1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth SCO sockets. */ 26 27 #include <linux/module.h> 28 #include <linux/debugfs.h> 29 #include <linux/seq_file.h> 30 31 #include <net/bluetooth/bluetooth.h> 32 #include <net/bluetooth/hci_core.h> 33 #include <net/bluetooth/sco.h> 34 35 static bool disable_esco; 36 37 static const struct proto_ops sco_sock_ops; 38 39 static struct bt_sock_list sco_sk_list = { 40 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 41 }; 42 43 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent); 44 static void sco_chan_del(struct sock *sk, int err); 45 46 static void sco_sock_close(struct sock *sk); 47 static void sco_sock_kill(struct sock *sk); 48 49 /* ---- SCO timers ---- */ 50 static void sco_sock_timeout(unsigned long arg) 51 { 52 struct sock *sk = (struct sock *) arg; 53 54 BT_DBG("sock %p state %d", sk, sk->sk_state); 55 56 bh_lock_sock(sk); 57 sk->sk_err = ETIMEDOUT; 58 sk->sk_state_change(sk); 59 bh_unlock_sock(sk); 60 61 sco_sock_kill(sk); 62 sock_put(sk); 63 } 64 65 static void sco_sock_set_timer(struct sock *sk, long timeout) 66 { 67 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 68 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout); 69 } 70 71 static void sco_sock_clear_timer(struct sock *sk) 72 { 73 BT_DBG("sock %p state %d", sk, sk->sk_state); 74 sk_stop_timer(sk, &sk->sk_timer); 75 } 76 77 /* ---- SCO connections ---- */ 78 static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 79 { 80 struct hci_dev *hdev = hcon->hdev; 81 struct sco_conn *conn = hcon->sco_data; 82 83 if (conn) 84 return conn; 85 86 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); 87 if (!conn) 88 return NULL; 89 90 spin_lock_init(&conn->lock); 91 92 hcon->sco_data = conn; 93 conn->hcon = hcon; 94 95 if (hdev->sco_mtu > 0) 96 conn->mtu = hdev->sco_mtu; 97 else 98 conn->mtu = 60; 99 100 BT_DBG("hcon %p conn %p", hcon, conn); 101 102 return conn; 103 } 104 105 static struct sock *sco_chan_get(struct sco_conn *conn) 106 { 107 struct sock *sk = NULL; 108 sco_conn_lock(conn); 109 sk = conn->sk; 110 sco_conn_unlock(conn); 111 return sk; 112 } 113 114 static int sco_conn_del(struct hci_conn *hcon, int err) 115 { 116 struct sco_conn *conn = hcon->sco_data; 117 struct sock *sk; 118 119 if (!conn) 120 return 0; 121 122 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 123 124 /* Kill socket */ 125 sk = sco_chan_get(conn); 126 if (sk) { 127 bh_lock_sock(sk); 128 sco_sock_clear_timer(sk); 129 sco_chan_del(sk, err); 130 bh_unlock_sock(sk); 131 sco_sock_kill(sk); 132 } 133 134 hcon->sco_data = NULL; 135 kfree(conn); 136 return 0; 137 } 138 139 static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 140 struct sock *parent) 141 { 142 int err = 0; 143 144 sco_conn_lock(conn); 145 if (conn->sk) 146 err = -EBUSY; 147 else 148 __sco_chan_add(conn, sk, parent); 149 150 sco_conn_unlock(conn); 151 return err; 152 } 153 154 static int sco_connect(struct sock *sk) 155 { 156 struct sco_conn *conn; 157 struct hci_conn *hcon; 158 struct hci_dev *hdev; 159 int err, type; 160 161 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 162 163 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src); 164 if (!hdev) 165 return -EHOSTUNREACH; 166 167 hci_dev_lock(hdev); 168 169 if (lmp_esco_capable(hdev) && !disable_esco) 170 type = ESCO_LINK; 171 else 172 type = SCO_LINK; 173 174 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT && 175 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) { 176 err = -EOPNOTSUPP; 177 goto done; 178 } 179 180 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, 181 sco_pi(sk)->setting); 182 if (IS_ERR(hcon)) { 183 err = PTR_ERR(hcon); 184 goto done; 185 } 186 187 conn = sco_conn_add(hcon); 188 if (!conn) { 189 