1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth SCO sockets. */ 26 27 #include <linux/module.h> 28 29 #include <linux/types.h> 30 #include <linux/errno.h> 31 #include <linux/kernel.h> 32 #include <linux/sched.h> 33 #include <linux/slab.h> 34 #include <linux/poll.h> 35 #include <linux/fcntl.h> 36 #include <linux/init.h> 37 #include <linux/interrupt.h> 38 #include <linux/socket.h> 39 #include <linux/skbuff.h> 40 #include <linux/device.h> 41 #include <linux/debugfs.h> 42 #include <linux/seq_file.h> 43 #include <linux/list.h> 44 #include <linux/security.h> 45 #include <net/sock.h> 46 47 #include <asm/system.h> 48 #include <linux/uaccess.h> 49 50 #include <net/bluetooth/bluetooth.h> 51 #include <net/bluetooth/hci_core.h> 52 #include <net/bluetooth/sco.h> 53 54 static int disable_esco; 55 56 static const struct proto_ops sco_sock_ops; 57 58 static struct bt_sock_list sco_sk_list = { 59 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 60 }; 61 62 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent); 63 static void sco_chan_del(struct sock *sk, int err); 64 65 static int sco_conn_del(struct hci_conn *conn, int err); 66 67 static void sco_sock_close(struct sock *sk); 68 static void sco_sock_kill(struct sock *sk); 69 70 /* ---- SCO timers ---- */ 71 static void sco_sock_timeout(unsigned long arg) 72 { 73 struct sock *sk = (struct sock *) arg; 74 75 BT_DBG("sock %p state %d", sk, sk->sk_state); 76 77 bh_lock_sock(sk); 78 sk->sk_err = ETIMEDOUT; 79 sk->sk_state_change(sk); 80 bh_unlock_sock(sk); 81 82 sco_sock_kill(sk); 83 sock_put(sk); 84 } 85 86 static void sco_sock_set_timer(struct sock *sk, long timeout) 87 { 88 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 89 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout); 90 } 91 92 static void sco_sock_clear_timer(struct sock *sk) 93 { 94 BT_DBG("sock %p state %d", sk, sk->sk_state); 95 sk_stop_timer(sk, &sk->sk_timer); 96 } 97 98 /* ---- SCO connections ---- */ 99 static struct sco_conn *sco_conn_add(struct hci_conn *hcon, __u8 status) 100 { 101 struct hci_dev *hdev = hcon->hdev; 102 struct sco_conn *conn = hcon->sco_data; 103 104 if (conn || status) 105 return conn; 106 107 conn = kzalloc(sizeof(struct sco_conn), GFP_ATOMIC); 108 if (!conn) 109 return NULL; 110 111 spin_lock_init(&conn->lock); 112 113 hcon->sco_data = conn; 114 conn->hcon = hcon; 115 116 conn->src = &hdev->bdaddr; 117 conn->dst = &hcon->dst; 118 119 if (hdev->sco_mtu > 0) 120 conn->mtu = hdev->sco_mtu; 121 else 122 conn->mtu = 60; 123 124 BT_DBG("hcon %p conn %p", hcon, conn); 125 126 return conn; 127 } 128 129 static inline struct sock *sco_chan_get(struct sco_conn *conn) 130 { 131 struct sock *sk = NULL; 132 sco_conn_lock(conn); 133 sk = conn->sk; 134 sco_conn_unlock(conn); 135 return sk; 136 } 137 138 static int sco_conn_del(struct hci_conn *hcon, int err) 139 { 140 struct sco_conn *conn = hcon->sco_data; 141 struct sock *sk; 142 143 if (!conn) 144 return 0; 145 146 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 147 148 /* Kill socket */ 149 sk = sco_chan_get(conn); 150 if (sk) { 151 bh_lock_sock(sk); 152 sco_sock_clear_timer(sk); 153 sco_chan_del(sk, err); 154 bh_unlock_sock(sk); 155 sco_sock_kill(sk); 156 } 157 158 hcon->sco_data = NULL; 159 kfree(conn); 160 return 0; 161 } 162 163 static inline int sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent) 164 { 