1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth SCO sockets. */ 26 27 #include <linux/module.h> 28 #include <linux/debugfs.h> 29 #include <linux/seq_file.h> 30 #include <linux/sched/signal.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/sco.h> 35 36 static bool disable_esco; 37 38 static const struct proto_ops sco_sock_ops; 39 40 static struct bt_sock_list sco_sk_list = { 41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 42 }; 43 44 /* ---- SCO connections ---- */ 45 struct sco_conn { 46 struct hci_conn *hcon; 47 48 spinlock_t lock; 49 struct sock *sk; 50 51 struct delayed_work timeout_work; 52 53 unsigned int mtu; 54 struct kref ref; 55 }; 56 57 #define sco_conn_lock(c) spin_lock(&c->lock) 58 #define sco_conn_unlock(c) spin_unlock(&c->lock) 59 60 static void sco_sock_close(struct sock *sk); 61 static void sco_sock_kill(struct sock *sk); 62 63 /* ----- SCO socket info ----- */ 64 #define sco_pi(sk) ((struct sco_pinfo *) sk) 65 66 struct sco_pinfo { 67 struct bt_sock bt; 68 bdaddr_t src; 69 bdaddr_t dst; 70 __u32 flags; 71 __u16 setting; 72 struct bt_codec codec; 73 struct sco_conn *conn; 74 }; 75 76 /* ---- SCO timers ---- */ 77 #define SCO_CONN_TIMEOUT (HZ * 40) 78 #define SCO_DISCONN_TIMEOUT (HZ * 2) 79 80 static void sco_conn_free(struct kref *ref) 81 { 82 struct sco_conn *conn = container_of(ref, struct sco_conn, ref); 83 84 BT_DBG("conn %p", conn); 85 86 if (conn->sk) 87 sco_pi(conn->sk)->conn = NULL; 88 89 if (conn->hcon) { 90 conn->hcon->sco_data = NULL; 91 hci_conn_drop(conn->hcon); 92 } 93 94 /* Ensure no more work items will run since hci_conn has been dropped */ 95 disable_delayed_work_sync(&conn->timeout_work); 96 97 kfree(conn); 98 } 99 100 static void sco_conn_put(struct sco_conn *conn) 101 { 102 if (!conn) 103 return; 104 105 BT_DBG("conn %p refcnt %d", conn, kref_read(&conn->ref)); 106 107 kref_put(&conn->ref, sco_conn_free); 108 } 109 110 static struct sco_conn *sco_conn_hold_unless_zero(struct sco_conn *conn) 111 { 112 if (!conn) 113 return NULL; 114 115 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref)); 116 117 if (!kref_get_unless_zero(&conn->ref)) 118 return NULL; 119 120 return conn; 121 } 122 123 static struct sock *sco_sock_hold(struct sco_conn *conn) 124 { 125 if (!conn || !bt_sock_linked(&sco_sk_list, conn->sk)) 126 return NULL; 127 128 sock_hold(conn->sk); 129 130 return conn->sk; 131 } 132 133 static void sco_sock_timeout(struct work_struct *work) 134 { 135 struct sco_conn *conn = container_of(work, struct sco_conn, 136 timeout_work.work); 137 struct sock *sk; 138 139 conn = sco_conn_hold_unless_zero(conn); 140 if (!conn) 141 return; 142 143 sco_conn_lock(conn); 144 if (!conn->hcon) { 145 sco_conn_unlock(conn); 146 sco_conn_put(conn); 147 return; 148 } 149 sk = sco_sock_hold(conn); 150 sco_conn_unlock(conn); 151 sco_conn_put(conn); 152 153 if (!sk) 154 return; 155 156 BT_DBG("sock %p state %d", sk, sk->sk_state); 157 158 lock_sock(sk); 159 sk->sk_err = ETIMEDOUT; 160 sk->sk_state_change(sk); 161 release_sock(sk); 162 sock_put(sk); 163 } 164 165 static void sco_sock_set_timer(struct sock *sk, long timeout) 166 { 167 if (!sco_pi(sk)->conn) 168 return; 169 170 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 171 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 172 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout); 173 } 174 175 static void sco_sock_clear_timer(struct sock *sk) 176 { 177 if (!sco_pi(sk)->conn) 178 return; 179 180 BT_DBG("sock %p state %d", sk, sk->sk_state); 181 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 182 } 183 184 /* ---- SCO connections ---- */ 185 static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 186 { 187 struct sco_conn *conn = hcon->sco_data; 188 189 conn = sco_conn_hold_unless_zero(conn); 190 if (conn) { 191 if (!conn->hcon) { 192 sco_conn_lock(conn); 193 conn->hcon = hcon; 194 sco_conn_unlock(conn); 195 } 196 return conn; 197 } 198 199 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); 200 if (!conn) 201 return NULL; 202 203 kref_init(&conn->ref); 204 spin_lock_init(&conn->lock); 205 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout); 206 207 hcon->sco_data = conn; 208 conn->hcon = hcon; 209 conn->mtu = hcon->mtu; 210 211 if (hcon->mtu > 0) 212 conn->mtu = hcon->mtu; 213 else 214 conn->mtu = 60; 215 216 BT_DBG("hcon %p conn %p", hcon, conn); 217 218 return conn; 219 } 220 221 /* Delete channel. 