xref: /linux/net/bluetooth/sco.c (revision 4b42fbc6bd8f73d9ded535d8c61ccaa837ff3bd4)
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4 
5    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6 
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10 
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24 
25 /* Bluetooth SCO sockets. */
26 
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 #include <linux/sched/signal.h>
31 
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/sco.h>
35 
36 static bool disable_esco;
37 
38 static const struct proto_ops sco_sock_ops;
39 
40 static struct bt_sock_list sco_sk_list = {
41 	.lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42 };
43 
44 /* ---- SCO connections ---- */
45 struct sco_conn {
46 	struct hci_conn	*hcon;
47 
48 	spinlock_t	lock;
49 	struct sock	*sk;
50 
51 	struct delayed_work	timeout_work;
52 
53 	unsigned int    mtu;
54 	struct kref	ref;
55 };
56 
57 #define sco_conn_lock(c)	spin_lock(&c->lock)
58 #define sco_conn_unlock(c)	spin_unlock(&c->lock)
59 
60 static void sco_sock_close(struct sock *sk);
61 static void sco_sock_kill(struct sock *sk);
62 
63 /* ----- SCO socket info ----- */
64 #define sco_pi(sk) ((struct sco_pinfo *) sk)
65 
66 struct sco_pinfo {
67 	struct bt_sock	bt;
68 	bdaddr_t	src;
69 	bdaddr_t	dst;
70 	__u32		flags;
71 	__u16		setting;
72 	struct bt_codec codec;
73 	struct sco_conn	*conn;
74 };
75 
76 /* ---- SCO timers ---- */
77 #define SCO_CONN_TIMEOUT	(HZ * 40)
78 #define SCO_DISCONN_TIMEOUT	(HZ * 2)
79 
80 static void sco_conn_free(struct kref *ref)
81 {
82 	struct sco_conn *conn = container_of(ref, struct sco_conn, ref);
83 
84 	BT_DBG("conn %p", conn);
85 
86 	if (conn->sk)
87 		sco_pi(conn->sk)->conn = NULL;
88 
89 	if (conn->hcon) {
90 		conn->hcon->sco_data = NULL;
91 		hci_conn_drop(conn->hcon);
92 	}
93 
94 	/* Ensure no more work items will run since hci_conn has been dropped */
95 	disable_delayed_work_sync(&conn->timeout_work);
96 
97 	kfree(conn);
98 }
99 
100 static void sco_conn_put(struct sco_conn *conn)
101 {
102 	if (!conn)
103 		return;
104 
105 	BT_DBG("conn %p refcnt %d", conn, kref_read(&conn->ref));
106 
107 	kref_put(&conn->ref, sco_conn_free);
108 }
109 
110 static struct sco_conn *sco_conn_hold_unless_zero(struct sco_conn *conn)
111 {
112 	if (!conn)
113 		return NULL;
114 
115 	BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref));
116 
117 	if (!kref_get_unless_zero(&conn->ref))
118 		return NULL;
119 
120 	return conn;
121 }
122 
123 static struct sock *sco_sock_hold(struct sco_conn *conn)
124 {
125 	if (!conn || !bt_sock_linked(&sco_sk_list, conn->sk))
126 		return NULL;
127 
128 	sock_hold(conn->sk);
129 
130 	return conn->sk;
131 }
132 
133 static void sco_sock_timeout(struct work_struct *work)
134 {
135 	struct sco_conn *conn = container_of(work, struct sco_conn,
136 					     timeout_work.work);
137 	struct sock *sk;
138 
139 	conn = sco_conn_hold_unless_zero(conn);
140 	if (!conn)
141 		return;
142 
143 	sco_conn_lock(conn);
144 	if (!conn->hcon) {
145 		sco_conn_unlock(conn);
146 		return;
147 	}
148 	sk = sco_sock_hold(conn);
149 	sco_conn_unlock(conn);
150 	sco_conn_put(conn);
151 
152 	if (!sk)
153 		return;
154 
155 	BT_DBG("sock %p state %d", sk, sk->sk_state);
156 
157 	lock_sock(sk);
158 	sk->sk_err = ETIMEDOUT;
159 	sk->sk_state_change(sk);
160 	release_sock(sk);
161 	sock_put(sk);
162 }
163 
164 static void sco_sock_set_timer(struct sock *sk, long timeout)
165 {
166 	if (!sco_pi(sk)->conn)
167 		return;
168 
169 	BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
170 	cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
171 	schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
172 }
173 
174 static void sco_sock_clear_timer(struct sock *sk)
175 {
176 	if (!sco_pi(sk)->conn)
177 		return;
178 
179 	BT_DBG("sock %p state %d", sk, sk->sk_state);
180 	cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
181 }
182 
183 /* ---- SCO connections ---- */
184 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
185 {
186 	struct sco_conn *conn = hcon->sco_data;
187 
188 	conn = sco_conn_hold_unless_zero(conn);
189 	if (conn) {
190 		if (!conn->hcon) {
191 			sco_conn_lock(conn);
192 			conn->hcon = hcon;
193 			sco_conn_unlock(conn);
194 		}
195 		sco_conn_put(conn);
196 		return conn;
197 	}
198 
199 	conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
200 	if (!conn)
201 		return NULL;
202 
203 	kref_init(&conn->ref);
204 	spin_lock_init(&conn->lock);
205 	INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
206 
207 	hcon->sco_data = conn;
208 	conn->hcon = hcon;
209 	conn->mtu = hcon->mtu;
210 
211 	if (hcon->mtu > 0)
212 		conn->mtu = hcon->mtu;
213 	else
214 		conn->mtu = 60;
215 
216 	BT_DBG("hcon %p conn %p", hcon, conn);
217 
218 	return conn;
219 }
220 
221 /* Delete channel.