hci_conn_drop(hcon); 190 err = -ENOMEM; 191 goto done; 192 } 193 194 /* Update source addr of the socket */ 195 bacpy(&sco_pi(sk)->src, &hcon->src); 196 197 err = sco_chan_add(conn, sk, NULL); 198 if (err) 199 goto done; 200 201 if (hcon->state == BT_CONNECTED) { 202 sco_sock_clear_timer(sk); 203 sk->sk_state = BT_CONNECTED; 204 } else { 205 sk->sk_state = BT_CONNECT; 206 sco_sock_set_timer(sk, sk->sk_sndtimeo); 207 } 208 209 done: 210 hci_dev_unlock(hdev); 211 hci_dev_put(hdev); 212 return err; 213 } 214 215 static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len) 216 { 217 struct sco_conn *conn = sco_pi(sk)->conn; 218 struct sk_buff *skb; 219 int err; 220 221 /* Check outgoing MTU */ 222 if (len > conn->mtu) 223 return -EINVAL; 224 225 BT_DBG("sk %p len %d", sk, len); 226 227 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err); 228 if (!skb) 229 return err; 230 231 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) { 232 kfree_skb(skb); 233 return -EFAULT; 234 } 235 236 hci_send_sco(conn->hcon, skb); 237 238 return len; 239 } 240 241 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 242 { 243 struct sock *sk = sco_chan_get(conn); 244 245 if (!sk) 246 goto drop; 247 248 BT_DBG("sk %p len %d", sk, skb->len); 249 250 if (sk->sk_state != BT_CONNECTED) 251 goto drop; 252 253 if (!sock_queue_rcv_skb(sk, skb)) 254 return; 255 256 drop: 257 kfree_skb(skb); 258 } 259 260 /* -------- Socket interface ---------- */ 261 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 262 { 263 struct sock *sk; 264 265 sk_for_each(sk, &sco_sk_list.head) { 266 if (sk->sk_state != BT_LISTEN) 267 continue; 268 269 if (!bacmp(&sco_pi(sk)->src, ba)) 270 return sk; 271 } 272 273 return NULL; 274 } 275 276 /* Find socket listening on source bdaddr. 277 * Returns closest match. 278 */ 279 static struct sock *sco_get_sock_listen(bdaddr_t *src) 280 { 281 struct sock *sk = NULL, *sk1 = NULL; 282 283 read_lock(&sco_sk_list.lock); 284 285 sk_for_each(sk, &sco_sk_list.head) { 286 if (sk->sk_state != BT_LISTEN) 287 continue; 288 289 /* Exact match. */ 290 if (!bacmp(&sco_pi(sk)->src, src)) 291 break; 292 293 /* Closest match */ 294 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 295 sk1 = sk; 296 } 297 298 read_unlock(&sco_sk_list.lock); 299 300 return sk ? sk : sk1; 301 } 302 303 static void sco_sock_destruct(struct sock *sk) 304 { 305 BT_DBG("sk %p", sk); 306 307 skb_queue_purge(&sk->sk_receive_queue); 308 skb_queue_purge(&sk->sk_write_queue); 309 } 310 311 static void sco_sock_cleanup_listen(struct sock *parent) 312 { 313 struct sock *sk; 314 315 BT_DBG("parent %p", parent); 316 317 /* Close not yet accepted channels */ 318 while ((sk = bt_accept_dequeue(parent, NULL))) { 319 sco_sock_close(sk); 320 sco_sock_kill(sk); 321 } 322 323 parent->sk_state = BT_CLOSED; 324 sock_set_flag(parent, SOCK_ZAPPED); 325 } 326 327 /* Kill socket (only if zapped and orphan) 328 * Must be called on unlocked socket. 329 */ 330 static void sco_sock_kill(struct sock *sk) 331 { 332 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 333 return; 334 335 BT_DBG("sk %p state %d", sk, sk->sk_state); 336 337 /* Kill poor orphan */ 338 bt_sock_unlink(&sco_sk_list, sk); 339 sock_set_flag(sk, SOCK_DEAD); 340 sock_put(sk); 341 } 342 343 static void __sco_sock_close(struct sock *sk) 344 { 345 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 346 347 switch (sk->sk_state) { 348 case BT_LISTEN: 349 sco_sock_cleanup_listen(sk); 350 break; 351 352 case BT_CONNECTED: 353 case BT_CONFIG: 354 if (sco_pi(sk)->conn->hcon) { 355 sk->sk_state = BT_DISCONN; 356 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 357 hci_conn_drop(sco_pi(sk)->conn->hcon); 358 sco_pi(sk)->conn->hcon = NULL; 359 } else 360 sco_chan_del(sk, ECONNRESET); 