165 int err = 0; 166 167 sco_conn_lock(conn); 168 if (conn->sk) 169 err = -EBUSY; 170 else 171 __sco_chan_add(conn, sk, parent); 172 173 sco_conn_unlock(conn); 174 return err; 175 } 176 177 static int sco_connect(struct sock *sk) 178 { 179 bdaddr_t *src = &bt_sk(sk)->src; 180 bdaddr_t *dst = &bt_sk(sk)->dst; 181 struct sco_conn *conn; 182 struct hci_conn *hcon; 183 struct hci_dev *hdev; 184 int err, type; 185 186 BT_DBG("%s -> %s", batostr(src), batostr(dst)); 187 188 hdev = hci_get_route(dst, src); 189 if (!hdev) 190 return -EHOSTUNREACH; 191 192 hci_dev_lock_bh(hdev); 193 194 if (lmp_esco_capable(hdev) && !disable_esco) 195 type = ESCO_LINK; 196 else 197 type = SCO_LINK; 198 199 hcon = hci_connect(hdev, type, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING); 200 if (IS_ERR(hcon)) { 201 err = PTR_ERR(hcon); 202 goto done; 203 } 204 205 conn = sco_conn_add(hcon, 0); 206 if (!conn) { 207 hci_conn_put(hcon); 208 err = -ENOMEM; 209 goto done; 210 } 211 212 /* Update source addr of the socket */ 213 bacpy(src, conn->src); 214 215 err = sco_chan_add(conn, sk, NULL); 216 if (err) 217 goto done; 218 219 if (hcon->state == BT_CONNECTED) { 220 sco_sock_clear_timer(sk); 221 sk->sk_state = BT_CONNECTED; 222 } else { 223 sk->sk_state = BT_CONNECT; 224 sco_sock_set_timer(sk, sk->sk_sndtimeo); 225 } 226 227 done: 228 hci_dev_unlock_bh(hdev); 229 hci_dev_put(hdev); 230 return err; 231 } 232 233 static inline int sco_send_frame(struct sock *sk, struct msghdr *msg, int len) 234 { 235 struct sco_conn *conn = sco_pi(sk)->conn; 236 struct sk_buff *skb; 237 int err, count; 238 239 /* Check outgoing MTU */ 240 if (len > conn->mtu) 241 return -EINVAL; 242 243 BT_DBG("sk %p len %d", sk, len); 244 245 count = min_t(unsigned int, conn->mtu, len); 246 skb = bt_skb_send_alloc(sk, count, 247 msg->msg_flags & MSG_DONTWAIT, &err); 248 if (!skb) 249 return err; 250 251 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) { 252 kfree_skb(skb); 253 return -EFAULT; 254 } 255 256 hci_send_sco(conn->hcon, skb); 257 258 return count; 259 } 260 261 static inline void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 262 { 263 struct sock *sk = sco_chan_get(conn); 264 265 if (!sk) 266 goto drop; 267 268 BT_DBG("sk %p len %d", sk, skb->len); 269 270 if (sk->sk_state != BT_CONNECTED) 271 goto drop; 272 273 if (!sock_queue_rcv_skb(sk, skb)) 274 return; 275 276 drop: 277 kfree_skb(skb); 278 } 279 280 /* -------- Socket interface ---------- */ 281 static struct sock *__sco_get_sock_by_addr(bdaddr_t *ba) 282 { 283 struct sock *sk; 284 struct hlist_node *node; 285 286 sk_for_each(sk, node, &sco_sk_list.head) 287 if (!bacmp(&bt_sk(sk)->src, ba)) 288 goto found; 289 sk = NULL; 290 found: 291 return sk; 292 } 293 294 /* Find socket listening on source bdaddr. 295 * Returns closest match. 296 */ 297 static struct sock *sco_get_sock_listen(bdaddr_t *src) 298 { 299 struct sock *sk = NULL, *sk1 = NULL; 300 struct hlist_node *node; 301 302 read_lock(&sco_sk_list.lock); 303 304 sk_for_each(sk, node, &sco_sk_list.head) { 305 if (sk->sk_state != BT_LISTEN) 306 continue; 307 308 /* Exact match. */ 309 if (!bacmp(&bt_sk(sk)->src, src)) 310 break; 311 312 /* Closest match */ 313 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 314 sk1 = sk; 315 } 316 317 read_unlock(&sco_sk_list.lock); 318 319 return node ? sk : sk1; 320 } 321 322 static void