222  * Must be called on the locked socket. */
223 static void sco_chan_del(struct sock *sk, int err)
224 {
225 	struct sco_conn *conn;
226 
227 	conn = sco_pi(sk)->conn;
228 	sco_pi(sk)->conn = NULL;
229 
230 	BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
231 
232 	if (conn) {
233 		sco_conn_lock(conn);
234 		conn->sk = NULL;
235 		sco_conn_unlock(conn);
236 		sco_conn_put(conn);
237 	}
238 
239 	sk->sk_state = BT_CLOSED;
240 	sk->sk_err   = err;
241 	sk->sk_state_change(sk);
242 
243 	sock_set_flag(sk, SOCK_ZAPPED);
244 }
245 
246 static void sco_conn_del(struct hci_conn *hcon, int err)
247 {
248 	struct sco_conn *conn = hcon->sco_data;
249 	struct sock *sk;
250 
251 	conn = sco_conn_hold_unless_zero(conn);
252 	if (!conn)
253 		return;
254 
255 	BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
256 
257 	sco_conn_lock(conn);
258 	sk = sco_sock_hold(conn);
259 	sco_conn_unlock(conn);
260 	sco_conn_put(conn);
261 
262 	if (!sk) {
263 		sco_conn_put(conn);
264 		return;
265 	}
266 
267 	/* Kill socket */
268 	lock_sock(sk);
269 	sco_sock_clear_timer(sk);
270 	sco_chan_del(sk, err);
271 	release_sock(sk);
272 	sock_put(sk);
273 }
274 
275 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
276 			   struct sock *parent)
277 {
278 	BT_DBG("conn %p", conn);
279 
280 	sco_pi(sk)->conn = conn;
281 	conn->sk = sk;
282 
283 	if (parent)
284 		bt_accept_enqueue(parent, sk, true);
285 }
286 
287 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
288 			struct sock *parent)
289 {
290 	int err = 0;
291 
292 	sco_conn_lock(conn);
293 	if (conn->sk)
294 		err = -EBUSY;
295 	else
296 		__sco_chan_add(conn, sk, parent);
297 
298 	sco_conn_unlock(conn);
299 	return err;
300 }
301 
302 static int sco_connect(struct sock *sk)
303 {
304 	struct sco_conn *conn;
305 	struct hci_conn *hcon;
306 	struct hci_dev  *hdev;
307 	int err, type;
308 
309 	BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
310 
311 	hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
312 	if (!hdev)
313 		return -EHOSTUNREACH;
314 
315 	hci_dev_lock(hdev);
316 
317 	if (lmp_esco_capable(hdev) && !disable_esco)
318 		type = ESCO_LINK;
319 	else
320 		type = SCO_LINK;
321 
322 	if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
323 	    (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
324 		err = -EOPNOTSUPP;
325 		goto unlock;
326 	}
327 
328 	hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
329 			       sco_pi(sk)->setting, &sco_pi(sk)->codec,
330 			       sk->sk_sndtimeo);
331 	if (IS_ERR(hcon)) {
332 		err = PTR_ERR(hcon);
333 		goto unlock;
334 	}
335 
336 	conn = sco_conn_add(hcon);
337 	if (!conn) {
338 		hci_conn_drop(hcon);
339 		err = -ENOMEM;
340 		goto unlock;
341 	}
342 
343 	lock_sock(sk);
344 
345 	err = sco_chan_add(conn, sk, NULL);
346 	if (err) {
347 		release_sock(sk);
348 		goto unlock;
349 	}
350 
351 	/* Update source addr of the socket */
352 	bacpy(&sco_pi(sk)->src, &hcon->src);
353 
354 	if (hcon->state == BT_CONNECTED) {
355 		sco_sock_clear_timer(sk);
356 		sk->sk_state = BT_CONNECTED;
357 	} else {
358 		sk->sk_state = BT_CONNECT;
359 		sco_sock_set_timer(sk, sk->sk_sndtimeo);
360 	}
361 
362 	release_sock(sk);
363 
364 unlock:
365 	hci_dev_unlock(hdev);
366 	hci_dev_put(hdev);
367 	return err;
368 }
369 
370 static int sco_send_frame(struct sock *sk, struct sk_buff *skb)
371 {
372 	struct sco_conn *conn = sco_pi(sk)->conn;
373 	int len = skb->len;
374 
375 	/* Check outgoing MTU */
376 	if (len > conn->mtu)
377 		return -EINVAL;
378 
379 	BT_DBG("sk %p len %d", sk, len);
380 
381 	hci_send_sco(conn->hcon, skb);
382 
383 	return len;
384 }
385 
386 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
387 {
388 	struct sock *sk;
389 
390 	sco_conn_lock(conn);
391 	sk = conn->sk;
392 	sco_conn_unlock(conn);
393 
394 	if (!sk)
395 		goto drop;
396 
397 	BT_DBG("sk %p len %u", sk, skb->len);
398 
399 	if (sk->sk_state != BT_CONNECTED)
400 		goto drop;
401 
402 	if (!sock_queue_rcv_skb(sk, skb))
403 		return;
404 
405 drop:
406 	kfree_skb(skb);
407 }
408 
409 /* -------- Socket interface ---------- */
410 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
411 {
412 	struct sock *sk;
413 
414 	sk_for_each(sk, &sco_sk_list.head) {
415 		if (sk->sk_state != BT_LISTEN)
416 			continue;
417 
418 		if (!bacmp(&sco_pi(sk)->src, ba))
419 			return sk;
420 	}
421 
422 	return NULL;
423 }
424 
425 /* Find socket listening on source bdaddr.
