1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth SCO sockets. */ 26 27 #include <linux/module.h> 28 #include <linux/debugfs.h> 29 #include <linux/seq_file.h> 30 31 #include <net/bluetooth/bluetooth.h> 32 #include <net/bluetooth/hci_core.h> 33 #include <net/bluetooth/sco.h> 34 35 static bool disable_esco; 36 37 static const struct proto_ops sco_sock_ops; 38 39 static struct bt_sock_list sco_sk_list = { 40 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 41 }; 42 43 /* ---- SCO connections ---- */ 44 struct sco_conn { 45 struct hci_conn *hcon; 46 47 spinlock_t lock; 48 struct sock *sk; 49 50 unsigned int mtu; 51 }; 52 53 #define sco_conn_lock(c) spin_lock(&c->lock); 54 #define sco_conn_unlock(c) spin_unlock(&c->lock); 55 56 static void sco_sock_close(struct sock *sk); 57 static void sco_sock_kill(struct sock *sk); 58 59 /* ----- SCO socket info ----- */ 60 #define sco_pi(sk) ((struct sco_pinfo *) sk) 61 62 struct sco_pinfo { 63 struct bt_sock bt; 64 bdaddr_t src; 65 bdaddr_t dst; 66 __u32 flags; 67 __u16 setting; 68 struct sco_conn *conn; 69 }; 70 71 /* ---- SCO timers ---- */ 72 #define SCO_CONN_TIMEOUT (HZ * 40) 73 #define SCO_DISCONN_TIMEOUT (HZ * 2) 74 75 static void sco_sock_timeout(unsigned long arg) 76 { 77 struct sock *sk = (struct sock *) arg; 78 79 BT_DBG("sock %p state %d", sk, sk->sk_state); 80 81 bh_lock_sock(sk); 82 sk->sk_err = ETIMEDOUT; 83 sk->sk_state_change(sk); 84 bh_unlock_sock(sk); 85 86 sco_sock_kill(sk); 87 sock_put(sk); 88 } 89 90 static void sco_sock_set_timer(struct sock *sk, long timeout) 91 { 92 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 93 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout); 94 } 95 96 static void sco_sock_clear_timer(struct sock *sk) 97 { 98 BT_DBG("sock %p state %d", sk, sk->sk_state); 99 sk_stop_timer(sk, &sk->sk_timer); 100 } 101 102 /* ---- SCO connections ---- */ 103 static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 104 { 105 struct hci_dev *hdev = hcon->hdev; 106 struct sco_conn *conn = hcon->sco_data; 107 108 if (conn) 109 return conn; 110 111 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); 112 if (!conn) 113 return NULL; 114 115 spin_lock_init(&conn->lock); 116 117 hcon->sco_data = conn; 118 conn->hcon = hcon; 119 120 if (hdev->sco_mtu > 0) 121 conn->mtu = hdev->sco_mtu; 122 else 123 conn->mtu = 60; 124 125 BT_DBG("hcon %p conn %p", hcon, conn); 126 127 return conn; 128 } 129 130 /* Delete channel. 131 * Must be called on the locked socket. */ 132 static void sco_chan_del(struct sock *sk, int err) 133 { 134 struct sco_conn *conn; 135 136 conn = sco_pi(sk)->conn; 137 138 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 139 140 if (conn) { 141 sco_conn_lock(conn); 142 conn->sk = NULL; 143 sco_pi(sk)->conn = NULL; 144 sco_conn_unlock(conn); 145 146 if (conn->hcon) 147 hci_conn_drop(conn->hcon); 148 } 149 150 sk->sk_state = BT_CLOSED; 151 sk->sk_err = err; 152 sk->sk_state_change(sk); 153 154 sock_set_flag(sk, SOCK_ZAPPED); 155 } 156 157 static int sco_conn_del(struct hci_conn *hcon, int err) 158 { 159 struct sco_conn *conn = hcon->sco_data; 160 struct sock *sk; 161 162 if (!conn) 163 return 0; 164 165 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 166 167 /* Kill socket */ 168 sco_conn_lock(conn); 169 sk = conn->sk; 170 sco_conn_unlock(conn); 171 172 if (sk) { 