222 * Must be called on the locked socket. */ 223 static void sco_chan_del(struct sock *sk, int err) 224 { 225 struct sco_conn *conn; 226 227 conn = sco_pi(sk)->conn; 228 sco_pi(sk)->conn = NULL; 229 230 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 231 232 if (conn) { 233 sco_conn_lock(conn); 234 conn->sk = NULL; 235 sco_conn_unlock(conn); 236 sco_conn_put(conn); 237 } 238 239 sk->sk_state = BT_CLOSED; 240 sk->sk_err = err; 241 sk->sk_state_change(sk); 242 243 sock_set_flag(sk, SOCK_ZAPPED); 244 } 245 246 static void sco_conn_del(struct hci_conn *hcon, int err) 247 { 248 struct sco_conn *conn = hcon->sco_data; 249 struct sock *sk; 250 251 conn = sco_conn_hold_unless_zero(conn); 252 if (!conn) 253 return; 254 255 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 256 257 sco_conn_lock(conn); 258 sk = sco_sock_hold(conn); 259 sco_conn_unlock(conn); 260 sco_conn_put(conn); 261 262 if (!sk) { 263 sco_conn_put(conn); 264 return; 265 } 266 267 /* Kill socket */ 268 lock_sock(sk); 269 sco_sock_clear_timer(sk); 270 sco_chan_del(sk, err); 271 release_sock(sk); 272 sock_put(sk); 273 } 274 275 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, 276 struct sock *parent) 277 { 278 BT_DBG("conn %p", conn); 279 280 sco_pi(sk)->conn = conn; 281 conn->sk = sk; 282 283 if (parent) 284 bt_accept_enqueue(parent, sk, true); 285 } 286 287 static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 288 struct sock *parent) 289 { 290 int err = 0; 291 292 sco_conn_lock(conn); 293 if (conn->sk) 294 err = -EBUSY; 295 else 296 __sco_chan_add(conn, sk, parent); 297 298 sco_conn_unlock(conn); 299 return err; 300 } 301 302 static int sco_connect(struct sock *sk) 303 { 304 struct sco_conn *conn; 305 struct hci_conn *hcon; 306 struct hci_dev *hdev; 307 int err, type; 308 309 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 310 311 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 312 if (!hdev) 313 return -EHOSTUNREACH; 314 315 hci_dev_lock(hdev); 316 317 if (lmp_esco_capable(hdev) && !disable_esco) 318 type = ESCO_LINK; 319 else 320 type = SCO_LINK; 321 322 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT && 323 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) { 324 err = -EOPNOTSUPP; 325 goto unlock; 326 } 327 328 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, 329 sco_pi(sk)->setting, &sco_pi(sk)->codec, 330 sk->sk_sndtimeo); 331 if (IS_ERR(hcon)) { 332 err = PTR_ERR(hcon); 333 goto unlock; 334 } 335 336 conn = sco_conn_add(hcon); 337 if (!conn) { 338 hci_conn_drop(hcon); 339 err = -ENOMEM; 340 goto unlock; 341 } 342 343 lock_sock(sk); 344 345 err = sco_chan_add(conn, sk, NULL); 346 if (err) { 347 release_sock(sk); 348 goto unlock; 349 } 350 351 /* Update source addr of the socket */ 352 bacpy(&sco_pi(sk)->src, &hcon->src); 353 354 if (hcon->state == BT_CONNECTED) { 355 sco_sock_clear_timer(sk); 356 sk->sk_state = BT_CONNECTED; 357 } else { 358 sk->sk_state = BT_CONNECT; 359 sco_sock_set_timer(sk, sk->sk_sndtimeo); 360 } 361 362 release_sock(sk); 363 364 unlock: 365 hci_dev_unlock(hdev); 366 hci_dev_put(hdev); 367 return err; 368 } 369 370 static int sco_send_frame(struct sock *sk, struct sk_buff *skb) 371 { 372 struct sco_conn *conn = sco_pi(sk)->conn; 373 int len = skb->len; 374 375 /* Check outgoing MTU */ 376 if (len > conn->mtu) 377 return -EINVAL; 378 379 BT_DBG("sk %p len %d", sk, len); 380 381 hci_send_sco(conn->hcon, skb); 382 383 return len; 384 } 385 386 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 387 { 388 struct sock *sk; 389 390 sco_conn_lock(conn); 391 sk = conn->sk; 392 sco_conn_unlock(conn); 393 394 if (!sk) 395 goto drop; 396 397 BT_DBG("sk %p len %u", sk, skb->len); 398 399 if (sk->sk_state != BT_CONNECTED) 400 goto drop; 401 402 if (!sock_queue_rcv_skb(sk, skb)) 403 return; 404 405 drop: 406 kfree_skb(skb); 407 } 408 409 /* -------- Socket interface ---------- */ 410 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 411 { 412 struct sock *sk; 413 414 sk_for_each(sk, &sco_sk_list.head) { 415 if (sk->sk_state != BT_LISTEN) 416 continue; 417 418 if (!bacmp(&sco_pi(sk)->src, ba)) 419 return sk; 420 } 421 422 return NULL; 423 } 424 425 /* Find socket listening on source bdaddr. 