426  * Returns closest match.
427  */
428 static struct sock *sco_get_sock_listen(bdaddr_t *src)
429 {
430 	struct sock *sk = NULL, *sk1 = NULL;
431 
432 	read_lock(&sco_sk_list.lock);
433 
434 	sk_for_each(sk, &sco_sk_list.head) {
435 		if (sk->sk_state != BT_LISTEN)
436 			continue;
437 
438 		/* Exact match. */
439 		if (!bacmp(&sco_pi(sk)->src, src))
440 			break;
441 
442 		/* Closest match */
443 		if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
444 			sk1 = sk;
445 	}
446 
447 	read_unlock(&sco_sk_list.lock);
448 
449 	return sk ? sk : sk1;
450 }
451 
452 static void sco_sock_destruct(struct sock *sk)
453 {
454 	BT_DBG("sk %p", sk);
455 
456 	sco_conn_put(sco_pi(sk)->conn);
457 
458 	skb_queue_purge(&sk->sk_receive_queue);
459 	skb_queue_purge(&sk->sk_write_queue);
460 }
461 
462 static void sco_sock_cleanup_listen(struct sock *parent)
463 {
464 	struct sock *sk;
465 
466 	BT_DBG("parent %p", parent);
467 
468 	/* Close not yet accepted channels */
469 	while ((sk = bt_accept_dequeue(parent, NULL))) {
470 		sco_sock_close(sk);
471 		sco_sock_kill(sk);
472 	}
473 
474 	parent->sk_state  = BT_CLOSED;
475 	sock_set_flag(parent, SOCK_ZAPPED);
476 }
477 
478 /* Kill socket (only if zapped and orphan)
479  * Must be called on unlocked socket.
480  */
481 static void sco_sock_kill(struct sock *sk)
482 {
483 	if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
484 		return;
485 
486 	BT_DBG("sk %p state %d", sk, sk->sk_state);
487 
488 	/* Kill poor orphan */
489 	bt_sock_unlink(&sco_sk_list, sk);
490 	sock_set_flag(sk, SOCK_DEAD);
491 	sock_put(sk);
492 }
493 
494 static void __sco_sock_close(struct sock *sk)
495 {
496 	BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
497 
498 	switch (sk->sk_state) {
499 	case BT_LISTEN:
500 		sco_sock_cleanup_listen(sk);
501 		break;
502 
503 	case BT_CONNECTED:
504 	case BT_CONFIG:
505 	case BT_CONNECT2:
506 	case BT_CONNECT:
507 	case BT_DISCONN:
508 		sco_chan_del(sk, ECONNRESET);
509 		break;
510 
511 	default:
512 		sock_set_flag(sk, SOCK_ZAPPED);
513 		break;
514 	}
515 
516 }
517 
518 /* Must be called on unlocked socket. */
519 static void sco_sock_close(struct sock *sk)
520 {
521 	lock_sock(sk);
522 	sco_sock_clear_timer(sk);
523 	__sco_sock_close(sk);
524 	release_sock(sk);
525 }
526 
527 static void sco_sock_init(struct sock *sk, struct sock *parent)
528 {
529 	BT_DBG("sk %p", sk);
530 
531 	if (parent) {
532 		sk->sk_type = parent->sk_type;
533 		bt_sk(sk)->flags = bt_sk(parent)->flags;
534 		security_sk_clone(parent, sk);
535 	}
536 }
537 
538 static struct proto sco_proto = {
539 	.name		= "SCO",
540 	.owner		= THIS_MODULE,
541 	.obj_size	= sizeof(struct sco_pinfo)
542 };
543 
544 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
545 				   int proto, gfp_t prio, int kern)
546 {
547 	struct sock *sk;
548 
549 	sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern);
550 	if (!sk)
551 		return NULL;
552 
553 	sk->sk_destruct = sco_sock_destruct;
554 	sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
555 
556 	sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
557 	sco_pi(sk)->codec.id = BT_CODEC_CVSD;
558 	sco_pi(sk)->codec.cid = 0xffff;
559 	sco_pi(sk)->codec.vid = 0xffff;
560 	sco_pi(sk)->codec.data_path = 0x00;
561 
562 	bt_sock_link(&sco_sk_list, sk);
563 	return sk;
564 }
565 
566 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
567 			   int kern)
568 {
569 	struct sock *sk;
570 
571 	BT_DBG("sock %p", sock);
572 
573 	sock->state = SS_UNCONNECTED;
574 
575 	if (sock->type != SOCK_SEQPACKET)
576 		return -ESOCKTNOSUPPORT;
577 
578 	sock->ops = &sco_sock_ops;
579 
580 	sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
581 	if (!sk)
582 		return -ENOMEM;
583 
584 	sco_sock_init(sk, NULL);
585 	return 0;
586 }
587 
588 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
589 			 int addr_len)
590 {
591 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
592 	struct sock *sk = sock->sk;
593 	int err = 0;
594 
595 	if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
596 	    addr->sa_family != AF_BLUETOOTH)
597 		return -EINVAL;
598 
599 	BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
600 
601 	lock_sock(sk);
602 
603 	if (sk->sk_state != BT_OPEN) {
604 		err = -EBADFD;
605 		goto done;
606 	}
607 
608 	if (sk->sk_type != SOCK_SEQPACKET) {
609 		err = -EINVAL;
610 		goto done;
611 	}
612 
613 	bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
614 
615 	sk->sk_state = BT_BOUND;
616 
617 done:
618 	release_sock(sk);