173 bh_lock_sock(sk); 174 sco_sock_clear_timer(sk); 175 sco_chan_del(sk, err); 176 bh_unlock_sock(sk); 177 sco_sock_kill(sk); 178 } 179 180 hcon->sco_data = NULL; 181 kfree(conn); 182 return 0; 183 } 184 185 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent) 186 { 187 BT_DBG("conn %p", conn); 188 189 sco_pi(sk)->conn = conn; 190 conn->sk = sk; 191 192 if (parent) 193 bt_accept_enqueue(parent, sk); 194 } 195 196 static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 197 struct sock *parent) 198 { 199 int err = 0; 200 201 sco_conn_lock(conn); 202 if (conn->sk) 203 err = -EBUSY; 204 else 205 __sco_chan_add(conn, sk, parent); 206 207 sco_conn_unlock(conn); 208 return err; 209 } 210 211 static int sco_connect(struct sock *sk) 212 { 213 struct sco_conn *conn; 214 struct hci_conn *hcon; 215 struct hci_dev *hdev; 216 int err, type; 217 218 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 219 220 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src); 221 if (!hdev) 222 return -EHOSTUNREACH; 223 224 hci_dev_lock(hdev); 225 226 if (lmp_esco_capable(hdev) && !disable_esco) 227 type = ESCO_LINK; 228 else 229 type = SCO_LINK; 230 231 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT && 232 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) { 233 err = -EOPNOTSUPP; 234 goto done; 235 } 236 237 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, 238 sco_pi(sk)->setting); 239 if (IS_ERR(hcon)) { 240 err = PTR_ERR(hcon); 241 goto done; 242 } 243 244 conn = sco_conn_add(hcon); 245 if (!conn) { 246 hci_conn_drop(hcon); 247 err = -ENOMEM; 248 goto done; 249 } 250 251 /* Update source addr of the socket */ 252 bacpy(&sco_pi(sk)->src, &hcon->src); 253 254 err = sco_chan_add(conn, sk, NULL); 255 if (err) 256 goto done; 257 258 if (hcon->state == BT_CONNECTED) { 259 sco_sock_clear_timer(sk); 260 sk->sk_state = BT_CONNECTED; 261 } else { 262 sk->sk_state = BT_CONNECT; 263 sco_sock_set_timer(sk, sk->sk_sndtimeo); 264 } 265 266 done: 267 hci_dev_unlock(hdev); 268 hci_dev_put(hdev); 269 return err; 270 } 271 272 static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len) 273 { 274 struct sco_conn *conn = sco_pi(sk)->conn; 275 struct sk_buff *skb; 276 int err; 277 278 /* Check outgoing MTU */ 279 if (len > conn->mtu) 280 return -EINVAL; 281 282 BT_DBG("sk %p len %d", sk, len); 283 284 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err); 285 if (!skb) 286 return err; 287 288 if (memcpy_from_msg(skb_put(skb, len), msg, len)) { 289 kfree_skb(skb); 290 return -EFAULT; 291 } 292 293 hci_send_sco(conn->hcon, skb); 294 295 return len; 296 } 297 298 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 299 { 300 struct sock *sk; 301 302 sco_conn_lock(conn); 303 sk = conn->sk; 304 sco_conn_unlock(conn); 305 306 if (!sk) 307 goto drop; 308 309 BT_DBG("sk %p len %d", sk, skb->len); 310 311 if (sk->sk_state != BT_CONNECTED) 312 goto drop; 313 314 if (!sock_queue_rcv_skb(sk, skb)) 315 return; 316 317 drop: 318 kfree_skb(skb); 319 } 320 321 /* -------- Socket interface ---------- */ 322 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 323 { 324 struct sock *sk; 325 326 sk_for_each(sk, &sco_sk_list.head) { 327 if (sk->sk_state != BT_LISTEN) 328 continue; 329 330 if (!bacmp(&sco_pi(sk)->src, ba)) 331 return sk; 332 } 333 334 return NULL; 335 } 336 337 /* Find socket listening on source bdaddr. 