426 * Returns closest match. 427 */ 428 static struct sock *sco_get_sock_listen(bdaddr_t *src) 429 { 430 struct sock *sk = NULL, *sk1 = NULL; 431 432 read_lock(&sco_sk_list.lock); 433 434 sk_for_each(sk, &sco_sk_list.head) { 435 if (sk->sk_state != BT_LISTEN) 436 continue; 437 438 /* Exact match. */ 439 if (!bacmp(&sco_pi(sk)->src, src)) 440 break; 441 442 /* Closest match */ 443 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 444 sk1 = sk; 445 } 446 447 read_unlock(&sco_sk_list.lock); 448 449 return sk ? sk : sk1; 450 } 451 452 static void sco_sock_destruct(struct sock *sk) 453 { 454 BT_DBG("sk %p", sk); 455 456 sco_conn_put(sco_pi(sk)->conn); 457 458 skb_queue_purge(&sk->sk_receive_queue); 459 skb_queue_purge(&sk->sk_write_queue); 460 } 461 462 static void sco_sock_cleanup_listen(struct sock *parent) 463 { 464 struct sock *sk; 465 466 BT_DBG("parent %p", parent); 467 468 /* Close not yet accepted channels */ 469 while ((sk = bt_accept_dequeue(parent, NULL))) { 470 sco_sock_close(sk); 471 sco_sock_kill(sk); 472 } 473 474 parent->sk_state = BT_CLOSED; 475 sock_set_flag(parent, SOCK_ZAPPED); 476 } 477 478 /* Kill socket (only if zapped and orphan) 479 * Must be called on unlocked socket. 480 */ 481 static void sco_sock_kill(struct sock *sk) 482 { 483 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 484 return; 485 486 BT_DBG("sk %p state %d", sk, sk->sk_state); 487 488 /* Kill poor orphan */ 489 bt_sock_unlink(&sco_sk_list, sk); 490 sock_set_flag(sk, SOCK_DEAD); 491 sock_put(sk); 492 } 493 494 static void __sco_sock_close(struct sock *sk) 495 { 496 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 497 498 switch (sk->sk_state) { 499 case BT_LISTEN: 500 sco_sock_cleanup_listen(sk); 501 break; 502 503 case BT_CONNECTED: 504 case BT_CONFIG: 505 case BT_CONNECT2: 506 case BT_CONNECT: 507 case BT_DISCONN: 508 sco_chan_del(sk, ECONNRESET); 509 break; 510 511 default: 512 sock_set_flag(sk, SOCK_ZAPPED); 513 break; 514 } 515 516 } 517 518 /* Must be called on unlocked socket. */ 519 static void sco_sock_close(struct sock *sk) 520 { 521 lock_sock(sk); 522 sco_sock_clear_timer(sk); 523 __sco_sock_close(sk); 524 release_sock(sk); 525 } 526 527 static void sco_sock_init(struct sock *sk, struct sock *parent) 528 { 529 BT_DBG("sk %p", sk); 530 531 if (parent) { 532 sk->sk_type = parent->sk_type; 533 bt_sk(sk)->flags = bt_sk(parent)->flags; 534 security_sk_clone(parent, sk); 535 } 536 } 537 538 static struct proto sco_proto = { 539 .name = "SCO", 540 .owner = THIS_MODULE, 541 .obj_size = sizeof(struct sco_pinfo) 542 }; 543 544 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, 545 int proto, gfp_t prio, int kern) 546 { 547 struct sock *sk; 548 549 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern); 550 if (!sk) 551 return NULL; 552 553 sk->sk_destruct = sco_sock_destruct; 554 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 555 556 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 557 sco_pi(sk)->codec.id = BT_CODEC_CVSD; 558 sco_pi(sk)->codec.cid = 0xffff; 559 sco_pi(sk)->codec.vid = 0xffff; 560 sco_pi(sk)->codec.data_path = 0x00; 561 562 bt_sock_link(&sco_sk_list, sk); 563 return sk; 564 } 565 566 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 567 int kern) 568 { 569 struct sock *sk; 570 571 BT_DBG("sock %p", sock); 572 573 sock->state = SS_UNCONNECTED; 574 575 if (sock->type != SOCK_SEQPACKET) 576 return -ESOCKTNOSUPPORT; 577 578 sock->ops = &sco_sock_ops; 579 580 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 581 if (!sk) 582 return -ENOMEM; 583 584 sco_sock_init(sk, NULL); 585 return 0; 586 } 587 588 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, 589 int addr_len) 590 { 591 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 592 struct sock *sk = sock->sk; 593 int err = 0; 594 595 if (!addr || addr_len < sizeof(struct sockaddr_sco) || 596 addr->sa_family != AF_BLUETOOTH) 597 return -EINVAL; 598 599 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 600 601 lock_sock(sk); 602 603 if (sk->sk_state != BT_OPEN) { 604 err = -EBADFD; 605 goto done; 606 } 607 608 if (sk->sk_type != SOCK_SEQPACKET) { 609 err = -EINVAL; 610 goto done; 611 } 612 613 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 614 615 sk->sk_state = BT_BOUND; 616 617 done: 618 release_sock(sk); 619 return err; 620 } 621 622 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 623 { 624 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 625 struct sock *sk = sock->sk; 626 int err; 627 628 BT_DBG("sk %p", sk); 629 630 if (alen < sizeof(struct sockaddr_sco) || 631 addr->sa_family != AF_BLUETOOTH) 632 return -EINVAL; 633 634 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 635 return -EBADFD; 636 637 if (sk->sk_type != SOCK_SEQPACKET) 638 err = -EINVAL; 639 640 lock_sock(sk); 641 /* Set destination address and psm */ 642 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 643 release_sock(sk); 644 645 err = sco_connect(sk); 646 if (err) 647 return err; 648 649 lock_sock(sk); 650 651 err = bt_sock_wait_state(sk, BT_CONNECTED, 652 sock_sndtimeo(sk, flags & O_NONBLOCK)); 653 654 release_sock(sk); 655 return err; 656 } 657 658 static int sco_sock_listen(struct socket *sock, int backlog) 659 { 660 struct sock *sk = sock->sk; 661 bdaddr_t *src = &sco_pi(sk)->src; 662 int err = 0; 663 664 BT_DBG("sk %p backlog %d", sk, backlog); 665 666 lock_sock(sk); 667 668 if (sk->sk_state != BT_BOUND) { 669 err = -EBADFD; 670 goto done; 671 } 672 673 if (sk->sk_type != SOCK_SEQPACKET) { 674 err = -EINVAL; 675 goto done; 676 } 677 678 write_lock(&sco_sk_list.lock); 679 680 if (__sco_get_sock_listen_by_addr(src)) { 681 err = -EADDRINUSE; 682 goto unlock; 683 } 684 685 sk->sk_max_ack_backlog = backlog; 686 sk->sk_ack_backlog = 0; 687 688 sk->sk_state = BT_LISTEN; 689 690 unlock: 691 write_unlock(&sco_sk_list.lock); 692 693 done: 694 release_sock(sk); 695 return err; 696 } 697 698 static int sco_sock_accept(struct socket *sock, struct socket *newsock, 699 struct proto_accept_arg *arg) 700 { 701 DEFINE_WAIT_FUNC(wait, woken_wake_function); 702 struct sock *sk = sock->sk, *ch; 703 long timeo; 704 int err = 0; 705 706 lock_sock(sk); 707 708 timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK); 709 710 BT_DBG("sk %p timeo %ld", sk, timeo); 711 712 /* Wait for an incoming connection. (wake-one). */ 713 add_wait_queue_exclusive(sk_sleep(sk), &wait); 714 while (1) { 715 if (sk->sk_state != BT_LISTEN) { 716 err = -EBADFD; 717 break; 718 } 719 720 ch = bt_accept_dequeue(sk, newsock); 721 if (ch) 722 break; 723 724 if (!timeo) { 725 err = -EAGAIN; 726 break; 727 } 728 729 if (signal_pending(current)) { 730 err = sock_intr_errno(timeo); 731 break; 732 } 733 734 release_sock(sk); 735 736 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 737 lock_sock(sk); 738 } 739 remove_wait_queue(sk_sleep(sk), &wait); 740 741 if (err) 742 goto done; 743 744 newsock->state = SS_CONNECTED; 745 746 BT_DBG("new socket %p", ch); 747 748 done: 749 release_sock(sk); 750 return err; 751 } 752 753 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, 754 int peer) 755 { 756 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 757 struct sock *sk = sock->sk; 758 759 BT_DBG("sock %p, sk %p", sock, sk); 760 761 addr->sa_family = AF_BLUETOOTH; 762 763 if (peer) 764 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 765 else 766 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 767 768 return sizeof(struct sockaddr_sco); 769 } 770 771 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, 772 size_t len) 773 { 774 struct sock *sk = sock->sk; 775 struct sk_buff *skb; 776 int err; 777 778 BT_DBG("sock %p, sk %p", sock, sk); 779 780 err = sock_error(sk); 781 if (err) 782 return err; 783 784 if (msg->msg_flags & MSG_OOB) 785 return -EOPNOTSUPP; 786 787 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0); 788 if (IS_ERR(skb)) 789 return PTR_ERR(skb); 790 791 lock_sock(sk); 792 793 if (sk->sk_state == BT_CONNECTED) 794 err = sco_send_frame(sk, skb); 795 else 796 err = -ENOTCONN; 797 798 release_sock(sk); 799 800 if (err < 0) 801 kfree_skb(skb); 802 return err; 803 } 804 805 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 806 { 807 struct hci_dev *hdev = conn->hdev; 808 809 BT_DBG("conn %p", conn); 810 811 conn->state = BT_CONFIG; 812 813 if (!lmp_esco_capable(hdev)) { 