sco_sock_destruct(struct sock *sk) 323 { 324 BT_DBG("sk %p", sk); 325 326 skb_queue_purge(&sk->sk_receive_queue); 327 skb_queue_purge(&sk->sk_write_queue); 328 } 329 330 static void sco_sock_cleanup_listen(struct sock *parent) 331 { 332 struct sock *sk; 333 334 BT_DBG("parent %p", parent); 335 336 /* Close not yet accepted channels */ 337 while ((sk = bt_accept_dequeue(parent, NULL))) { 338 sco_sock_close(sk); 339 sco_sock_kill(sk); 340 } 341 342 parent->sk_state = BT_CLOSED; 343 sock_set_flag(parent, SOCK_ZAPPED); 344 } 345 346 /* Kill socket (only if zapped and orphan) 347 * Must be called on unlocked socket. 348 */ 349 static void sco_sock_kill(struct sock *sk) 350 { 351 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 352 return; 353 354 BT_DBG("sk %p state %d", sk, sk->sk_state); 355 356 /* Kill poor orphan */ 357 bt_sock_unlink(&sco_sk_list, sk); 358 sock_set_flag(sk, SOCK_DEAD); 359 sock_put(sk); 360 } 361 362 static void __sco_sock_close(struct sock *sk) 363 { 364 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 365 366 switch (sk->sk_state) { 367 case BT_LISTEN: 368 sco_sock_cleanup_listen(sk); 369 break; 370 371 case BT_CONNECTED: 372 case BT_CONFIG: 373 if (sco_pi(sk)->conn) { 374 sk->sk_state = BT_DISCONN; 375 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 376 hci_conn_put(sco_pi(sk)->conn->hcon); 377 sco_pi(sk)->conn->hcon = NULL; 378 } else 379 sco_chan_del(sk, ECONNRESET); 380 break; 381 382 case BT_CONNECT: 383 case BT_DISCONN: 384 sco_chan_del(sk, ECONNRESET); 385 break; 386 387 default: 388 sock_set_flag(sk, SOCK_ZAPPED); 389 break; 390 } 391 } 392 393 /* Must be called on unlocked socket. */ 394 static void sco_sock_close(struct sock *sk) 395 { 396 sco_sock_clear_timer(sk); 397 lock_sock(sk); 398 __sco_sock_close(sk); 399 release_sock(sk); 400 sco_sock_kill(sk); 401 } 402 403 static void sco_sock_init(struct sock *sk, struct sock *parent) 404 { 405 BT_DBG("sk %p", sk); 406 407 if (parent) { 408 sk->sk_type = parent->sk_type; 409 security_sk_clone(parent, sk); 410 } 411 } 412 413 static struct proto sco_proto = { 414 .name = "SCO", 415 .owner = THIS_MODULE, 416 .obj_size = sizeof(struct sco_pinfo) 417 }; 418 419 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 420 { 421 struct sock *sk; 422 423 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto); 424 if (!sk) 425 return NULL; 426 427 sock_init_data(sock, sk); 428 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 429 430 sk->sk_destruct = sco_sock_destruct; 431 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 432 433 sock_reset_flag(sk, SOCK_ZAPPED); 434 435 sk->sk_protocol = proto; 436 sk->sk_state = BT_OPEN; 437 438 setup_timer(&sk->sk_timer, sco_sock_timeout, (unsigned long)sk); 439 440 bt_sock_link(&sco_sk_list, sk); 441 return sk; 442 } 443 444 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 445 int kern) 446 { 447 struct sock *sk; 448 449 BT_DBG("sock %p", sock); 450 451 sock->state = SS_UNCONNECTED; 452 453 if (sock->type != SOCK_SEQPACKET) 454 return -ESOCKTNOSUPPORT; 455 456 sock->ops = &sco_sock_ops; 457 458 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC); 459 if (!sk) 460 return -ENOMEM; 461 462 sco_sock_init(sk, NULL); 463 return 0; 464 } 465 466 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 467 { 468 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 469 struct sock *sk = sock->sk; 