338 * Returns closest match. 339 */ 340 static struct sock *sco_get_sock_listen(bdaddr_t *src) 341 { 342 struct sock *sk = NULL, *sk1 = NULL; 343 344 read_lock(&sco_sk_list.lock); 345 346 sk_for_each(sk, &sco_sk_list.head) { 347 if (sk->sk_state != BT_LISTEN) 348 continue; 349 350 /* Exact match. */ 351 if (!bacmp(&sco_pi(sk)->src, src)) 352 break; 353 354 /* Closest match */ 355 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 356 sk1 = sk; 357 } 358 359 read_unlock(&sco_sk_list.lock); 360 361 return sk ? sk : sk1; 362 } 363 364 static void sco_sock_destruct(struct sock *sk) 365 { 366 BT_DBG("sk %p", sk); 367 368 skb_queue_purge(&sk->sk_receive_queue); 369 skb_queue_purge(&sk->sk_write_queue); 370 } 371 372 static void sco_sock_cleanup_listen(struct sock *parent) 373 { 374 struct sock *sk; 375 376 BT_DBG("parent %p", parent); 377 378 /* Close not yet accepted channels */ 379 while ((sk = bt_accept_dequeue(parent, NULL))) { 380 sco_sock_close(sk); 381 sco_sock_kill(sk); 382 } 383 384 parent->sk_state = BT_CLOSED; 385 sock_set_flag(parent, SOCK_ZAPPED); 386 } 387 388 /* Kill socket (only if zapped and orphan) 389 * Must be called on unlocked socket. 390 */ 391 static void sco_sock_kill(struct sock *sk) 392 { 393 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 394 return; 395 396 BT_DBG("sk %p state %d", sk, sk->sk_state); 397 398 /* Kill poor orphan */ 399 bt_sock_unlink(&sco_sk_list, sk); 400 sock_set_flag(sk, SOCK_DEAD); 401 sock_put(sk); 402 } 403 404 static void __sco_sock_close(struct sock *sk) 405 { 406 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 407 408 switch (sk->sk_state) { 409 case BT_LISTEN: 410 sco_sock_cleanup_listen(sk); 411 break; 412 413 case BT_CONNECTED: 414 case BT_CONFIG: 415 if (sco_pi(sk)->conn->hcon) { 416 sk->sk_state = BT_DISCONN; 417 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 418 hci_conn_drop(sco_pi(sk)->conn->hcon); 419 sco_pi(sk)->conn->hcon = NULL; 420 } else 421 sco_chan_del(sk, ECONNRESET); 422 break; 423 424 case BT_CONNECT2: 425 case BT_CONNECT: 426 case BT_DISCONN: 427 sco_chan_del(sk, ECONNRESET); 428 break; 429 430 default: 431 sock_set_flag(sk, SOCK_ZAPPED); 432 break; 433 } 434 } 435 436 /* Must be called on unlocked socket. */ 437 static void sco_sock_close(struct sock *sk) 438 { 439 sco_sock_clear_timer(sk); 440 lock_sock(sk); 441 __sco_sock_close(sk); 442 release_sock(sk); 443 sco_sock_kill(sk); 444 } 445 446 static void sco_sock_init(struct sock *sk, struct sock *parent) 447 { 448 BT_DBG("sk %p", sk); 449 450 if (parent) { 451 sk->sk_type = parent->sk_type; 452 bt_sk(sk)->flags = bt_sk(parent)->flags; 453 security_sk_clone(parent, sk); 454 } 455 } 456 457 static struct proto sco_proto = { 458 .name = "SCO", 459 .owner = THIS_MODULE, 460 .obj_size = sizeof(struct sco_pinfo) 461 }; 462 463 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 464 { 465 struct sock *sk; 466 467 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto); 468 if (!sk) 469 return NULL; 470 471 sock_init_data(sock, sk); 472 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 473 474 sk->sk_destruct = sco_sock_destruct; 475 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 476 477 sock_reset_flag(sk, SOCK_ZAPPED); 478 479 sk->sk_protocol = proto; 480 sk->sk_state = BT_OPEN; 481 482 