814 struct hci_cp_accept_conn_req cp; 815 816 bacpy(&cp.bdaddr, &conn->dst); 817 cp.role = 0x00; /* Ignored */ 818 819 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 820 } else { 821 struct hci_cp_accept_sync_conn_req cp; 822 823 bacpy(&cp.bdaddr, &conn->dst); 824 cp.pkt_type = cpu_to_le16(conn->pkt_type); 825 826 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 827 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 828 cp.content_format = cpu_to_le16(setting); 829 830 switch (setting & SCO_AIRMODE_MASK) { 831 case SCO_AIRMODE_TRANSP: 832 if (conn->pkt_type & ESCO_2EV3) 833 cp.max_latency = cpu_to_le16(0x0008); 834 else 835 cp.max_latency = cpu_to_le16(0x000D); 836 cp.retrans_effort = 0x02; 837 break; 838 case SCO_AIRMODE_CVSD: 839 cp.max_latency = cpu_to_le16(0xffff); 840 cp.retrans_effort = 0xff; 841 break; 842 default: 843 /* use CVSD settings as fallback */ 844 cp.max_latency = cpu_to_le16(0xffff); 845 cp.retrans_effort = 0xff; 846 break; 847 } 848 849 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 850 sizeof(cp), &cp); 851 } 852 } 853 854 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, 855 size_t len, int flags) 856 { 857 struct sock *sk = sock->sk; 858 struct sco_pinfo *pi = sco_pi(sk); 859 860 lock_sock(sk); 861 862 if (sk->sk_state == BT_CONNECT2 && 863 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 864 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 865 sk->sk_state = BT_CONFIG; 866 867 release_sock(sk); 868 return 0; 869 } 870 871 release_sock(sk); 872 873 return bt_sock_recvmsg(sock, msg, len, flags); 874 } 875 876 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, 877 sockptr_t optval, unsigned int optlen) 878 { 879 struct sock *sk = sock->sk; 880 int err = 0; 881 struct bt_voice voice; 882 u32 opt; 883 struct bt_codecs *codecs; 884 struct hci_dev *hdev; 885 __u8 buffer[255]; 886 887 BT_DBG("sk %p", sk); 888 889 lock_sock(sk); 890 891 switch (optname) { 892 893 case BT_DEFER_SETUP: 894 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 895 err = -EINVAL; 896 break; 897 } 898 899 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen); 900 if (err) 901 break; 902 903 if (opt) 904 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 905 else 906 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 907 break; 908 909 case BT_VOICE: 910 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 911 sk->sk_state != BT_CONNECT2) { 912 err = -EINVAL; 913 break; 914 } 915 916 voice.setting = sco_pi(sk)->setting; 917 918 err = bt_copy_from_sockptr(&voice, sizeof(voice), optval, 919 optlen); 920 if (err) 921 break; 922 923 /* Explicitly check for these values */ 924 if (voice.setting != BT_VOICE_TRANSPARENT && 925 voice.setting != BT_VOICE_CVSD_16BIT) { 926 err = -EINVAL; 927 break; 928 } 929 930 sco_pi(sk)->setting = voice.setting; 931 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 932 BDADDR_BREDR); 933 if (!hdev) { 934 err = -EBADFD; 935 break; 936 } 937 if (enhanced_sync_conn_capable(hdev) && 938 voice.setting == BT_VOICE_TRANSPARENT) 939 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT; 940 hci_dev_put(hdev); 941 break; 942 943 case BT_PKT_STATUS: 944 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen); 945 if (err) 946 break; 947 948 if (opt) 949 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 950 else 951 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 952 break; 953 954 case BT_CODEC: 955 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 956 sk->sk_state != BT_CONNECT2) { 957 err = -EINVAL; 958 break; 959 } 960 961 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 962 BDADDR_BREDR); 963 if (!hdev) { 964 err = -EBADFD; 965 break; 966 } 967 968 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 969 hci_dev_put(hdev); 970 err = -EOPNOTSUPP; 971 break; 972 } 973 974 if (!hdev->get_data_path_id) { 975 hci_dev_put(hdev); 976 err = -EOPNOTSUPP; 977 break; 978 } 979 980 if (optlen < sizeof(struct bt_codecs) || 981 optlen > sizeof(buffer)) { 982 hci_dev_put(hdev); 983 err = -EINVAL; 984 break; 985 } 986 987 err = bt_copy_from_sockptr(buffer, optlen, optval, optlen); 988 if (err) { 989 hci_dev_put(hdev); 990 break; 991 } 992 993 codecs = (void *)buffer; 994 995 if (codecs->num_codecs > 1) { 996 hci_dev_put(hdev); 997 err = -EINVAL; 998 break; 999 } 1000 1001 sco_pi(sk)->codec = codecs->codecs[0]; 1002 hci_dev_put(hdev); 1003 break; 1004 1005 default: 1006 err = -ENOPROTOOPT; 1007 break; 1008 } 1009 1010 release_sock(sk); 1011 return err; 1012 } 1013 1014 static int sco_sock_getsockopt_old(struct socket *sock, int optname, 1015 char __user *optval, int __user *optlen) 1016 { 1017 struct sock *sk = sock->sk; 1018 struct sco_options opts; 1019 struct sco_conninfo cinfo; 1020 int err = 0; 1021 size_t len; 1022 1023 BT_DBG("sk %p", sk); 1024 1025 if (get_user(len, optlen)) 1026 return -EFAULT; 1027 1028 lock_sock(sk); 1029 1030 switch (optname) { 1031 case SCO_OPTIONS: 1032 if (sk->sk_state != BT_CONNECTED && 1033 !(sk->sk_state == BT_CONNECT2 && 1034 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1035 err = -ENOTCONN; 1036 break; 1037 } 1038 1039 opts.mtu = sco_pi(sk)->conn->mtu; 1040 1041 BT_DBG("mtu %u", opts.mtu); 1042 1043 len = min(len, sizeof(opts)); 1044 if (copy_to_user(optval, (char *)&opts, len)) 1045 err = -EFAULT; 1046 1047 break; 1048 1049 case SCO_CONNINFO: 1050 if (sk->sk_state != BT_CONNECTED && 1051 !(sk->sk_state == BT_CONNECT2 && 1052 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1053 err = -ENOTCONN; 1054 break; 1055 } 1056 1057 memset(&cinfo, 0, sizeof(cinfo)); 1058 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 1059 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 1060 1061 len = min(len, sizeof(cinfo)); 1062 if (copy_to_user(optval, (char *)&cinfo, len)) 1063 err = -EFAULT; 1064 1065 break; 1066 1067 default: 1068 err = -ENOPROTOOPT; 1069 break; 1070 } 1071 1072 release_sock(sk); 1073 return err; 1074 } 1075 1076 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, 1077 char __user *optval, int __user *optlen) 1078 { 1079 struct sock *sk = sock->sk; 1080 int len, err = 0; 1081 struct bt_voice voice; 1082 u32 phys; 1083 int buf_len; 1084 struct codec_list *c; 1085 u8 num_codecs, i, __user *ptr; 1086 struct hci_dev *hdev; 1087 struct hci_codec_caps *caps; 1088 struct bt_codec codec; 1089 1090 BT_DBG("sk %p", sk); 1091 1092 if (level == SOL_SCO) 1093 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 1094 1095 if (get_user(len, optlen)) 1096 return -EFAULT; 1097 1098 lock_sock(sk); 1099 1100 switch (optname) { 1101 1102 case BT_DEFER_SETUP: 1103 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1104 err = -EINVAL; 1105 break; 1106 } 1107 1108 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1109 (u32 __user *)optval)) 1110 err = -EFAULT; 1111 1112 break; 1113 1114 case BT_VOICE: 1115 voice.setting = sco_pi(sk)->setting; 1116 1117 len = min_t(unsigned int, len, sizeof(voice)); 1118 if (copy_to_user(optval, (char *)&voice, len)) 1119 err = -EFAULT; 1120 1121 break; 1122 1123 case BT_PHY: 1124 if (sk->sk_state != BT_CONNECTED) { 1125 err = -ENOTCONN; 1126 break; 1127 } 1128 1129 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon); 1130 1131 if (put_user(phys, (u32 __user *) optval)) 1132 err = -EFAULT; 1133 break; 1134 1135 case BT_PKT_STATUS: 1136 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags), 1137 (int __user *)optval)) 1138 err = -EFAULT; 1139 break; 1140 1141 case BT_SNDMTU: 1142 case BT_RCVMTU: 1143 if (sk->sk_state != BT_CONNECTED) { 1144 err = -ENOTCONN; 1145 break; 1146 } 1147 1148 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval)) 1149 err = -EFAULT; 1150 break; 1151 1152 case BT_CODEC: 1153 num_codecs = 0; 1154 buf_len = 0; 1155 1156 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 1157 if (!hdev) { 1158 err = -EBADFD; 1159 break; 1160 } 1161 1162 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 1163 hci_dev_put(hdev); 1164 err = -EOPNOTSUPP; 1165 break; 1166 } 1167 1168 if (!hdev->get_data_path_id) { 1169 hci_dev_put(hdev); 1170 err = -EOPNOTSUPP; 1171 break; 1172 } 1173 1174 release_sock(sk); 1175 1176 /* find total buffer size required to copy codec + caps */ 1177 hci_dev_lock(hdev); 1178 list_for_each_entry(c, &hdev->local_codecs, list) { 1179 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1180 continue; 1181 num_codecs++; 1182 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1183 