361 break; 362 363 case BT_CONNECT2: 364 case BT_CONNECT: 365 case BT_DISCONN: 366 sco_chan_del(sk, ECONNRESET); 367 break; 368 369 default: 370 sock_set_flag(sk, SOCK_ZAPPED); 371 break; 372 } 373 } 374 375 /* Must be called on unlocked socket. */ 376 static void sco_sock_close(struct sock *sk) 377 { 378 sco_sock_clear_timer(sk); 379 lock_sock(sk); 380 __sco_sock_close(sk); 381 release_sock(sk); 382 sco_sock_kill(sk); 383 } 384 385 static void sco_sock_init(struct sock *sk, struct sock *parent) 386 { 387 BT_DBG("sk %p", sk); 388 389 if (parent) { 390 sk->sk_type = parent->sk_type; 391 bt_sk(sk)->flags = bt_sk(parent)->flags; 392 security_sk_clone(parent, sk); 393 } 394 } 395 396 static struct proto sco_proto = { 397 .name = "SCO", 398 .owner = THIS_MODULE, 399 .obj_size = sizeof(struct sco_pinfo) 400 }; 401 402 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 403 { 404 struct sock *sk; 405 406 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto); 407 if (!sk) 408 return NULL; 409 410 sock_init_data(sock, sk); 411 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 412 413 sk->sk_destruct = sco_sock_destruct; 414 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 415 416 sock_reset_flag(sk, SOCK_ZAPPED); 417 418 sk->sk_protocol = proto; 419 sk->sk_state = BT_OPEN; 420 421 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 422 423 setup_timer(&sk->sk_timer, sco_sock_timeout, (unsigned long)sk); 424 425 bt_sock_link(&sco_sk_list, sk); 426 return sk; 427 } 428 429 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 430 int kern) 431 { 432 struct sock *sk; 433 434 BT_DBG("sock %p", sock); 435 436 sock->state = SS_UNCONNECTED; 437 438 if (sock->type != SOCK_SEQPACKET) 439 return -ESOCKTNOSUPPORT; 440 441 sock->ops = &sco_sock_ops; 442 443 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC); 444 if (!sk) 445 return -ENOMEM; 446 447 sco_sock_init(sk, NULL); 448 return 0; 449 } 450 451 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 452 { 453 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 454 struct sock *sk = sock->sk; 455 int err = 0; 456 457 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 458 459 if (!addr || addr->sa_family != AF_BLUETOOTH) 460 return -EINVAL; 461 462 lock_sock(sk); 463 464 if (sk->sk_state != BT_OPEN) { 465 err = -EBADFD; 466 goto done; 467 } 468 469 if (sk->sk_type != SOCK_SEQPACKET) { 470 err = -EINVAL; 471 goto done; 472 } 473 474 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 475 476 sk->sk_state = BT_BOUND; 477 478 done: 479 release_sock(sk); 480 return err; 481 } 482 483 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 484 { 485 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 486 struct sock *sk = sock->sk; 487 int err; 488 489 BT_DBG("sk %p", sk); 490 491 if (alen < sizeof(struct sockaddr_sco) || 492 addr->sa_family != AF_BLUETOOTH) 493 return -EINVAL; 494 495 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 496 return -EBADFD; 497 498 if (sk->sk_type != SOCK_SEQPACKET) 499 return -EINVAL; 500 501 lock_sock(sk); 502 503 /* Set destination address and psm */ 504 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 505 506 err = sco_connect(sk); 507 if (err) 508 goto done; 509 510 err = bt_sock_wait_state(sk, BT_CONNECTED, 511 sock_sndtimeo(sk, flags & O_NONBLOCK)); 512 513 done: 514 release_sock(sk); 515 return err; 516 } 517 518 static int sco_sock_listen(struct socket *sock, int backlog) 519 { 520 struct sock *sk = sock->sk; 521 bdaddr_t *src = &sco_pi(sk)->src; 522 int err = 0; 523 524 BT_DBG("sk %p backlog %d", sk, backlog); 525 526 lock_sock(sk); 527 528 if (sk->sk_state != BT_BOUND) { 529 err = -EBADFD; 530 goto done; 531 } 532 533 if (sk->sk_type != SOCK_SEQPACKET) { 534 err = -EINVAL; 