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 483 484 setup_timer(&sk->sk_timer, sco_sock_timeout, (unsigned long)sk); 485 486 bt_sock_link(&sco_sk_list, sk); 487 return sk; 488 } 489 490 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 491 int kern) 492 { 493 struct sock *sk; 494 495 BT_DBG("sock %p", sock); 496 497 sock->state = SS_UNCONNECTED; 498 499 if (sock->type != SOCK_SEQPACKET) 500 return -ESOCKTNOSUPPORT; 501 502 sock->ops = &sco_sock_ops; 503 504 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC); 505 if (!sk) 506 return -ENOMEM; 507 508 sco_sock_init(sk, NULL); 509 return 0; 510 } 511 512 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 513 { 514 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 515 struct sock *sk = sock->sk; 516 int err = 0; 517 518 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 519 520 if (!addr || addr->sa_family != AF_BLUETOOTH) 521 return -EINVAL; 522 523 lock_sock(sk); 524 525 if (sk->sk_state != BT_OPEN) { 526 err = -EBADFD; 527 goto done; 528 } 529 530 if (sk->sk_type != SOCK_SEQPACKET) { 531 err = -EINVAL; 532 goto done; 533 } 534 535 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 536 537 sk->sk_state = BT_BOUND; 538 539 done: 540 release_sock(sk); 541 return err; 542 } 543 544 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 545 { 546 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 547 struct sock *sk = sock->sk; 548 int err; 549 550 BT_DBG("sk %p", sk); 551 552 if (alen < sizeof(struct sockaddr_sco) || 553 addr->sa_family != AF_BLUETOOTH) 554 return -EINVAL; 555 556 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 557 return -EBADFD; 558 559 if (sk->sk_type != SOCK_SEQPACKET) 560 return -EINVAL; 561 562 lock_sock(sk); 563 564 /* Set destination address and psm */ 565 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 566 567 err = sco_connect(sk); 568 if (err) 569 goto done; 570 571 err = bt_sock_wait_state(sk, BT_CONNECTED, 572 sock_sndtimeo(sk, flags & O_NONBLOCK)); 573 574 done: 575 release_sock(sk); 576 return err; 577 } 578 579 static int sco_sock_listen(struct socket *sock, int backlog) 580 { 581 struct sock *sk = sock->sk; 582 bdaddr_t *src = &sco_pi(sk)->src; 583 int err = 0; 584 585 BT_DBG("sk %p backlog %d", sk, backlog); 586 587 lock_sock(sk); 588 589 if (sk->sk_state != BT_BOUND) { 590 err = -EBADFD; 591 goto done; 592 } 593 594 if (sk->sk_type != SOCK_SEQPACKET) { 595 err = -EINVAL; 596 goto done; 597 } 598 599 write_lock(&sco_sk_list.lock); 600 601 if (__sco_get_sock_listen_by_addr(src)) { 602 err = -EADDRINUSE; 603 goto unlock; 604 } 605 606 sk->sk_max_ack_backlog = backlog; 607 sk->sk_ack_backlog = 0; 608 609 sk->sk_state = BT_LISTEN; 610 611 unlock: 612 write_unlock(&sco_sk_list.lock); 613 614 done: 615 release_sock(sk); 616 return err; 617 } 618 619 static int sco_sock_accept(struct socket *sock, struct socket *newsock, int flags) 620 { 621 DECLARE_WAITQUEUE(wait, current); 622 struct sock *sk = sock->sk, *ch; 623 long timeo; 624 int err = 0; 625 626 lock_sock(sk); 627 628 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 629 630 BT_DBG("sk %p timeo %ld", sk, timeo); 631 632 /* Wait for an incoming connection. (wake-one). */ 633 add_wait_queue_exclusive(sk_sleep(sk), &wait); 634 while (1) { 635 set_current_state(TASK_INTERRUPTIBLE); 636 637 if (sk->sk_state != BT_LISTEN) { 638 err = -EBADFD; 639 break; 640 } 641 642 ch = bt_accept_dequeue(sk, newsock); 643 if (ch) 644 break; 645 646 if (!timeo) { 647 err = -EAGAIN; 648 break; 649 } 650 651 if (signal_pending(current)) { 652 err = sock_intr_errno(timeo); 653 break; 654 } 655 656 release_sock(sk); 657 timeo = schedule_timeout(timeo); 658 lock_sock(sk); 659 } 660 __set_current_state(TASK_RUNNING); 661 remove_wait_queue(sk_sleep(sk), &wait); 662 663 if (err) 664 goto done; 665 666 newsock->state = SS_CONNECTED; 667 668 BT_DBG("new socket %p", ch); 669 670 done: 671 release_sock(sk); 672 return err; 673 } 674 675 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 676 { 677 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 678 struct sock *sk = sock->sk; 679 680 BT_DBG("sock %p, sk %p", sock, sk); 681 682 addr->sa_family = AF_BLUETOOTH; 683 *len = sizeof(struct sockaddr_sco); 684 685 if (peer) 686 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 687 else 688 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 689 690 return 0; 691 } 692 693 static int sco_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 694 struct msghdr *msg, size_t len) 695 { 696 struct sock *sk = sock->sk; 697 int err; 698 699 BT_DBG("sock %p, sk %p", sock, sk); 700 701 err = sock_error(sk); 702 if (err) 703 return err; 704 705 if (msg->msg_flags & MSG_OOB) 706 return -EOPNOTSUPP; 707 708 lock_sock(sk); 709 710 if (sk->sk_state == BT_CONNECTED) 711 err = sco_send_frame(sk, msg, len); 712 else 713 err = -ENOTCONN; 714 715 release_sock(sk); 716 return err; 717 } 718 719 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 720 { 721 struct hci_dev *hdev = conn->hdev; 722 723 BT_DBG("conn %p", conn); 724 725 conn->state = BT_CONFIG; 726 727 if (!lmp_esco_capable(hdev)) { 728 struct hci_cp_accept_conn_req cp; 729 730 bacpy(&cp.bdaddr, &conn->dst); 731 cp.role = 0x00; /* Ignored */ 732 733 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 734 } else { 735 struct hci_cp_accept_sync_conn_req cp; 736 737 bacpy(&cp.bdaddr, &conn->dst); 738 cp.pkt_type = cpu_to_le16(conn->pkt_type); 739 740 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 741 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 742 cp.content_format = cpu_to_le16(setting); 743 744 switch (setting & SCO_AIRMODE_MASK) { 745 case SCO_AIRMODE_TRANSP: 746 if (conn->pkt_type & ESCO_2EV3) 747 cp.max_latency = cpu_to_le16(0x0008); 748 else 749 cp.max_latency = cpu_to_le16(0x000D); 750 cp.retrans_effort = 0x02; 751 break; 752 case SCO_AIRMODE_CVSD: 753 cp.max_latency = cpu_to_le16(0xffff); 754 cp.retrans_effort = 0xff; 755 break; 756 } 757 758 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 759 sizeof(cp), &cp); 760 } 761 } 762 763 static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 764 struct msghdr *msg, size_t len, int flags) 765 { 766 struct sock *sk = sock->sk; 767 struct sco_pinfo *pi = sco_pi(sk); 768 769 lock_sock(sk); 770 771 if (sk->sk_state == BT_CONNECT2 && 772 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 773 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 774 sk->sk_state = BT_CONFIG; 775 776 release_sock(sk); 777 return 0; 778 } 779 780 release_sock(sk); 781 782 return bt_sock_recvmsg(iocb, sock, msg, len, flags); 783 } 784 785 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 786 { 787 