619 	return err;
620 }
621 
622 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
623 {
624 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
625 	struct sock *sk = sock->sk;
626 	int err;
627 
628 	BT_DBG("sk %p", sk);
629 
630 	if (alen < sizeof(struct sockaddr_sco) ||
631 	    addr->sa_family != AF_BLUETOOTH)
632 		return -EINVAL;
633 
634 	if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
635 		return -EBADFD;
636 
637 	if (sk->sk_type != SOCK_SEQPACKET)
638 		err = -EINVAL;
639 
640 	lock_sock(sk);
641 	/* Set destination address and psm */
642 	bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
643 	release_sock(sk);
644 
645 	err = sco_connect(sk);
646 	if (err)
647 		return err;
648 
649 	lock_sock(sk);
650 
651 	err = bt_sock_wait_state(sk, BT_CONNECTED,
652 				 sock_sndtimeo(sk, flags & O_NONBLOCK));
653 
654 	release_sock(sk);
655 	return err;
656 }
657 
658 static int sco_sock_listen(struct socket *sock, int backlog)
659 {
660 	struct sock *sk = sock->sk;
661 	bdaddr_t *src = &sco_pi(sk)->src;
662 	int err = 0;
663 
664 	BT_DBG("sk %p backlog %d", sk, backlog);
665 
666 	lock_sock(sk);
667 
668 	if (sk->sk_state != BT_BOUND) {
669 		err = -EBADFD;
670 		goto done;
671 	}
672 
673 	if (sk->sk_type != SOCK_SEQPACKET) {
674 		err = -EINVAL;
675 		goto done;
676 	}
677 
678 	write_lock(&sco_sk_list.lock);
679 
680 	if (__sco_get_sock_listen_by_addr(src)) {
681 		err = -EADDRINUSE;
682 		goto unlock;
683 	}
684 
685 	sk->sk_max_ack_backlog = backlog;
686 	sk->sk_ack_backlog = 0;
687 
688 	sk->sk_state = BT_LISTEN;
689 
690 unlock:
691 	write_unlock(&sco_sk_list.lock);
692 
693 done:
694 	release_sock(sk);
695 	return err;
696 }
697 
698 static int sco_sock_accept(struct socket *sock, struct socket *newsock,
699 			   struct proto_accept_arg *arg)
700 {
701 	DEFINE_WAIT_FUNC(wait, woken_wake_function);
702 	struct sock *sk = sock->sk, *ch;
703 	long timeo;
704 	int err = 0;
705 
706 	lock_sock(sk);
707 
708 	timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK);
709 
710 	BT_DBG("sk %p timeo %ld", sk, timeo);
711 
712 	/* Wait for an incoming connection. (wake-one). */
713 	add_wait_queue_exclusive(sk_sleep(sk), &wait);
714 	while (1) {
715 		if (sk->sk_state != BT_LISTEN) {
716 			err = -EBADFD;
717 			break;
718 		}
719 
720 		ch = bt_accept_dequeue(sk, newsock);
721 		if (ch)
722 			break;
723 
724 		if (!timeo) {
725 			err = -EAGAIN;
726 			break;
727 		}
728 
729 		if (signal_pending(current)) {
730 			err = sock_intr_errno(timeo);
731 			break;
732 		}
733 
734 		release_sock(sk);
735 
736 		timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
737 		lock_sock(sk);
738 	}
739 	remove_wait_queue(sk_sleep(sk), &wait);
740 
741 	if (err)
742 		goto done;
743 
744 	newsock->state = SS_CONNECTED;
745 
746 	BT_DBG("new socket %p", ch);
747 
748 done:
749 	release_sock(sk);
750 	return err;
751 }
752 
753 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
754 			    int peer)
755 {
756 	struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
757 	struct sock *sk = sock->sk;
758 
759 	BT_DBG("sock %p, sk %p", sock, sk);
760 
761 	addr->sa_family = AF_BLUETOOTH;
762 
763 	if (peer)
764 		bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
765 	else
766 		bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
767 
768 	return sizeof(struct sockaddr_sco);
769 }
770 
771 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
772 			    size_t len)
773 {
774 	struct sock *sk = sock->sk;
775 	struct sk_buff *skb;
776 	int err;
777 
778 	BT_DBG("sock %p, sk %p", sock, sk);
779 
780 	err = sock_error(sk);
781 	if (err)
782 		return err;
783 
784 	if (msg->msg_flags & MSG_OOB)
785 		return -EOPNOTSUPP;
786 
787 	skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0);
788 	if (IS_ERR(skb))
789 		return PTR_ERR(skb);
790 
791 	lock_sock(sk);
792 
793 	if (sk->sk_state == BT_CONNECTED)
794 		err = sco_send_frame(sk, skb);
795 	else
796 		err = -ENOTCONN;
797 
798 	release_sock(sk);
799 
800 	if (err < 0)
801 		kfree_skb(skb);
802 	return err;
803 }
804 
805 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
806 {
807 	struct hci_dev *hdev = conn->hdev;
808 
809 	BT_DBG("conn %p", conn);
810 
811 	conn->state = BT_CONFIG;
812 
813 	if (!lmp_esco_capable(hdev)) {
814 		struct hci_cp_accept_conn_req cp;
815 
816 		bacpy(&cp.bdaddr, &conn->dst);
817 		cp.role = 0x00; /* Ignored */
818 
819 		hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
820 	} else {
821 		struct hci_cp_accept_sync_conn_req cp;
822 