535 goto done; 536 } 537 538 write_lock(&sco_sk_list.lock); 539 540 if (__sco_get_sock_listen_by_addr(src)) { 541 err = -EADDRINUSE; 542 goto unlock; 543 } 544 545 sk->sk_max_ack_backlog = backlog; 546 sk->sk_ack_backlog = 0; 547 548 sk->sk_state = BT_LISTEN; 549 550 unlock: 551 write_unlock(&sco_sk_list.lock); 552 553 done: 554 release_sock(sk); 555 return err; 556 } 557 558 static int sco_sock_accept(struct socket *sock, struct socket *newsock, int flags) 559 { 560 DECLARE_WAITQUEUE(wait, current); 561 struct sock *sk = sock->sk, *ch; 562 long timeo; 563 int err = 0; 564 565 lock_sock(sk); 566 567 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 568 569 BT_DBG("sk %p timeo %ld", sk, timeo); 570 571 /* Wait for an incoming connection. (wake-one). */ 572 add_wait_queue_exclusive(sk_sleep(sk), &wait); 573 while (1) { 574 set_current_state(TASK_INTERRUPTIBLE); 575 576 if (sk->sk_state != BT_LISTEN) { 577 err = -EBADFD; 578 break; 579 } 580 581 ch = bt_accept_dequeue(sk, newsock); 582 if (ch) 583 break; 584 585 if (!timeo) { 586 err = -EAGAIN; 587 break; 588 } 589 590 if (signal_pending(current)) { 591 err = sock_intr_errno(timeo); 592 break; 593 } 594 595 release_sock(sk); 596 timeo = schedule_timeout(timeo); 597 lock_sock(sk); 598 } 599 __set_current_state(TASK_RUNNING); 600 remove_wait_queue(sk_sleep(sk), &wait); 601 602 if (err) 603 goto done; 604 605 newsock->state = SS_CONNECTED; 606 607 BT_DBG("new socket %p", ch); 608 609 done: 610 release_sock(sk); 611 return err; 612 } 613 614 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 615 { 616 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 617 struct sock *sk = sock->sk; 618 619 BT_DBG("sock %p, sk %p", sock, sk); 620 621 addr->sa_family = AF_BLUETOOTH; 622 *len = sizeof(struct sockaddr_sco); 623 624 if (peer) 625 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 626 else 627 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 628 629 return 0; 630 } 631 632 static int sco_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 633 struct msghdr *msg, size_t len) 634 { 635 struct sock *sk = sock->sk; 636 int err; 637 638 BT_DBG("sock %p, sk %p", sock, sk); 639 640 err = sock_error(sk); 641 if (err) 642 return err; 643 644 if (msg->msg_flags & MSG_OOB) 645 return -EOPNOTSUPP; 646 647 lock_sock(sk); 648 649 if (sk->sk_state == BT_CONNECTED) 650 err = sco_send_frame(sk, msg, len); 651 else 652 err = -ENOTCONN; 653 654 release_sock(sk); 655 return err; 656 } 657 658 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 659 { 660 struct hci_dev *hdev = conn->hdev; 661 662 BT_DBG("conn %p", conn); 663 664 conn->state = BT_CONFIG; 665 666 if (!lmp_esco_capable(hdev)) { 667 struct hci_cp_accept_conn_req cp; 668 669 bacpy(&cp.bdaddr, &conn->dst); 670 cp.role = 0x00; /* Ignored */ 671 672 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 673 } else { 674 struct hci_cp_accept_sync_conn_req cp; 675 676 bacpy(&cp.bdaddr, &conn->dst); 677 cp.pkt_type = cpu_to_le16(conn->pkt_type); 678 679 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40); 680 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40); 681 cp.content_format = cpu_to_le16(setting); 682 683 switch (setting & SCO_AIRMODE_MASK) { 684 case SCO_AIRMODE_TRANSP: 685 if (conn->pkt_type & ESCO_2EV3) 686 cp.max_latency = __constant_cpu_to_le16(0x0008); 687 else 688 cp.max_latency = __constant_cpu_to_le16(0x000D); 689 cp.retrans_effort = 0x02; 690 break; 691 case SCO_AIRMODE_CVSD: 692 cp.max_latency = __constant_cpu_to_le16(0xffff); 693 cp.retrans_effort = 0xff; 694 break; 695 } 696 697 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 698 sizeof(cp), &cp); 699 } 700 } 701 702 static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 703 struct msghdr *msg, size_t len, int flags) 704 { 705 struct sock *sk = sock->sk; 706 struct sco_pinfo *pi = sco_pi(sk); 707 708 lock_sock(sk); 709 710 if (sk->sk_state == BT_CONNECT2 && 711 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 712 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 713 sk->sk_state = BT_CONFIG; 714 msg->msg_namelen = 0; 715 716 release_sock(sk); 717 return 0; 718 } 719 720 release_sock(sk); 721 722 return bt_sock_recvmsg(iocb, sock, msg, len, flags); 723 } 724 725 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 726 { 727 struct sock *sk = sock->sk; 728 int len, err = 0; 729 struct bt_voice voice; 730 u32 opt; 731 732 BT_DBG("sk %p", sk); 733 734 lock_sock(sk); 735 736 switch (optname) { 737 738 case BT_DEFER_SETUP: 739 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 740 err = -EINVAL; 741 break; 742 } 743 744 if (get_user(opt, (u32 __user *) optval)) { 745 err = -EFAULT; 746 break; 747 } 748 749 if (opt) 750 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 751 else 752 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 753 break; 754 755 case BT_VOICE: 756 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 757 sk->sk_state != BT_CONNECT2) { 758 err = -EINVAL; 759 break; 760 } 761 762 voice.setting = sco_pi(sk)->setting; 763 764 len = min_t(unsigned int, sizeof(voice), optlen); 765 if (copy_from_user((char *) &voice, optval, len)) { 766 err = -EFAULT; 767 break; 768 } 769 770 /* Explicitly check for these values */ 771 if (voice.setting != BT_VOICE_TRANSPARENT && 772 voice.setting != BT_VOICE_CVSD_16BIT) { 773 err = -EINVAL; 774 break; 775 } 776 777 sco_pi(sk)->setting = voice.setting; 778 break; 779 780 default: 781 err = -ENOPROTOOPT; 782 break; 783 } 784 785 release_sock(sk); 786 return err; 787 } 788 789 static int sco_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 790 { 791 struct sock *sk = sock->sk; 792 struct sco_options opts; 793 struct sco_conninfo cinfo; 794 int len, err = 0; 795 796 BT_DBG("sk %p", sk); 797 798 if (get_user(len, optlen)) 799 return -EFAULT; 800 801 lock_sock(sk); 802 803 switch (optname) { 804 case SCO_OPTIONS: 805 if (sk->sk_state != BT_CONNECTED && 806 !(sk->sk_state == BT_CONNECT2 && 807 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 808 err = -ENOTCONN; 809 break; 810 } 811 812 opts.mtu = sco_pi(sk)->conn->mtu; 813 814 BT_DBG("mtu %d", opts.mtu); 815 816 len = min_t(unsigned int, len, sizeof(opts)); 817 if (copy_to_user(optval, (char *)&opts, len)) 818 err = -EFAULT; 819 820 break; 821 822 case SCO_CONNINFO: 823 if (sk->sk_state != BT_CONNECTED && 824 !(sk->sk_state == BT_CONNECT2 && 825 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 826 err = -ENOTCONN; 827 break; 828 } 829 830 memset(&cinfo, 0, sizeof(cinfo)); 831 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 832 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 833 834 len = min_t(unsigned int, len, sizeof(cinfo)); 835 if (copy_to_user(optval, (char *)&cinfo, len)) 836 err = -EFAULT; 837 838 break; 839 840 default: 841 err = -ENOPROTOOPT; 842 break; 843 } 844 845 release_sock(sk); 846 return err; 847 } 848 849 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 850 { 851 struct sock *sk = sock->sk; 852 int len, err = 0; 853 struct bt_voice voice; 854 855 BT_DBG("sk %p", sk); 856 857 if (level == SOL_SCO) 858 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 859 860 if (get_user(len, optlen)) 861 return -EFAULT; 862 863 lock_sock(sk); 864 865 switch (optname) { 866 867 case BT_DEFER_SETUP: 868 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 869 err = -EINVAL; 870 break; 871 } 872 873 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 874 (u32 __user *) optval)) 875 err = -EFAULT; 876 877 break; 878 879 