AIRMODE_MASK) { 1007 case SCO_AIRMODE_TRANSP: 1008 if (enhanced_sync_conn_capable(hdev)) 1009 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT; 1010 break; 1011 } 1012 1013 hci_dev_put(hdev); 1014 break; 1015 1016 case BT_PKT_STATUS: 1017 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen); 1018 if (err) 1019 break; 1020 1021 if (opt) 1022 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 1023 else 1024 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 1025 break; 1026 1027 case BT_CODEC: 1028 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1029 sk->sk_state != BT_CONNECT2) { 1030 err = -EINVAL; 1031 break; 1032 } 1033 1034 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 1035 BDADDR_BREDR); 1036 if (!hdev) { 1037 err = -EBADFD; 1038 break; 1039 } 1040 1041 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 1042 hci_dev_put(hdev); 1043 err = -EOPNOTSUPP; 1044 break; 1045 } 1046 1047 if (!hdev->get_data_path_id) { 1048 hci_dev_put(hdev); 1049 err = -EOPNOTSUPP; 1050 break; 1051 } 1052 1053 if (optlen < sizeof(struct bt_codecs) || 1054 optlen > sizeof(buffer)) { 1055 hci_dev_put(hdev); 1056 err = -EINVAL; 1057 break; 1058 } 1059 1060 err = copy_struct_from_sockptr(buffer, sizeof(buffer), optval, 1061 optlen); 1062 if (err) { 1063 hci_dev_put(hdev); 1064 break; 1065 } 1066 1067 codecs = (void *)buffer; 1068 1069 if (codecs->num_codecs != 1 || 1070 optlen < struct_size(codecs, codecs, codecs->num_codecs)) { 1071 hci_dev_put(hdev); 1072 err = -EINVAL; 1073 break; 1074 } 1075 1076 sco_pi(sk)->codec = codecs->codecs[0]; 1077 hci_dev_put(hdev); 1078 break; 1079 1080 default: 1081 err = -ENOPROTOOPT; 1082 break; 1083 } 1084 1085 release_sock(sk); 1086 return err; 1087 } 1088 1089 static int sco_sock_getsockopt_old(struct socket *sock, int optname, 1090 sockopt_t *opt) 1091 { 1092 struct sock *sk = sock->sk; 1093 struct sco_options opts; 1094 struct sco_conninfo cinfo; 1095 int err = 0; 1096 size_t len; 1097 1098 BT_DBG("sk %p", sk); 1099 1100 len = opt->optlen; 1101 1102 lock_sock(sk); 1103 1104 switch (optname) { 1105 case SCO_OPTIONS: 1106 if (sk->sk_state != BT_CONNECTED && 1107 !(sk->sk_state == BT_CONNECT2 && 1108 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1109 err = -ENOTCONN; 1110 break; 1111 } 1112 1113 opts.mtu = sco_pi(sk)->conn->mtu; 1114 1115 BT_DBG("mtu %u", opts.mtu); 1116 1117 len = min(len, sizeof(opts)); 1118 if (copy_to_iter(&opts, len, &opt->iter_out) != len) 1119 err = -EFAULT; 1120 1121 break; 1122 1123 case SCO_CONNINFO: 1124 if (sk->sk_state != BT_CONNECTED && 1125 !(sk->sk_state == BT_CONNECT2 && 1126 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1127 err = -ENOTCONN; 1128 break; 1129 } 1130 1131 memset(&cinfo, 0, sizeof(cinfo)); 1132 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 1133 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 1134 1135 len = min(len, sizeof(cinfo)); 1136 if (copy_to_iter(&cinfo, len, &opt->iter_out) != len) 1137 err = -EFAULT; 1138 1139 break; 1140 1141 default: 1142 err = -ENOPROTOOPT; 1143 break; 1144 } 1145 1146 release_sock(sk); 1147 return err; 1148 } 1149 1150 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, 1151 sockopt_t *opt) 1152 { 1153 struct sock *sk = sock->sk; 1154 int len, val, err = 0; 1155 struct bt_voice voice; 1156 u32 phys; 1157 int buf_len; 1158 struct codec_list *c; 1159 u8 num_codecs, i; 1160 struct hci_dev *hdev; 1161 struct hci_codec_caps *caps; 1162 struct bt_codec codec; 1163 1164 BT_DBG("sk %p", sk); 1165 1166 if (level == SOL_SCO) 1167 return sco_sock_getsockopt_old(sock, optname, opt); 1168 1169 len = opt->optlen; 1170 1171 lock_sock(sk); 1172 1173 switch (optname) { 1174 1175 case BT_DEFER_SETUP: 1176 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1177 