823 		bacpy(&cp.bdaddr, &conn->dst);
824 		cp.pkt_type = cpu_to_le16(conn->pkt_type);
825 
826 		cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
827 		cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
828 		cp.content_format = cpu_to_le16(setting);
829 
830 		switch (setting & SCO_AIRMODE_MASK) {
831 		case SCO_AIRMODE_TRANSP:
832 			if (conn->pkt_type & ESCO_2EV3)
833 				cp.max_latency = cpu_to_le16(0x0008);
834 			else
835 				cp.max_latency = cpu_to_le16(0x000D);
836 			cp.retrans_effort = 0x02;
837 			break;
838 		case SCO_AIRMODE_CVSD:
839 			cp.max_latency = cpu_to_le16(0xffff);
840 			cp.retrans_effort = 0xff;
841 			break;
842 		default:
843 			/* use CVSD settings as fallback */
844 			cp.max_latency = cpu_to_le16(0xffff);
845 			cp.retrans_effort = 0xff;
846 			break;
847 		}
848 
849 		hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
850 			     sizeof(cp), &cp);
851 	}
852 }
853 
854 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
855 			    size_t len, int flags)
856 {
857 	struct sock *sk = sock->sk;
858 	struct sco_pinfo *pi = sco_pi(sk);
859 
860 	lock_sock(sk);
861 
862 	if (sk->sk_state == BT_CONNECT2 &&
863 	    test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
864 		sco_conn_defer_accept(pi->conn->hcon, pi->setting);
865 		sk->sk_state = BT_CONFIG;
866 
867 		release_sock(sk);
868 		return 0;
869 	}
870 
871 	release_sock(sk);
872 
873 	return bt_sock_recvmsg(sock, msg, len, flags);
874 }
875 
876 static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
877 			       sockptr_t optval, unsigned int optlen)
878 {
879 	struct sock *sk = sock->sk;
880 	int err = 0;
881 	struct bt_voice voice;
882 	u32 opt;
883 	struct bt_codecs *codecs;
884 	struct hci_dev *hdev;
885 	__u8 buffer[255];
886 
887 	BT_DBG("sk %p", sk);
888 
889 	lock_sock(sk);
890 
891 	switch (optname) {
892 
893 	case BT_DEFER_SETUP:
894 		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
895 			err = -EINVAL;
896 			break;
897 		}
898 
899 		err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen);
900 		if (err)
901 			break;
902 
903 		if (opt)
904 			set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
905 		else
906 			clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
907 		break;
908 
909 	case BT_VOICE:
910 		if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
911 		    sk->sk_state != BT_CONNECT2) {
912 			err = -EINVAL;
913 			break;
914 		}
915 
916 		voice.setting = sco_pi(sk)->setting;
917 
918 		err = bt_copy_from_sockptr(&voice, sizeof(voice), optval,
919 					   optlen);
920 		if (err)
921 			break;
922 
923 		/* Explicitly check for these values */
924 		if (voice.setting != BT_VOICE_TRANSPARENT &&
925 		    voice.setting != BT_VOICE_CVSD_16BIT) {
926 			err = -EINVAL;
927 			break;
928 		}
929 
930 		sco_pi(sk)->setting = voice.setting;
931 		hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
932 				     BDADDR_BREDR);
933 		if (!hdev) {
934 			err = -EBADFD;
935 			break;
936 		}
937 		if (enhanced_sync_conn_capable(hdev) &&
938 		    voice.setting == BT_VOICE_TRANSPARENT)
939 			sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT;
940 		hci_dev_put(hdev);
941 		break;
942 
943 	case BT_PKT_STATUS:
944 		err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen);
945 		if (err)
946 			break;
947 
948 		if (opt)
949 			set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
950 		else
951 			clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
952 		break;
953 
954 	case BT_CODEC:
955 		if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
956 		    sk->sk_state != BT_CONNECT2) {
957 			err = -EINVAL;
958 			break;
959 		}
960 
961 		hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
962 				     BDADDR_BREDR);
963 		if (!hdev) {
964 			err = -EBADFD;
965 			break;
966 		}
967 
968 		if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
969 			hci_dev_put(hdev);
970 			err = -EOPNOTSUPP;
971 			break;
972 		}
973 
974 		if (!hdev->get_data_path_id) {
975 			hci_dev_put(hdev);
976 			err = -EOPNOTSUPP;
977 			break;
978 		}
979 
980 		if (optlen < sizeof(struct bt_codecs) ||
981 		    optlen > sizeof(buffer)) {
982 			hci_dev_put(hdev);
983 			err = -EINVAL;
984 			break;
985 		}
986 
987 		err = bt_copy_from_sockptr(buffer, optlen, optval, optlen);
988 		if (err) {
989 			hci_dev_put(hdev);
990 			break;
991 		}
992 
993 		codecs = (void *)buffer;
994 
995 		if (codecs->num_codecs > 1) {
996 			hci_dev_put(hdev);
997 			err = -EINVAL;
998 			break;
999 		}
1000 