470 bdaddr_t *src = &sa->sco_bdaddr; 471 int err = 0; 472 473 BT_DBG("sk %p %s", sk, batostr(&sa->sco_bdaddr)); 474 475 if (!addr || addr->sa_family != AF_BLUETOOTH) 476 return -EINVAL; 477 478 lock_sock(sk); 479 480 if (sk->sk_state != BT_OPEN) { 481 err = -EBADFD; 482 goto done; 483 } 484 485 write_lock_bh(&sco_sk_list.lock); 486 487 if (bacmp(src, BDADDR_ANY) && __sco_get_sock_by_addr(src)) { 488 err = -EADDRINUSE; 489 } else { 490 /* Save source address */ 491 bacpy(&bt_sk(sk)->src, &sa->sco_bdaddr); 492 sk->sk_state = BT_BOUND; 493 } 494 495 write_unlock_bh(&sco_sk_list.lock); 496 497 done: 498 release_sock(sk); 499 return err; 500 } 501 502 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 503 { 504 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 505 struct sock *sk = sock->sk; 506 int err = 0; 507 508 509 BT_DBG("sk %p", sk); 510 511 if (alen < sizeof(struct sockaddr_sco) || 512 addr->sa_family != AF_BLUETOOTH) 513 return -EINVAL; 514 515 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 516 return -EBADFD; 517 518 if (sk->sk_type != SOCK_SEQPACKET) 519 return -EINVAL; 520 521 lock_sock(sk); 522 523 /* Set destination address and psm */ 524 bacpy(&bt_sk(sk)->dst, &sa->sco_bdaddr); 525 526 err = sco_connect(sk); 527 if (err) 528 goto done; 529 530 err = bt_sock_wait_state(sk, BT_CONNECTED, 531 sock_sndtimeo(sk, flags & O_NONBLOCK)); 532 533 done: 534 release_sock(sk); 535 return err; 536 } 537 538 static int sco_sock_listen(struct socket *sock, int backlog) 539 { 540 struct sock *sk = sock->sk; 541 int err = 0; 542 543 BT_DBG("sk %p backlog %d", sk, backlog); 544 545 lock_sock(sk); 546 547 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) { 548 err = -EBADFD; 549 goto done; 550 } 551 552 sk->sk_max_ack_backlog = backlog; 553 sk->sk_ack_backlog = 0; 554 sk->sk_state = BT_LISTEN; 555 556 done: 557 release_sock(sk); 558 return err; 559 } 560 561 static int sco_sock_accept(struct socket *sock, struct socket *newsock, int flags) 562 { 563 DECLARE_WAITQUEUE(wait, current); 564 struct sock *sk = sock->sk, *ch; 565 long timeo; 566 int err = 0; 567 568 lock_sock(sk); 569 570 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 571 572 BT_DBG("sk %p timeo %ld", sk, timeo); 573 574 /* Wait for an incoming connection. (wake-one). */ 575 add_wait_queue_exclusive(sk_sleep(sk), &wait); 576 while (1) { 577 set_current_state(TASK_INTERRUPTIBLE); 578 579 if (sk->sk_state != BT_LISTEN) { 580 err = -EBADFD; 581 break; 582 } 583 584 ch = bt_accept_dequeue(sk, newsock); 585 if (ch) 586 break; 587 588 if (!timeo) { 589 err = -EAGAIN; 590 break; 591 } 592 593 if (signal_pending(current)) { 594 err = sock_intr_errno(timeo); 595 break; 596 } 597 598 release_sock(sk); 599 timeo = schedule_timeout(timeo); 600 lock_sock(sk); 601 } 602 __set_current_state(TASK_RUNNING); 603 remove_wait_queue(sk_sleep(sk), &wait); 604 605 if (err) 606 goto done; 607 608 newsock->state = SS_CONNECTED; 609 610 BT_DBG("new socket %p", ch); 611 612 done: 613 release_sock(sk); 614 return err; 615 } 616 617 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 618 { 619 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 620 struct sock *sk = sock->sk; 621 622 BT_DBG("sock %p, sk %p", sock, sk); 623 624 addr->sa_family = AF_BLUETOOTH; 625 *len = sizeof(struct sockaddr_sco); 626 627 if (peer) 628 bacpy(&sa->sco_bdaddr, &bt_sk(sk)->dst); 