case BT_VOICE: 880 voice.setting = sco_pi(sk)->setting; 881 882 len = min_t(unsigned int, len, sizeof(voice)); 883 if (copy_to_user(optval, (char *)&voice, len)) 884 err = -EFAULT; 885 886 break; 887 888 default: 889 err = -ENOPROTOOPT; 890 break; 891 } 892 893 release_sock(sk); 894 return err; 895 } 896 897 static int sco_sock_shutdown(struct socket *sock, int how) 898 { 899 struct sock *sk = sock->sk; 900 int err = 0; 901 902 BT_DBG("sock %p, sk %p", sock, sk); 903 904 if (!sk) 905 return 0; 906 907 lock_sock(sk); 908 if (!sk->sk_shutdown) { 909 sk->sk_shutdown = SHUTDOWN_MASK; 910 sco_sock_clear_timer(sk); 911 __sco_sock_close(sk); 912 913 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 914 err = bt_sock_wait_state(sk, BT_CLOSED, 915 sk->sk_lingertime); 916 } 917 release_sock(sk); 918 return err; 919 } 920 921 static int sco_sock_release(struct socket *sock) 922 { 923 struct sock *sk = sock->sk; 924 int err = 0; 925 926 BT_DBG("sock %p, sk %p", sock, sk); 927 928 if (!sk) 929 return 0; 930 931 sco_sock_close(sk); 932 933 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) { 934 lock_sock(sk); 935 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 936 release_sock(sk); 937 } 938 939 sock_orphan(sk); 940 sco_sock_kill(sk); 941 return err; 942 } 943 944 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent) 945 { 946 BT_DBG("conn %p", conn); 947 948 sco_pi(sk)->conn = conn; 949 conn->sk = sk; 950 951 if (parent) 952 bt_accept_enqueue(parent, sk); 953 } 954 955 /* Delete channel. 956 * Must be called on the locked socket. */ 957 static void sco_chan_del(struct sock *sk, int err) 958 { 959 struct sco_conn *conn; 960 961 conn = sco_pi(sk)->conn; 962 963 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 964 965 if (conn) { 966 sco_conn_lock(conn); 967 conn->sk = NULL; 968 sco_pi(sk)->conn = NULL; 969 sco_conn_unlock(conn); 970 971 if (conn->hcon) 972 hci_conn_drop(conn->hcon); 973 } 974 975 sk->sk_state = BT_CLOSED; 976 sk->sk_err = err; 977 sk->sk_state_change(sk); 978 979 sock_set_flag(sk, SOCK_ZAPPED); 980 } 981 982 static void sco_conn_ready(struct sco_conn *conn) 983 { 984 struct sock *parent; 985 struct sock *sk = conn->sk; 986 987 BT_DBG("conn %p", conn); 988 989 if (sk) { 990 sco_sock_clear_timer(sk); 991 bh_lock_sock(sk); 992 sk->sk_state = BT_CONNECTED; 993 sk->sk_state_change(sk); 994 bh_unlock_sock(sk); 995 } else { 996 sco_conn_lock(conn); 997 998 parent = sco_get_sock_listen(&conn->hcon->src); 999 if (!parent) { 1000 sco_conn_unlock(conn); 1001 return; 1002 } 1003 1004 bh_lock_sock(parent); 1005 1006 sk = sco_sock_alloc(sock_net(parent), NULL, 1007 BTPROTO_SCO, GFP_ATOMIC); 1008 if (!sk) { 1009 bh_unlock_sock(parent); 1010 sco_conn_unlock(conn); 1011 return; 1012 } 1013 1014 sco_sock_init(sk, parent); 1015 1016 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1017 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1018 1019 hci_conn_hold(conn->hcon); 1020 __sco_chan_add(conn, sk, parent); 1021 1022 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1023 sk->sk_state = BT_CONNECT2; 1024 else 1025 sk->sk_state = BT_CONNECTED; 1026 1027 /* Wake up parent */ 1028 parent->sk_data_ready(parent, 1); 1029 1030 bh_unlock_sock(parent); 1031 1032 sco_conn_unlock(conn); 1033 } 1034 } 1035 1036 /* ----- SCO interface with lower layer (HCI) ----- */ 1037 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1038 { 1039 struct sock *sk; 1040 int lm = 0; 1041 1042 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1043 1044 /* Find listening sockets */ 1045 read_lock(&sco_sk_list.lock); 1046 sk_for_each(sk, &sco_sk_list.head) { 1047 if (sk->sk_state != BT_LISTEN) 1048 continue; 1049 1050 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1051 