struct sock *sk = sock->sk; 788 int len, err = 0; 789 struct bt_voice voice; 790 u32 opt; 791 792 BT_DBG("sk %p", sk); 793 794 lock_sock(sk); 795 796 switch (optname) { 797 798 case BT_DEFER_SETUP: 799 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 800 err = -EINVAL; 801 break; 802 } 803 804 if (get_user(opt, (u32 __user *) optval)) { 805 err = -EFAULT; 806 break; 807 } 808 809 if (opt) 810 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 811 else 812 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 813 break; 814 815 case BT_VOICE: 816 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 817 sk->sk_state != BT_CONNECT2) { 818 err = -EINVAL; 819 break; 820 } 821 822 voice.setting = sco_pi(sk)->setting; 823 824 len = min_t(unsigned int, sizeof(voice), optlen); 825 if (copy_from_user((char *) &voice, optval, len)) { 826 err = -EFAULT; 827 break; 828 } 829 830 /* Explicitly check for these values */ 831 if (voice.setting != BT_VOICE_TRANSPARENT && 832 voice.setting != BT_VOICE_CVSD_16BIT) { 833 err = -EINVAL; 834 break; 835 } 836 837 sco_pi(sk)->setting = voice.setting; 838 break; 839 840 default: 841 err = -ENOPROTOOPT; 842 break; 843 } 844 845 release_sock(sk); 846 return err; 847 } 848 849 static int sco_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 850 { 851 struct sock *sk = sock->sk; 852 struct sco_options opts; 853 struct sco_conninfo cinfo; 854 int len, err = 0; 855 856 BT_DBG("sk %p", sk); 857 858 if (get_user(len, optlen)) 859 return -EFAULT; 860 861 lock_sock(sk); 862 863 switch (optname) { 864 case SCO_OPTIONS: 865 if (sk->sk_state != BT_CONNECTED && 866 !(sk->sk_state == BT_CONNECT2 && 867 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 868 err = -ENOTCONN; 869 break; 870 } 871 872 opts.mtu = sco_pi(sk)->conn->mtu; 873 874 BT_DBG("mtu %d", opts.mtu); 875 876 len = min_t(unsigned int, len, sizeof(opts)); 877 if (copy_to_user(optval, (char *)&opts, len)) 878 err = -EFAULT; 879 880 break; 881 882 case SCO_CONNINFO: 883 if (sk->sk_state != BT_CONNECTED && 884 !(sk->sk_state == BT_CONNECT2 && 885 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 886 err = -ENOTCONN; 887 break; 888 } 889 890 memset(&cinfo, 0, sizeof(cinfo)); 891 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 892 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 893 894 len = min_t(unsigned int, len, sizeof(cinfo)); 895 if (copy_to_user(optval, (char *)&cinfo, len)) 896 err = -EFAULT; 897 898 break; 899 900 default: 901 err = -ENOPROTOOPT; 902 break; 903 } 904 905 release_sock(sk); 906 return err; 907 } 908 909 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 910 { 911 struct sock *sk = sock->sk; 912 int len, err = 0; 913 struct bt_voice voice; 914 915 BT_DBG("sk %p", sk); 916 917 if (level == SOL_SCO) 918 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 919 920 if (get_user(len, optlen)) 921 return -EFAULT; 922 923 lock_sock(sk); 924 925 switch (optname) { 926 927 case BT_DEFER_SETUP: 928 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 929 err = -EINVAL; 930 break; 931 } 932 933 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 934 (u32 __user *) optval)) 935 err = -EFAULT; 936 937 break; 938 939 case BT_VOICE: 940 voice.setting = sco_pi(sk)->setting; 941 942 len = min_t(unsigned int, len, sizeof(voice)); 943 if (copy_to_user(optval, (char *)&voice, len)) 944 err = -EFAULT; 945 946 break; 947 948 default: 949 err = -ENOPROTOOPT; 950 break; 951 } 952 953 release_sock(sk); 954 return err; 955 } 956 957 static int sco_sock_shutdown(struct socket *sock, int how) 958 { 959 struct sock *sk = sock->sk; 960 int err = 0; 961 962 BT_DBG("sock %p, sk %p", sock, sk); 963 964 if (!sk) 965 return 0; 966 967 lock_sock(sk); 968 if (!sk->sk_shutdown) { 969 sk->sk_shutdown = SHUTDOWN_MASK; 970 sco_sock_clear_timer(sk); 971 __sco_sock_close(sk); 972 973 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 974 !(current->flags & PF_EXITING)) 975 err = bt_sock_wait_state(sk, BT_CLOSED, 976 sk->sk_lingertime); 977 } 978 release_sock(sk); 979 return err; 980 } 981 982 static int sco_sock_release(struct socket *sock) 983 { 984 struct sock *sk = sock->sk; 985 int err = 0; 986 987 BT_DBG("sock %p, sk %p", sock, sk); 988 989 if (!sk) 990 return 0; 991 992 sco_sock_close(sk); 993 994 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 995 !(current->flags & PF_EXITING)) { 996 lock_sock(sk); 997 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 998 release_sock(sk); 999 } 1000 1001 sock_orphan(sk); 1002 sco_sock_kill(sk); 1003 return err; 1004 } 1005 1006 static void sco_conn_ready(struct sco_conn *conn) 1007 { 1008 struct sock *parent; 1009 struct sock *sk = conn->sk; 1010 1011 BT_DBG("conn %p", conn); 1012 1013 if (sk) { 1014 sco_sock_clear_timer(sk); 1015 bh_lock_sock(sk); 1016 sk->sk_state = BT_CONNECTED; 1017 sk->sk_state_change(sk); 1018 bh_unlock_sock(sk); 1019 } else { 1020 sco_conn_lock(conn); 1021 1022 parent = sco_get_sock_listen(&conn->hcon->src); 1023 if (!parent) { 1024 sco_conn_unlock(conn); 1025 return; 1026 } 1027 1028 bh_lock_sock(parent); 1029 1030 sk = sco_sock_alloc(sock_net(parent), NULL, 1031 BTPROTO_SCO, GFP_ATOMIC); 1032 if (!sk) { 1033 bh_unlock_sock(parent); 1034 sco_conn_unlock(conn); 1035 return; 1036 } 1037 1038 sco_sock_init(sk, parent); 1039 1040 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1041 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1042 1043 hci_conn_hold(conn->hcon); 1044 __sco_chan_add(conn, sk, parent); 1045 1046 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1047 sk->sk_state = BT_CONNECT2; 1048 else 1049 sk->sk_state = BT_CONNECTED; 1050 1051 /* Wake up parent */ 1052 parent->sk_data_ready(parent); 1053 1054 bh_unlock_sock(parent); 1055 1056 sco_conn_unlock(conn); 1057 } 1058 } 1059 1060 /* ----- SCO interface with lower layer (HCI) ----- */ 1061 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1062 { 1063 struct sock *sk; 1064 int lm = 0; 1065 1066 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1067 1068 /* Find listening sockets */ 1069 read_lock(&sco_sk_list.lock); 1070 sk_for_each(sk, &sco_sk_list.head) { 1071 if (sk->sk_state != BT_LISTEN) 1072 continue; 1073 1074 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1075 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1076 lm |= HCI_LM_ACCEPT; 1077 1078 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1079 *flags |= HCI_PROTO_DEFER; 1080 break; 1081 } 1082 } 1083 read_unlock(&sco_sk_list.lock); 1084 1085 return lm; 1086 } 1087 1088 void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1089 { 1090 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 1091 if (!status) { 1092 struct