629 else 630 bacpy(&sa->sco_bdaddr, &bt_sk(sk)->src); 631 632 return 0; 633 } 634 635 static int sco_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 636 struct msghdr *msg, size_t len) 637 { 638 struct sock *sk = sock->sk; 639 int err; 640 641 BT_DBG("sock %p, sk %p", sock, sk); 642 643 err = sock_error(sk); 644 if (err) 645 return err; 646 647 if (msg->msg_flags & MSG_OOB) 648 return -EOPNOTSUPP; 649 650 lock_sock(sk); 651 652 if (sk->sk_state == BT_CONNECTED) 653 err = sco_send_frame(sk, msg, len); 654 else 655 err = -ENOTCONN; 656 657 release_sock(sk); 658 return err; 659 } 660 661 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 662 { 663 struct sock *sk = sock->sk; 664 int err = 0; 665 666 BT_DBG("sk %p", sk); 667 668 lock_sock(sk); 669 670 switch (optname) { 671 default: 672 err = -ENOPROTOOPT; 673 break; 674 } 675 676 release_sock(sk); 677 return err; 678 } 679 680 static int sco_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 681 { 682 struct sock *sk = sock->sk; 683 struct sco_options opts; 684 struct sco_conninfo cinfo; 685 int len, err = 0; 686 687 BT_DBG("sk %p", sk); 688 689 if (get_user(len, optlen)) 690 return -EFAULT; 691 692 lock_sock(sk); 693 694 switch (optname) { 695 case SCO_OPTIONS: 696 if (sk->sk_state != BT_CONNECTED) { 697 err = -ENOTCONN; 698 break; 699 } 700 701 opts.mtu = sco_pi(sk)->conn->mtu; 702 703 BT_DBG("mtu %d", opts.mtu); 704 705 len = min_t(unsigned int, len, sizeof(opts)); 706 if (copy_to_user(optval, (char *)&opts, len)) 707 err = -EFAULT; 708 709 break; 710 711 case SCO_CONNINFO: 712 if (sk->sk_state != BT_CONNECTED) { 713 err = -ENOTCONN; 714 break; 715 } 716 717 memset(&cinfo, 0, sizeof(cinfo)); 718 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 719 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 720 721 len = min_t(unsigned int, len, sizeof(cinfo)); 722 if (copy_to_user(optval, (char *)&cinfo, len)) 723 err = -EFAULT; 724 725 break; 726 727 default: 728 err = -ENOPROTOOPT; 729 break; 730 } 731 732 release_sock(sk); 733 return err; 734 } 735 736 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 737 { 738 struct sock *sk = sock->sk; 739 int len, err = 0; 740 741 BT_DBG("sk %p", sk); 742 743 if (level == SOL_SCO) 744 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 745 746 if (get_user(len, optlen)) 747 return -EFAULT; 748 749 lock_sock(sk); 750 751 switch (optname) { 752 default: 753 err = -ENOPROTOOPT; 754 break; 755 } 756 757 release_sock(sk); 758 return err; 759 } 760 761 static int sco_sock_shutdown(struct socket *sock, int how) 762 { 763 struct sock *sk = sock->sk; 764 int err = 0; 765 766 BT_DBG("sock %p, sk %p", sock, sk); 767 768 if (!sk) 769 return 0; 770 771 lock_sock(sk); 772 if (!sk->sk_shutdown) { 773 sk->sk_shutdown = SHUTDOWN_MASK; 774 sco_sock_clear_timer(sk); 775 __sco_sock_close(sk); 776 777 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 778 err = bt_sock_wait_state(sk, BT_CLOSED, 779 sk->sk_lingertime); 780 } 781 release_sock(sk); 782 return err; 783 } 784 785 static int sco_sock_release(struct socket *sock) 786 { 787 struct sock *sk = sock->sk; 788 int err = 0; 789 790 BT_DBG("sock %p, sk %p", sock, sk); 791 792 if (!sk) 793 return 0; 794 795 sco_sock_close(sk); 796 797 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) { 798 lock_sock(sk); 799 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 800 release_sock(sk); 801 } 802 803 sock_orphan(sk); 804 sco_sock_kill(sk); 805 return err; 806 } 807 808 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent) 809 { 810 BT_DBG("conn %p", conn); 811 812 sco_pi(sk)->conn = conn; 813 conn->sk = sk; 814 815 if (parent) 816 bt_accept_enqueue(parent, sk); 817 } 818 819 /* Delete channel. 