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1052 lm |= HCI_LM_ACCEPT; 1053 1054 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1055 *flags |= HCI_PROTO_DEFER; 1056 break; 1057 } 1058 } 1059 read_unlock(&sco_sk_list.lock); 1060 1061 return lm; 1062 } 1063 1064 void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1065 { 1066 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 1067 if (!status) { 1068 struct sco_conn *conn; 1069 1070 conn = sco_conn_add(hcon); 1071 if (conn) 1072 sco_conn_ready(conn); 1073 } else 1074 sco_conn_del(hcon, bt_to_errno(status)); 1075 } 1076 1077 void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1078 { 1079 BT_DBG("hcon %p reason %d", hcon, reason); 1080 1081 sco_conn_del(hcon, bt_to_errno(reason)); 1082 } 1083 1084 int sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 1085 { 1086 struct sco_conn *conn = hcon->sco_data; 1087 1088 if (!conn) 1089 goto drop; 1090 1091 BT_DBG("conn %p len %d", conn, skb->len); 1092 1093 if (skb->len) { 1094 sco_recv_frame(conn, skb); 1095 return 0; 1096 } 1097 1098 drop: 1099 kfree_skb(skb); 1100 return 0; 1101 } 1102 1103 static int sco_debugfs_show(struct seq_file *f, void *p) 1104 { 1105 struct sock *sk; 1106 1107 read_lock(&sco_sk_list.lock); 1108 1109 sk_for_each(sk, &sco_sk_list.head) { 1110 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1111 &sco_pi(sk)->dst, sk->sk_state); 1112 } 1113 1114 read_unlock(&sco_sk_list.lock); 1115 1116 return 0; 1117 } 1118 1119 static int sco_debugfs_open(struct inode *inode, struct file *file) 1120 { 1121 return single_open(file, sco_debugfs_show, inode->i_private); 1122 } 1123 1124 static const struct file_operations sco_debugfs_fops = { 1125 .open = sco_debugfs_open, 1126 .read = seq_read, 1127 .llseek = seq_lseek, 1128 .release = single_release, 1129 }; 1130 1131 static struct dentry *sco_debugfs; 1132 1133 static const struct proto_ops sco_sock_ops = { 1134 .family = PF_BLUETOOTH, 1135 .owner = THIS_MODULE, 1136 .release = sco_sock_release, 1137 .bind = sco_sock_bind, 1138 .connect = sco_sock_connect, 1139 .listen = sco_sock_listen, 1140 .accept = sco_sock_accept, 1141 .getname = sco_sock_getname, 1142 .sendmsg = sco_sock_sendmsg, 1143 .recvmsg = sco_sock_recvmsg, 1144 .poll = bt_sock_poll, 1145 .ioctl = bt_sock_ioctl, 1146 .mmap = sock_no_mmap, 1147 .socketpair = sock_no_socketpair, 1148 .shutdown = sco_sock_shutdown, 1149 .setsockopt = sco_sock_setsockopt, 1150 .getsockopt = sco_sock_getsockopt 1151 }; 1152 1153 static const struct net_proto_family sco_sock_family_ops = { 1154 .family = PF_BLUETOOTH, 1155 .owner = THIS_MODULE, 1156 .create = sco_sock_create, 1157 }; 1158 1159 int __init sco_init(void) 1160 { 1161 int err; 1162 1163 err = proto_register(&sco_proto, 0); 1164 if (err < 0) 1165 return err; 1166 1167 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1168 if (err < 0) { 1169 BT_ERR("SCO socket registration failed"); 1170 goto error; 1171 } 1172 1173 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1174 if (err < 0) { 1175 BT_ERR("Failed to create SCO proc file"); 1176 bt_sock_unregister(BTPROTO_SCO); 1177 goto error; 1178 } 1179 1180 BT_INFO("SCO socket layer initialized"); 1181 1182 if (IS_ERR_OR_NULL(bt_debugfs)) 1183 return 0; 1184 1185 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1186 NULL, &sco_debugfs_fops); 1187 1188 return 0; 1189 1190 error: 1191 proto_unregister(&sco_proto); 1192 return err; 1193 } 1194 1195 void __exit sco_exit(void) 1196 { 1197 bt_procfs_cleanup(&init_net, "sco"); 1198 1199 debugfs_remove(sco_debugfs); 1200 1201 bt_sock_unregister(BTPROTO_SCO); 1202 1203 proto_unregister(&sco_proto); 1204 } 1205 1206 module_param(disable_esco, bool, 0644); 1207 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1208