sco_conn *conn; 1093 1094 conn = sco_conn_add(hcon); 1095 if (conn) 1096 sco_conn_ready(conn); 1097 } else 1098 sco_conn_del(hcon, bt_to_errno(status)); 1099 } 1100 1101 void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1102 { 1103 BT_DBG("hcon %p reason %d", hcon, reason); 1104 1105 sco_conn_del(hcon, bt_to_errno(reason)); 1106 } 1107 1108 int sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 1109 { 1110 struct sco_conn *conn = hcon->sco_data; 1111 1112 if (!conn) 1113 goto drop; 1114 1115 BT_DBG("conn %p len %d", conn, skb->len); 1116 1117 if (skb->len) { 1118 sco_recv_frame(conn, skb); 1119 return 0; 1120 } 1121 1122 drop: 1123 kfree_skb(skb); 1124 return 0; 1125 } 1126 1127 static int sco_debugfs_show(struct seq_file *f, void *p) 1128 { 1129 struct sock *sk; 1130 1131 read_lock(&sco_sk_list.lock); 1132 1133 sk_for_each(sk, &sco_sk_list.head) { 1134 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1135 &sco_pi(sk)->dst, sk->sk_state); 1136 } 1137 1138 read_unlock(&sco_sk_list.lock); 1139 1140 return 0; 1141 } 1142 1143 static int sco_debugfs_open(struct inode *inode, struct file *file) 1144 { 1145 return single_open(file, sco_debugfs_show, inode->i_private); 1146 } 1147 1148 static const struct file_operations sco_debugfs_fops = { 1149 .open = sco_debugfs_open, 1150 .read = seq_read, 1151 .llseek = seq_lseek, 1152 .release = single_release, 1153 }; 1154 1155 static struct dentry *sco_debugfs; 1156 1157 static const struct proto_ops sco_sock_ops = { 1158 .family = PF_BLUETOOTH, 1159 .owner = THIS_MODULE, 1160 .release = sco_sock_release, 1161 .bind = sco_sock_bind, 1162 .connect = sco_sock_connect, 1163 .listen = sco_sock_listen, 1164 .accept = sco_sock_accept, 1165 .getname = sco_sock_getname, 1166 .sendmsg = sco_sock_sendmsg, 1167 .recvmsg = sco_sock_recvmsg, 1168 .poll = bt_sock_poll, 1169 .ioctl = bt_sock_ioctl, 1170 .mmap = sock_no_mmap, 1171 .socketpair = sock_no_socketpair, 1172 .shutdown = sco_sock_shutdown, 1173 .setsockopt = sco_sock_setsockopt, 1174 .getsockopt = sco_sock_getsockopt 1175 }; 1176 1177 static const struct net_proto_family sco_sock_family_ops = { 1178 .family = PF_BLUETOOTH, 1179 .owner = THIS_MODULE, 1180 .create = sco_sock_create, 1181 }; 1182 1183 int __init sco_init(void) 1184 { 1185 int err; 1186 1187 err = proto_register(&sco_proto, 0); 1188 if (err < 0) 1189 return err; 1190 1191 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1192 if (err < 0) { 1193 BT_ERR("SCO socket registration failed"); 1194 goto error; 1195 } 1196 1197 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1198 if (err < 0) { 1199 BT_ERR("Failed to create SCO proc file"); 1200 bt_sock_unregister(BTPROTO_SCO); 1201 goto error; 1202 } 1203 1204 BT_INFO("SCO socket layer initialized"); 1205 1206 if (IS_ERR_OR_NULL(bt_debugfs)) 1207 return 0; 1208 1209 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1210 NULL, &sco_debugfs_fops); 1211 1212 return 0; 1213 1214 error: 1215 proto_unregister(&sco_proto); 1216 return err; 1217 } 1218 1219 void __exit sco_exit(void) 1220 { 1221 bt_procfs_cleanup(&init_net, "sco"); 1222 1223 debugfs_remove(sco_debugfs); 1224 1225 bt_sock_unregister(BTPROTO_SCO); 1226 1227 proto_unregister(&sco_proto); 1228 } 1229 1230 module_param(disable_esco, bool, 0644); 1231 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1232