820 * Must be called on the locked socket. */ 821 static void sco_chan_del(struct sock *sk, int err) 822 { 823 struct sco_conn *conn; 824 825 conn = sco_pi(sk)->conn; 826 827 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 828 829 if (conn) { 830 sco_conn_lock(conn); 831 conn->sk = NULL; 832 sco_pi(sk)->conn = NULL; 833 sco_conn_unlock(conn); 834 835 if (conn->hcon) 836 hci_conn_put(conn->hcon); 837 } 838 839 sk->sk_state = BT_CLOSED; 840 sk->sk_err = err; 841 sk->sk_state_change(sk); 842 843 sock_set_flag(sk, SOCK_ZAPPED); 844 } 845 846 static void sco_conn_ready(struct sco_conn *conn) 847 { 848 struct sock *parent; 849 struct sock *sk = conn->sk; 850 851 BT_DBG("conn %p", conn); 852 853 sco_conn_lock(conn); 854 855 if (sk) { 856 sco_sock_clear_timer(sk); 857 bh_lock_sock(sk); 858 sk->sk_state = BT_CONNECTED; 859 sk->sk_state_change(sk); 860 bh_unlock_sock(sk); 861 } else { 862 parent = sco_get_sock_listen(conn->src); 863 if (!parent) 864 goto done; 865 866 bh_lock_sock(parent); 867 868 sk = sco_sock_alloc(sock_net(parent), NULL, 869 BTPROTO_SCO, GFP_ATOMIC); 870 if (!sk) { 871 bh_unlock_sock(parent); 872 goto done; 873 } 874 875 sco_sock_init(sk, parent); 876 877 bacpy(&bt_sk(sk)->src, conn->src); 878 bacpy(&bt_sk(sk)->dst, conn->dst); 879 880 hci_conn_hold(conn->hcon); 881 __sco_chan_add(conn, sk, parent); 882 883 sk->sk_state = BT_CONNECTED; 884 885 /* Wake up parent */ 886 parent->sk_data_ready(parent, 1); 887 888 bh_unlock_sock(parent); 889 } 890 891 done: 892 sco_conn_unlock(conn); 893 } 894 895 /* ----- SCO interface with lower layer (HCI) ----- */ 896 static int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 type) 897 { 898 register struct sock *sk; 899 struct hlist_node *node; 900 int lm = 0; 901 902 if (type != SCO_LINK && type != ESCO_LINK) 903 return -EINVAL; 904 905 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr)); 906 907 /* Find listening sockets */ 908 read_lock(&sco_sk_list.lock); 909 sk_for_each(sk, node, &sco_sk_list.head) { 910 if (sk->sk_state != BT_LISTEN) 911 continue; 912 913 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr) || 914 !bacmp(&bt_sk(sk)->src, BDADDR_ANY)) { 915 lm |= HCI_LM_ACCEPT; 916 break; 917 } 918 } 919 read_unlock(&sco_sk_list.lock); 920 921 return lm; 922 } 923 924 static int sco_connect_cfm(struct hci_conn *hcon, __u8 status) 925 { 926 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status); 927 928 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 929 return -EINVAL; 930 931 if (!status) { 932 struct sco_conn *conn; 933 934 conn = sco_conn_add(hcon, status); 935 if (conn) 936 sco_conn_ready(conn); 937 } else 938 sco_conn_del(hcon, bt_to_errno(status)); 939 940 return 0; 941 } 942 943 static int sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 944 { 945 BT_DBG("hcon %p reason %d", hcon, reason); 946 947 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 948 return -EINVAL; 949 950 sco_conn_del(hcon, bt_to_errno(reason)); 951 952 return 0; 953 } 954 955 static int sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 956 { 957 struct sco_conn *conn = hcon->sco_data; 958 959 if (!conn) 960 goto drop; 961 962 BT_DBG("conn %p len %d", conn, skb->len); 963 964 if (skb->len) { 965 sco_recv_frame(conn, skb); 966 return 0; 967 } 968 969 drop: 970 kfree_skb(skb); 971 return 0; 972 } 973 974 static int sco_debugfs_show(struct seq_file *f, void *p) 975 { 976 struct sock *sk; 977 struct hlist_node *node; 978 979 read_lock_bh(&sco_sk_list.lock); 980 981 sk_for_each(sk, node, &sco_sk_list.head) { 982 seq_printf(f, "%s %s %d\n", batostr(&bt_sk(sk)->src), 983 batostr(&bt_sk(sk)->dst), sk->sk_state); 984 } 985 986 read_unlock_bh(&sco_sk_list.lock); 987 988 return 0; 989 } 990 991 static int sco_debugfs_open(struct inode *inode, struct file *file) 992 { 993 return single_open(file, sco_debugfs_show, inode->i_private); 994 } 995 996 static const struct file_operations sco_debugfs_fops = { 997 .open = sco_debugfs_open, 998 .read = seq_read, 999 .llseek = seq_lseek, 1000 .release = single_release, 1001 }; 1002 1003 static struct dentry *sco_debugfs; 1004 1005 static const struct proto_ops sco_sock_ops = { 1006 .family = PF_BLUETOOTH, 1007 .owner = THIS_MODULE, 1008 .release = sco_sock_release, 1009 .bind = sco_sock_bind, 1010 .connect = sco_sock_connect, 1011 .listen = sco_sock_listen, 1012 .accept = sco_sock_accept, 1013 .getname = sco_sock_getname, 1014 .sendmsg = sco_sock_sendmsg, 1015 .recvmsg = bt_sock_recvmsg, 1016 .poll = bt_sock_poll, 1017 .ioctl = bt_sock_ioctl, 1018 .mmap = sock_no_mmap, 1019 .socketpair = sock_no_socketpair, 1020 .shutdown = sco_sock_shutdown, 1021 .setsockopt = sco_sock_setsockopt, 1022 .getsockopt = sco_sock_getsockopt 1023 }; 1024 1025 static const struct net_proto_family sco_sock_family_ops = { 1026 .family = PF_BLUETOOTH, 1027 .owner = THIS_MODULE, 1028 .create = sco_sock_create, 1029 }; 1030 1031 static struct hci_proto sco_hci_proto = { 1032 .name = "SCO", 1033 .id = HCI_PROTO_SCO, 1034 .connect_ind = sco_connect_ind, 1035 .connect_cfm = sco_connect_cfm, 1036 .disconn_cfm = sco_disconn_cfm, 1037 .recv_scodata = sco_recv_scodata 1038 }; 1039 1040 int __init sco_init(void) 1041 { 1042 int err; 1043 1044 err = proto_register(&sco_proto, 0); 1045 if (err < 0) 1046 return err; 1047 1048 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1049 if (err < 0) { 1050 BT_ERR("SCO socket registration failed"); 1051 goto error; 1052 } 1053 1054 err = hci_register_proto(&sco_hci_proto); 1055 if (err < 0) { 1056 BT_ERR("SCO protocol registration failed"); 1057 bt_sock_unregister(BTPROTO_SCO); 1058 goto error; 1059 } 1060 1061 if (bt_debugfs) { 1062 sco_debugfs = debugfs_create_file("sco", 0444, 1063 bt_debugfs, NULL, &sco_debugfs_fops); 1064 if (!sco_debugfs) 1065 BT_ERR("Failed to create SCO debug file"); 1066 } 1067 1068 BT_INFO("SCO socket layer initialized"); 1069 1070 return 0; 1071 1072 error: 1073 proto_unregister(&sco_proto); 1074 return err; 1075 } 1076 1077 void __exit sco_exit(void) 1078 { 1079 debugfs_remove(sco_debugfs); 1080 1081 if (bt_sock_unregister(BTPROTO_SCO) < 0) 1082 BT_ERR("SCO socket unregistration failed"); 1083 1084 if (hci_unregister_proto(&sco_hci_proto) < 0) 1085 BT_ERR("SCO protocol unregistration failed"); 1086 1087 proto_unregister(&sco_proto); 1088 } 1089 1090 module_param(disable_esco, bool, 0644); 1091 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1092