err = -EINVAL; 1178 break; 1179 } 1180 1181 val = test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1182 if (copy_to_iter(&val, sizeof(val), &opt->iter_out) != 1183 sizeof(val)) 1184 err = -EFAULT; 1185 1186 break; 1187 1188 case BT_VOICE: 1189 voice.setting = sco_pi(sk)->setting; 1190 1191 len = min_t(unsigned int, len, sizeof(voice)); 1192 if (copy_to_iter(&voice, len, &opt->iter_out) != len) 1193 err = -EFAULT; 1194 1195 break; 1196 1197 case BT_PHY: 1198 if (sk->sk_state != BT_CONNECTED) { 1199 err = -ENOTCONN; 1200 break; 1201 } 1202 1203 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon); 1204 1205 if (copy_to_iter(&phys, sizeof(phys), &opt->iter_out) != 1206 sizeof(phys)) 1207 err = -EFAULT; 1208 break; 1209 1210 case BT_PKT_STATUS: 1211 val = test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 1212 if (copy_to_iter(&val, sizeof(val), &opt->iter_out) != 1213 sizeof(val)) 1214 err = -EFAULT; 1215 break; 1216 1217 case BT_SNDMTU: 1218 case BT_RCVMTU: 1219 if (sk->sk_state != BT_CONNECTED) { 1220 err = -ENOTCONN; 1221 break; 1222 } 1223 1224 val = sco_pi(sk)->conn->mtu; 1225 if (copy_to_iter(&val, sizeof(val), &opt->iter_out) != 1226 sizeof(val)) 1227 err = -EFAULT; 1228 break; 1229 1230 case BT_CODEC: 1231 num_codecs = 0; 1232 buf_len = 0; 1233 1234 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 1235 if (!hdev) { 1236 err = -EBADFD; 1237 break; 1238 } 1239 1240 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 1241 hci_dev_put(hdev); 1242 err = -EOPNOTSUPP; 1243 break; 1244 } 1245 1246 if (!hdev->get_data_path_id) { 1247 hci_dev_put(hdev); 1248 err = -EOPNOTSUPP; 1249 break; 1250 } 1251 1252 release_sock(sk); 1253 1254 /* find total buffer size required to copy codec + caps */ 1255 hci_dev_lock(hdev); 1256 list_for_each_entry(c, &hdev->local_codecs, list) { 1257 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1258 continue; 1259 num_codecs++; 1260 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1261 buf_len += 1 + caps->len; 1262 caps = (void *)&caps->data[caps->len]; 1263 } 1264 buf_len += sizeof(struct bt_codec); 1265 } 1266 hci_dev_unlock(hdev); 1267 1268 buf_len += sizeof(struct bt_codecs); 1269 if (buf_len > len) { 1270 hci_dev_put(hdev); 1271 return -ENOBUFS; 1272 } 1273 1274 if (copy_to_iter(&num_codecs, sizeof(num_codecs), 1275 &opt->iter_out) != sizeof(num_codecs)) { 1276 hci_dev_put(hdev); 1277 return -EFAULT; 1278 } 1279 1280 /* Iterate all the codecs supported over SCO and populate 1281 * codec data 1282 */ 1283 hci_dev_lock(hdev); 1284 list_for_each_entry(c, &hdev->local_codecs, list) { 1285 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1286 continue; 1287 1288 codec.id = c->id; 1289 codec.cid = c->cid; 1290 codec.vid = c->vid; 1291 err = hdev->get_data_path_id(hdev, &codec.data_path); 1292 if (err < 0) 1293 break; 1294 codec.num_caps = c->num_caps; 1295 if (copy_to_iter(&codec, sizeof(codec), &opt->iter_out) 1296 != sizeof(codec)) { 1297 err = -EFAULT; 1298 break; 1299 } 1300 1301 /* find codec capabilities data length */ 1302 len = 0; 1303 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1304 len += 1 + caps->len; 1305 caps = (void *)&caps->data[caps->len]; 1306 } 1307 1308 /* copy codec capabilities data */ 1309 if (len && 1310 copy_to_iter(c->caps, len, &opt->iter_out) != len) { 1311 err = -EFAULT; 1312 break; 1313 } 1314 } 1315 1316 hci_dev_unlock(hdev); 1317 hci_dev_put(hdev); 1318 1319 lock_sock(sk); 1320 1321 if (!err) 1322 opt->optlen = buf_len; 1323 1324 break; 1325 1326 default: 1327 err = -ENOPROTOOPT; 1328 break; 1329 } 1330 1331 release_sock(sk); 1332 return err; 1333 } 1334 1335 static int sco_sock_shutdown(struct socket *sock, int how) 1336 { 1337 struct sock *sk = sock->sk; 1338 int err = 0; 1339 1340 BT_DBG("sock %p, sk %p", sock, sk); 1341 1342 if (!sk) 1343 return 0; 1344 1345 sock_hold(sk); 1346 lock_sock(sk); 1347 1348 if (!sk->sk_shutdown) { 1349 sk->sk_shutdown = SHUTDOWN_MASK; 1350 sco_sock_clear_timer(sk); 1351 __sco_sock_close(sk); 1352 1353 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1354 !