1001 		sco_pi(sk)->codec = codecs->codecs[0];
1002 		hci_dev_put(hdev);
1003 		break;
1004 
1005 	default:
1006 		err = -ENOPROTOOPT;
1007 		break;
1008 	}
1009 
1010 	release_sock(sk);
1011 	return err;
1012 }
1013 
1014 static int sco_sock_getsockopt_old(struct socket *sock, int optname,
1015 				   char __user *optval, int __user *optlen)
1016 {
1017 	struct sock *sk = sock->sk;
1018 	struct sco_options opts;
1019 	struct sco_conninfo cinfo;
1020 	int err = 0;
1021 	size_t len;
1022 
1023 	BT_DBG("sk %p", sk);
1024 
1025 	if (get_user(len, optlen))
1026 		return -EFAULT;
1027 
1028 	lock_sock(sk);
1029 
1030 	switch (optname) {
1031 	case SCO_OPTIONS:
1032 		if (sk->sk_state != BT_CONNECTED &&
1033 		    !(sk->sk_state == BT_CONNECT2 &&
1034 		      test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
1035 			err = -ENOTCONN;
1036 			break;
1037 		}
1038 
1039 		opts.mtu = sco_pi(sk)->conn->mtu;
1040 
1041 		BT_DBG("mtu %u", opts.mtu);
1042 
1043 		len = min(len, sizeof(opts));
1044 		if (copy_to_user(optval, (char *)&opts, len))
1045 			err = -EFAULT;
1046 
1047 		break;
1048 
1049 	case SCO_CONNINFO:
1050 		if (sk->sk_state != BT_CONNECTED &&
1051 		    !(sk->sk_state == BT_CONNECT2 &&
1052 		      test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
1053 			err = -ENOTCONN;
1054 			break;
1055 		}
1056 
1057 		memset(&cinfo, 0, sizeof(cinfo));
1058 		cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
1059 		memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
1060 
1061 		len = min(len, sizeof(cinfo));
1062 		if (copy_to_user(optval, (char *)&cinfo, len))
1063 			err = -EFAULT;
1064 
1065 		break;
1066 
1067 	default:
1068 		err = -ENOPROTOOPT;
1069 		break;
1070 	}
1071 
1072 	release_sock(sk);
1073 	return err;
1074 }
1075 
1076 static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
1077 			       char __user *optval, int __user *optlen)
1078 {
1079 	struct sock *sk = sock->sk;
1080 	int len, err = 0;
1081 	struct bt_voice voice;
1082 	u32 phys;
1083 	int buf_len;
1084 	struct codec_list *c;
1085 	u8 num_codecs, i, __user *ptr;
1086 	struct hci_dev *hdev;
1087 	struct hci_codec_caps *caps;
1088 	struct bt_codec codec;
1089 
1090 	BT_DBG("sk %p", sk);
1091 
1092 	if (level == SOL_SCO)
1093 		return sco_sock_getsockopt_old(sock, optname, optval, optlen);
1094 
1095 	if (get_user(len, optlen))
1096 		return -EFAULT;
1097 
1098 	lock_sock(sk);
1099 
1100 	switch (optname) {
1101 
1102 	case BT_DEFER_SETUP:
1103 		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1104 			err = -EINVAL;
1105 			break;
1106 		}
1107 
1108 		if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1109 			     (u32 __user *)optval))
1110 			err = -EFAULT;
1111 
1112 		break;
1113 
1114 	case BT_VOICE:
1115 		voice.setting = sco_pi(sk)->setting;
1116 
1117 		len = min_t(unsigned int, len, sizeof(voice));
1118 		if (copy_to_user(optval, (char *)&voice, len))
1119 			err = -EFAULT;
1120 
1121 		break;
1122 
1123 	case BT_PHY:
1124 		if (sk->sk_state != BT_CONNECTED) {
1125 			err = -ENOTCONN;
1126 			break;
1127 		}
1128 
1129 		phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1130 
1131 		if (put_user(phys, (u32 __user *) optval))
1132 			err = -EFAULT;
1133 		break;
1134 
1135 	case BT_PKT_STATUS:
1136 		if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1137 			     (int __user *)optval))
1138 			err = -EFAULT;
1139 		break;
1140 
1141 	case BT_SNDMTU:
1142 	case BT_RCVMTU:
1143 		if (sk->sk_state != BT_CONNECTED) {
1144 			err = -ENOTCONN;
1145 			break;
1146 		}
1147 
1148 		if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1149 			err = -EFAULT;
1150 		break;
1151 
1152 	case BT_CODEC:
1153 		num_codecs = 0;
1154 		buf_len = 0;
1155 
1156 		hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
1157 		if (!hdev) {
1158 			err = -EBADFD;
1159 			break;
1160 		}
1161 
1162 		if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
1163 			hci_dev_put(hdev);
1164 			err = -EOPNOTSUPP;
1165 			break;
1166 		}
1167 
1168 		if (!hdev->get_data_path_id) {
1169 			hci_dev_put(hdev);
1170 			err = -EOPNOTSUPP;
1171 			break;
1172 		}
1173 
1174 		release_sock(sk);
1175 
1176 		/* find total buffer size required to copy codec + caps */
1177 		hci_dev_lock(hdev);
1178 		list_for_each_entry(c, &hdev->local_codecs, list) {
1179 			if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1180 				continue;
1181 			num_codecs++;
1182 			for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1183 				buf_len += 1 + caps->len;