buf_len += 1 + caps->len; 1184 caps = (void *)&caps->data[caps->len]; 1185 } 1186 buf_len += sizeof(struct bt_codec); 1187 } 1188 hci_dev_unlock(hdev); 1189 1190 buf_len += sizeof(struct bt_codecs); 1191 if (buf_len > len) { 1192 hci_dev_put(hdev); 1193 return -ENOBUFS; 1194 } 1195 ptr = optval; 1196 1197 if (put_user(num_codecs, ptr)) { 1198 hci_dev_put(hdev); 1199 return -EFAULT; 1200 } 1201 ptr += sizeof(num_codecs); 1202 1203 /* Iterate all the codecs supported over SCO and populate 1204 * codec data 1205 */ 1206 hci_dev_lock(hdev); 1207 list_for_each_entry(c, &hdev->local_codecs, list) { 1208 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1209 continue; 1210 1211 codec.id = c->id; 1212 codec.cid = c->cid; 1213 codec.vid = c->vid; 1214 err = hdev->get_data_path_id(hdev, &codec.data_path); 1215 if (err < 0) 1216 break; 1217 codec.num_caps = c->num_caps; 1218 if (copy_to_user(ptr, &codec, sizeof(codec))) { 1219 err = -EFAULT; 1220 break; 1221 } 1222 ptr += sizeof(codec); 1223 1224 /* find codec capabilities data length */ 1225 len = 0; 1226 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1227 len += 1 + caps->len; 1228 caps = (void *)&caps->data[caps->len]; 1229 } 1230 1231 /* copy codec capabilities data */ 1232 if (len && copy_to_user(ptr, c->caps, len)) { 1233 err = -EFAULT; 1234 break; 1235 } 1236 ptr += len; 1237 } 1238 1239 hci_dev_unlock(hdev); 1240 hci_dev_put(hdev); 1241 1242 lock_sock(sk); 1243 1244 if (!err && put_user(buf_len, optlen)) 1245 err = -EFAULT; 1246 1247 break; 1248 1249 default: 1250 err = -ENOPROTOOPT; 1251 break; 1252 } 1253 1254 release_sock(sk); 1255 return err; 1256 } 1257 1258 static int sco_sock_shutdown(struct socket *sock, int how) 1259 { 1260 struct sock *sk = sock->sk; 1261 int err = 0; 1262 1263 BT_DBG("sock %p, sk %p", sock, sk); 1264 1265 if (!sk) 1266 return 0; 1267 1268 sock_hold(sk); 1269 lock_sock(sk); 1270 1271 if (!sk->sk_shutdown) { 1272 sk->sk_shutdown = SHUTDOWN_MASK; 1273 sco_sock_clear_timer(sk); 1274 __sco_sock_close(sk); 1275 1276 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1277 !(current->flags & PF_EXITING)) 1278 err = bt_sock_wait_state(sk, BT_CLOSED, 1279 sk->sk_lingertime); 1280 } 1281 1282 release_sock(sk); 1283 sock_put(sk); 1284 1285 return err; 1286 } 1287 1288 static int sco_sock_release(struct socket *sock) 1289 { 1290 struct sock *sk = sock->sk; 1291 int err = 0; 1292 1293 BT_DBG("sock %p, sk %p", sock, sk); 1294 1295 if (!sk) 1296 return 0; 1297 1298 sco_sock_close(sk); 1299 1300 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) && 1301 !(current->flags & PF_EXITING)) { 1302 lock_sock(sk); 1303 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1304 release_sock(sk); 1305 } 1306 1307 sock_orphan(sk); 1308 sco_sock_kill(sk); 1309 return err; 1310 } 1311 1312 static void sco_conn_ready(struct sco_conn *conn) 1313 { 1314 struct sock *parent; 1315 struct sock *sk = conn->sk; 1316 1317 BT_DBG("conn %p", conn); 1318 1319 if (sk) { 1320 lock_sock(sk); 1321 sco_sock_clear_timer(sk); 1322 sk->sk_state = BT_CONNECTED; 1323 sk->sk_state_change(sk); 1324 release_sock(sk); 1325 } else { 1326 sco_conn_lock(conn); 1327 1328 if (!conn->hcon) { 1329 sco_conn_unlock(conn); 1330 return; 1331 } 1332 1333 parent = sco_get_sock_listen(&conn->hcon->src); 1334 if (!parent) { 1335 sco_conn_unlock(conn); 1336 return; 1337 } 1338 1339 lock_sock(parent); 1340 1341 sk = sco_sock_alloc(sock_net(parent), NULL, 1342 BTPROTO_SCO, GFP_ATOMIC, 0); 1343 if (!sk) { 1344 release_sock(parent); 1345 sco_conn_unlock(conn); 1346 return; 1347 } 1348 1349 sco_sock_init(sk, parent); 1350 1351 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1352 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1353 1354 hci_conn_hold(conn->hcon); 1355 __sco_chan_add(conn, sk, parent); 1356 1357 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1358 sk->sk_state = BT_CONNECT2; 1359 else 1360 sk->sk_state = BT_CONNECTED; 1361 1362 /* Wake up parent */ 1363 parent->sk_data_ready(parent); 1364 1365 release_sock(parent); 1366 1367 sco_conn_unlock(conn); 1368 } 1369 } 1370 1371 /* ----- SCO interface with lower layer (HCI) ----- */ 1372 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1373 { 1374 struct sock *sk; 1375 int lm = 0; 1376 1377 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1378 1379 /* Find listening sockets */ 1380 read_lock(&sco_sk_list.lock); 1381 sk_for_each(sk, &sco_sk_list.head) { 1382 if (sk->sk_state != BT_LISTEN) 1383 continue; 1384 1385 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1386 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1387 lm |= HCI_LM_ACCEPT; 1388 1389 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1390 *flags |= HCI_PROTO_DEFER; 1391 break; 1392 } 1393 } 1394 read_unlock(&sco_sk_list.lock); 1395 1396 return lm; 1397 } 1398 1399 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1400 { 1401 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1402 return; 1403 1404 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status); 1405 1406 if (!status) { 1407 struct sco_conn *conn; 1408 1409 conn = sco_conn_add(hcon); 1410 if (conn) 1411 sco_conn_ready(conn); 1412 } else 1413 sco_conn_del(hcon, bt_to_errno(status)); 1414 } 1415 1416 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1417 { 1418 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1419 return; 1420 1421 BT_DBG("hcon %p reason %d", hcon, reason); 1422 1423 sco_conn_del(hcon, bt_to_errno(reason)); 1424 } 1425 1426 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 1427 { 1428 struct sco_conn *conn = hcon->sco_data; 1429 1430 if (!conn) 1431 goto drop; 1432 1433 BT_DBG("conn %p len %u", conn, skb->len); 1434 1435 if (skb->len) { 1436 sco_recv_frame(conn, skb); 1437 return; 1438 } 1439 1440 drop: 1441 kfree_skb(skb); 1442 } 1443 1444 static struct hci_cb sco_cb = { 1445 .name = "SCO", 1446 .connect_cfm = sco_connect_cfm, 1447 .disconn_cfm = sco_disconn_cfm, 1448 }; 1449 1450 static int sco_debugfs_show(struct seq_file *f, void *p) 1451 { 1452 struct sock *sk; 1453 1454 read_lock(&sco_sk_list.lock); 1455 1456 sk_for_each(sk, &sco_sk_list.head) { 1457 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1458 &sco_pi(sk)->dst, sk->sk_state); 1459 } 1460 1461 read_unlock(&sco_sk_list.lock); 1462 1463 return 0; 1464 } 1465 1466 DEFINE_SHOW_ATTRIBUTE(sco_debugfs); 1467 1468 static struct dentry *sco_debugfs; 1469 1470 static const struct proto_ops sco_sock_ops = { 1471 .family = PF_BLUETOOTH, 1472 .owner = THIS_MODULE, 1473 .release = sco_sock_release, 1474 .bind = sco_sock_bind, 1475 .connect = sco_sock_connect, 1476 .listen = sco_sock_listen, 1477 .accept = sco_sock_accept, 1478 .getname = sco_sock_getname, 1479 .sendmsg = sco_sock_sendmsg, 1480 .recvmsg = sco_sock_recvmsg, 1481 .poll = bt_sock_poll, 1482 .ioctl = bt_sock_ioctl, 1483 .gettstamp = sock_gettstamp, 1484 .mmap = sock_no_mmap, 1485 .socketpair = sock_no_socketpair, 1486 .shutdown = sco_sock_shutdown, 1487 .setsockopt = sco_sock_setsockopt, 1488 .getsockopt = sco_sock_getsockopt 1489 }; 1490 1491 static const struct net_proto_family sco_sock_family_ops = { 1492 .family = PF_BLUETOOTH, 1493 .owner = THIS_MODULE, 1494 .create = sco_sock_create, 1495 }; 1496 1497 int __init sco_init(void) 1498 { 1499 int err; 1500 1501 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1502 1503 err = proto_register(&sco_proto, 0); 1504 if (err < 0) 1505 return err; 1506 1507 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1508 if (err < 0) { 1509 BT_ERR("SCO socket registration failed"); 1510 goto error; 1511 } 1512 1513 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1514 if (err < 0) { 1515 BT_ERR("Failed to create SCO proc file"); 1516 bt_sock_unregister(BTPROTO_SCO); 1517 goto error; 1518 } 1519 1520 BT_INFO("SCO socket layer initialized"); 1521 1522 hci_register_cb(&sco_cb); 1523 1524 if (IS_ERR_OR_NULL(bt_debugfs)) 1525 return 0; 1526 1527 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1528 NULL, &sco_debugfs_fops); 1529 1530 return 0; 1531 1532 error: 1533 proto_unregister(&sco_proto); 1534 return err; 1535 } 1536 1537 void sco_exit(void) 1538 { 1539 bt_procfs_cleanup(&init_net, "sco"); 1540 1541 debugfs_remove(sco_debugfs); 1542 1543 hci_unregister_cb(&sco_cb); 1544 1545 bt_sock_unregister(BTPROTO_SCO); 1546 1547 proto_unregister(&sco_proto); 1548 } 1549 1550 module_param(disable_esco, bool, 0644); 1551 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1552