(current->flags & PF_EXITING)) 1355 err = bt_sock_wait_state(sk, BT_CLOSED, 1356 sk->sk_lingertime); 1357 } 1358 1359 release_sock(sk); 1360 sock_put(sk); 1361 1362 return err; 1363 } 1364 1365 static int sco_sock_release(struct socket *sock) 1366 { 1367 struct sock *sk = sock->sk; 1368 int err = 0; 1369 1370 BT_DBG("sock %p, sk %p", sock, sk); 1371 1372 if (!sk) 1373 return 0; 1374 1375 sco_sock_close(sk); 1376 1377 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) && 1378 !(current->flags & PF_EXITING)) { 1379 lock_sock(sk); 1380 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1381 release_sock(sk); 1382 } 1383 1384 sock_orphan(sk); 1385 sco_sock_kill(sk); 1386 return err; 1387 } 1388 1389 static void sco_conn_ready(struct sco_conn *conn) 1390 { 1391 struct sock *parent, *sk; 1392 1393 sco_conn_lock(conn); 1394 sk = sco_sock_hold(conn); 1395 sco_conn_unlock(conn); 1396 1397 BT_DBG("conn %p", conn); 1398 1399 if (sk) { 1400 lock_sock(sk); 1401 1402 /* conn->sk may have become NULL if racing with sk close, but 1403 * due to held hdev->lock, it can't become different sk. 1404 */ 1405 if (conn->sk) { 1406 sco_sock_clear_timer(sk); 1407 sk->sk_state = BT_CONNECTED; 1408 sk->sk_state_change(sk); 1409 } 1410 1411 release_sock(sk); 1412 sock_put(sk); 1413 } else { 1414 if (!conn->hcon) 1415 return; 1416 1417 lockdep_assert_held(&conn->hcon->hdev->lock); 1418 1419 parent = sco_get_sock_listen(&conn->hcon->src); 1420 if (!parent) 1421 return; 1422 1423 lock_sock(parent); 1424 1425 sco_conn_lock(conn); 1426 1427 /* hdev->lock guarantees conn->sk == NULL still here */ 1428 1429 if (parent->sk_state != BT_LISTEN) 1430 goto release; 1431 1432 sk = sco_sock_alloc(sock_net(parent), NULL, 1433 BTPROTO_SCO, GFP_ATOMIC, 0); 1434 if (!sk) 1435 goto release; 1436 1437 sco_sock_init(sk, parent); 1438 1439 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1440 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1441 1442 sco_conn_hold(conn); 1443 hci_conn_hold(conn->hcon); 1444 __sco_chan_add(conn, sk, parent); 1445 1446 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1447 sk->sk_state = BT_CONNECT2; 1448 else 1449 sk->sk_state = BT_CONNECTED; 1450 1451 /* Wake up parent */ 1452 parent->sk_data_ready(parent); 1453 1454 release: 1455 sco_conn_unlock(conn); 1456 release_sock(parent); 1457 sock_put(parent); 1458 } 1459 } 1460 1461 /* ----- SCO interface with lower layer (HCI) ----- */ 1462 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1463 { 1464 struct sock *sk; 1465 int lm = 0; 1466 1467 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1468 1469 /* Find listening sockets */ 1470 read_lock(&sco_sk_list.lock); 1471 sk_for_each(sk, &sco_sk_list.head) { 1472 if (sk->sk_state != BT_LISTEN) 1473 continue; 1474 1475 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1476 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1477 lm |= HCI_LM_ACCEPT; 1478 1479 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1480 *flags |= HCI_PROTO_DEFER; 1481 break; 1482 } 1483 } 1484 read_unlock(&sco_sk_list.lock); 1485 1486 return lm; 1487 } 1488 1489 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1490 { 1491 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1492 return; 1493 1494 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status); 1495 1496 if (!status) { 1497 struct sco_conn *conn; 1498 1499 conn = sco_conn_add(hcon); 1500 if (conn) { 1501 sco_conn_ready(conn); 1502 sco_conn_put(conn); 1503 } 1504 } else 1505 sco_conn_del(hcon, bt_to_errno(status)); 1506 } 1507 1508 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1509 { 1510 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1511 return; 1512 1513 BT_DBG("hcon %p reason %d", hcon, reason); 1514 1515 sco_conn_del(hcon, bt_to_errno(reason)); 1516 } 1517 1518 int sco_recv_scodata(struct hci_dev *hdev, u16 handle, struct sk_buff *skb) 1519 { 1520 struct hci_conn *hcon; 1521 struct sco_conn *conn; 1522 1523 hci_dev_lock(hdev); 1524 1525 hcon = hci_conn_hash_lookup_handle(hdev, handle); 1526 if (!hcon) { 1527 hci_dev_unlock(hdev); 1528 kfree_skb(skb); 1529 return -ENOENT; 1530 } 1531 1532 conn = sco_conn_hold_unless_zero(hcon->sco_data); 1533 hcon = NULL; 1534 1535 hci_dev_unlock(hdev); 1536 1537 if (!conn) { 1538 kfree_skb(skb); 1539 return -EINVAL; 1540 } 1541 1542 BT_DBG("conn %p len %u", conn, skb->len); 1543 1544 if (skb->len) 1545 sco_recv_frame(conn, skb); 1546 else 1547 kfree_skb(skb); 1548 1549 sco_conn_put(conn); 1550 return 0; 1551 } 1552 1553 static struct hci_cb sco_cb = { 1554 .name = "SCO", 1555 .connect_cfm = sco_connect_cfm, 1556 .disconn_cfm = sco_disconn_cfm, 1557 }; 1558 1559 static int sco_debugfs_show(struct seq_file *f, void *p) 1560 { 1561 struct sock *sk; 1562 1563 read_lock(&sco_sk_list.lock); 1564 1565 sk_for_each(sk, &sco_sk_list.head) { 1566 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1567 &sco_pi(sk)->dst, sk->sk_state); 1568 } 1569 1570 read_unlock(&sco_sk_list.lock); 1571 1572 return 0; 1573 } 1574 1575 DEFINE_SHOW_ATTRIBUTE(sco_debugfs); 1576 1577 static struct dentry *sco_debugfs; 1578 1579 static const struct proto_ops sco_sock_ops = { 1580 .family = PF_BLUETOOTH, 1581 .owner = THIS_MODULE, 1582 .release = sco_sock_release, 1583 .bind = sco_sock_bind, 1584 .connect = sco_sock_connect, 1585 .listen = sco_sock_listen, 1586 .accept = sco_sock_accept, 1587 .getname = sco_sock_getname, 1588 .sendmsg = sco_sock_sendmsg, 1589 .recvmsg = sco_sock_recvmsg, 1590 .poll = bt_sock_poll, 1591 .ioctl = bt_sock_ioctl, 1592 .gettstamp = sock_gettstamp, 1593 .mmap = sock_no_mmap, 1594 .socketpair = sock_no_socketpair, 1595 .shutdown = sco_sock_shutdown, 1596 .setsockopt = sco_sock_setsockopt, 1597 .getsockopt_iter = sco_sock_getsockopt 1598 }; 1599 1600 static const struct net_proto_family sco_sock_family_ops = { 1601 .family = PF_BLUETOOTH, 1602 .owner = THIS_MODULE, 1603 .create = sco_sock_create, 1604 }; 1605 1606 int __init sco_init(void) 1607 { 1608 int err; 1609 1610 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1611 1612 err = proto_register(&sco_proto, 0); 1613 if (err < 0) 1614 return err; 1615 1616 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1617 if (err < 0) { 1618 BT_ERR("SCO socket registration failed"); 1619 goto error; 1620 } 1621 1622 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1623 if (err < 0) { 1624 BT_ERR("Failed to create SCO proc file"); 1625 bt_sock_unregister(BTPROTO_SCO); 1626 goto error; 1627 } 1628 1629 BT_INFO("SCO socket layer initialized"); 1630 1631 hci_register_cb(&sco_cb); 1632 1633 if (IS_ERR_OR_NULL(bt_debugfs)) 1634 return 0; 1635 1636 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1637 NULL, &sco_debugfs_fops); 1638 1639 return 0; 1640 1641 error: 1642 proto_unregister(&sco_proto); 1643 return err; 1644 } 1645 1646 void sco_exit(void) 1647 { 1648 bt_procfs_cleanup(&init_net, "sco"); 1649 1650 debugfs_remove(sco_debugfs); 1651 1652 hci_unregister_cb(&sco_cb); 1653 1654 bt_sock_unregister(BTPROTO_SCO); 1655 1656 proto_unregister(&sco_proto); 1657 } 1658 1659 module_param(disable_esco, bool, 0644); 1660 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1661