1184 				caps = (void *)&caps->data[caps->len];
1185 			}
1186 			buf_len += sizeof(struct bt_codec);
1187 		}
1188 		hci_dev_unlock(hdev);
1189 
1190 		buf_len += sizeof(struct bt_codecs);
1191 		if (buf_len > len) {
1192 			hci_dev_put(hdev);
1193 			return -ENOBUFS;
1194 		}
1195 		ptr = optval;
1196 
1197 		if (put_user(num_codecs, ptr)) {
1198 			hci_dev_put(hdev);
1199 			return -EFAULT;
1200 		}
1201 		ptr += sizeof(num_codecs);
1202 
1203 		/* Iterate all the codecs supported over SCO and populate
1204 		 * codec data
1205 		 */
1206 		hci_dev_lock(hdev);
1207 		list_for_each_entry(c, &hdev->local_codecs, list) {
1208 			if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1209 				continue;
1210 
1211 			codec.id = c->id;
1212 			codec.cid = c->cid;
1213 			codec.vid = c->vid;
1214 			err = hdev->get_data_path_id(hdev, &codec.data_path);
1215 			if (err < 0)
1216 				break;
1217 			codec.num_caps = c->num_caps;
1218 			if (copy_to_user(ptr, &codec, sizeof(codec))) {
1219 				err = -EFAULT;
1220 				break;
1221 			}
1222 			ptr += sizeof(codec);
1223 
1224 			/* find codec capabilities data length */
1225 			len = 0;
1226 			for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1227 				len += 1 + caps->len;
1228 				caps = (void *)&caps->data[caps->len];
1229 			}
1230 
1231 			/* copy codec capabilities data */
1232 			if (len && copy_to_user(ptr, c->caps, len)) {
1233 				err = -EFAULT;
1234 				break;
1235 			}
1236 			ptr += len;
1237 		}
1238 
1239 		hci_dev_unlock(hdev);
1240 		hci_dev_put(hdev);
1241 
1242 		lock_sock(sk);
1243 
1244 		if (!err && put_user(buf_len, optlen))
1245 			err = -EFAULT;
1246 
1247 		break;
1248 
1249 	default:
1250 		err = -ENOPROTOOPT;
1251 		break;
1252 	}
1253 
1254 	release_sock(sk);
1255 	return err;
1256 }
1257 
1258 static int sco_sock_shutdown(struct socket *sock, int how)
1259 {
1260 	struct sock *sk = sock->sk;
1261 	int err = 0;
1262 
1263 	BT_DBG("sock %p, sk %p", sock, sk);
1264 
1265 	if (!sk)
1266 		return 0;
1267 
1268 	sock_hold(sk);
1269 	lock_sock(sk);
1270 
1271 	if (!sk->sk_shutdown) {
1272 		sk->sk_shutdown = SHUTDOWN_MASK;
1273 		sco_sock_clear_timer(sk);
1274 		__sco_sock_close(sk);
1275 
1276 		if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1277 		    !(current->flags & PF_EXITING))
1278 			err = bt_sock_wait_state(sk, BT_CLOSED,
1279 						 sk->sk_lingertime);
1280 	}
1281 
1282 	release_sock(sk);
1283 	sock_put(sk);
1284 
1285 	return err;
1286 }
1287 
1288 static int sco_sock_release(struct socket *sock)
1289 {
1290 	struct sock *sk = sock->sk;
1291 	int err = 0;
1292 
1293 	BT_DBG("sock %p, sk %p", sock, sk);
1294 
1295 	if (!sk)
1296 		return 0;
1297 
1298 	sco_sock_close(sk);
1299 
1300 	if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
1301 	    !(current->flags & PF_EXITING)) {
1302 		lock_sock(sk);
1303 		err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1304 		release_sock(sk);
1305 	}
1306 
1307 	sock_orphan(sk);
1308 	sco_sock_kill(sk);
1309 	return err;
1310 }
1311 
1312 static void sco_conn_ready(struct sco_conn *conn)
1313 {
1314 	struct sock *parent;
1315 	struct sock *sk = conn->sk;
1316 
1317 	BT_DBG("conn %p", conn);
1318 
1319 	if (sk) {
1320 		lock_sock(sk);
1321 		sco_sock_clear_timer(sk);
1322 		sk->sk_state = BT_CONNECTED;
1323 		sk->sk_state_change(sk);
1324 		release_sock(sk);
1325 	} else {
1326 		sco_conn_lock(conn);
1327 
1328 		if (!conn->hcon) {
1329 			sco_conn_unlock(conn);
1330 			return;
1331 		}
1332 
1333 		parent = sco_get_sock_listen(&conn->hcon->src);
1334 		if (!parent) {
1335 			sco_conn_unlock(conn);
1336 			return;
1337 		}
1338 
1339 		lock_sock(parent);
1340 
1341 		sk = sco_sock_alloc(sock_net(parent), NULL,
1342 				    BTPROTO_SCO, GFP_ATOMIC, 0);
1343 		if (!sk) {
1344 			release_sock(parent);
1345 			sco_conn_unlock(conn);
1346 			return;
1347 		}
1348 
1349 		sco_sock_init(sk, parent);
1350 
1351 		bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1352 		bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1353 
1354 		hci_conn_hold(conn->hcon);
1355 		__sco_chan_add(conn, sk, parent);
1356 
1357 		if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1358 			sk->sk_state = BT_CONNECT2;
1359 		else
1360 			sk->sk_state = BT_CONNECTED;
1361 
1362 		/* Wake up parent */
1363 		parent->sk_data_ready(parent);
1364 
1365 		release_sock(parent);
1366 
1367 		sco_conn_unlock(conn);
1368 	}
1369 }
1370 
1371 /* ----- SCO interface with lower layer (HCI) ----- */
1372 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1373 {
1374 	struct sock *sk;
1375 	int lm = 0;
1376 
1377 	BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1378 
1379 	/* Find listening sockets */
1380 	read_lock(&sco_sk_list.lock);
1381 	sk_for_each(sk, &sco_sk_list.head) {
1382 		if (sk->sk_state != BT_LISTEN)
1383 			continue;
1384 
1385 		if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1386 		    !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1387 			lm |= HCI_LM_ACCEPT;
1388 
1389 			if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1390 				*flags |= HCI_PROTO_DEFER;
1391 			break;
1392 		}
1393 	}
1394 	read_unlock(&sco_sk_list.lock);
1395 
1396 	return lm;
1397 }
1398 
1399 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1400 {
1401 	if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1402 		return;
1403 
1404 	BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status);
1405 
1406 	if (!status) {
1407 		struct sco_conn *conn;
1408 
1409 		conn = sco_conn_add(hcon);
1410 		if (conn)
1411 			sco_conn_ready(conn);
1412 	} else
1413 		sco_conn_del(hcon, bt_to_errno(status));
1414 }
1415 
1416 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1417 {
1418 	if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1419 		return;
1420 
1421 	BT_DBG("hcon %p reason %d", hcon, reason);
1422 
1423 	sco_conn_del(hcon, bt_to_errno(reason));
1424 }
1425 
1426 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1427 {
1428 	struct sco_conn *conn = hcon->sco_data;
1429 
1430 	if (!conn)
1431 		goto drop;
1432 
1433 	BT_DBG("conn %p len %u", conn, skb->len);
1434 
1435 	if (skb->len) {
1436 		sco_recv_frame(conn, skb);
1437 		return;
1438 	}
1439 
1440 drop:
1441 	kfree_skb(skb);
1442 }
1443 
1444 static struct hci_cb sco_cb = {
1445 	.name		= "SCO",
1446 	.connect_cfm	= sco_connect_cfm,
1447 	.disconn_cfm	= sco_disconn_cfm,
1448 };
1449 
1450 static int sco_debugfs_show(struct seq_file *f, void *p)
1451 {
1452 	struct sock *sk;
1453 
1454 	read_lock(&sco_sk_list.lock);
1455 
1456 	sk_for_each(sk, &sco_sk_list.head) {
1457 		seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1458 			   &sco_pi(sk)->dst, sk->sk_state);
1459 	}
1460 
1461 	read_unlock(&sco_sk_list.lock);
1462 
1463 	return 0;
1464 }
1465 
1466 DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1467 
1468 static struct dentry *sco_debugfs;
1469 
1470 static const struct proto_ops sco_sock_ops = {
1471 	.family		= PF_BLUETOOTH,
1472 	.owner		= THIS_MODULE,
1473 	.release	= sco_sock_release,
1474 	.bind		= sco_sock_bind,
1475 	.connect	= sco_sock_connect,
1476 	.listen		= sco_sock_listen,
1477 	.accept		= sco_sock_accept,
1478 	.getname	= sco_sock_getname,
1479 	.sendmsg	= sco_sock_sendmsg,
1480 	.recvmsg	= sco_sock_recvmsg,
1481 	.poll		= bt_sock_poll,
1482 	.ioctl		= bt_sock_ioctl,
1483 	.gettstamp	= sock_gettstamp,
1484 	.mmap		= sock_no_mmap,
1485 	.socketpair	= sock_no_socketpair,
1486 	.shutdown	= sco_sock_shutdown,
1487 	.setsockopt	= sco_sock_setsockopt,
1488 	.getsockopt	= sco_sock_getsockopt
1489 };
1490 
1491 static const struct net_proto_family sco_sock_family_ops = {
1492 	.family	= PF_BLUETOOTH,
1493 	.owner	= THIS_MODULE,
1494 	.create	= sco_sock_create,
1495 };
1496 
1497 int __init sco_init(void)
1498 {
1499 	int err;
1500 
1501 	BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1502 
1503 	err = proto_register(&sco_proto, 0);
1504 	if (err < 0)
1505 		return err;
1506 
1507 	err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1508 	if (err < 0) {
1509 		BT_ERR("SCO socket registration failed");
1510 		goto error;
1511 	}
1512 
1513 	err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1514 	if (err < 0) {
1515 		BT_ERR("Failed to create SCO proc file");
1516 		bt_sock_unregister(BTPROTO_SCO);
1517 		goto error;
1518 	}
1519 
1520 	BT_INFO("SCO socket layer initialized");
1521 
1522 	hci_register_cb(&sco_cb);
1523 
1524 	if (IS_ERR_OR_NULL(bt_debugfs))
1525 		return 0;
1526 
1527 	sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1528 					  NULL, &sco_debugfs_fops);
1529 
1530 	return 0;
1531 
1532 error:
1533 	proto_unregister(&sco_proto);
1534 	return err;
1535 }
1536 
1537 void sco_exit(void)
1538 {
1539 	bt_procfs_cleanup(&init_net, "sco");
1540 
1541 	debugfs_remove(sco_debugfs);
1542 
1543 	hci_unregister_cb(&sco_cb);
1544 
1545 	bt_sock_unregister(BTPROTO_SCO);
1546 
1547 	proto_unregister(&sco_proto);
1548 }
1549 
1550 module_param(disable_esco, bool, 0644);
1551 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1552