1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth SCO sockets. */ 26 27 #include <linux/module.h> 28 #include <linux/debugfs.h> 29 #include <linux/seq_file.h> 30 #include <linux/sched/signal.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/sco.h> 35 36 static bool disable_esco; 37 38 static const struct proto_ops sco_sock_ops; 39 40 static struct bt_sock_list sco_sk_list = { 41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 42 }; 43 44 /* ---- SCO connections ---- */ 45 struct sco_conn { 46 struct hci_conn *hcon; 47 48 spinlock_t lock; 49 struct sock *sk; 50 51 struct delayed_work timeout_work; 52 53 unsigned int mtu; 54 struct kref ref; 55 }; 56 57 #define sco_conn_lock(c) spin_lock(&c->lock) 58 #define sco_conn_unlock(c) spin_unlock(&c->lock) 59 60 static void sco_sock_close(struct sock *sk); 61 static void sco_sock_kill(struct sock *sk); 62 63 /* ----- SCO socket info ----- */ 64 #define sco_pi(sk) ((struct sco_pinfo *) sk) 65 66 struct sco_pinfo { 67 struct bt_sock bt; 68 bdaddr_t src; 69 bdaddr_t dst; 70 __u32 flags; 71 __u16 setting; 72 struct bt_codec codec; 73 struct sco_conn *conn; 74 }; 75 76 /* ---- SCO timers ---- */ 77 #define SCO_CONN_TIMEOUT (HZ * 40) 78 #define SCO_DISCONN_TIMEOUT (HZ * 2) 79 80 static void sco_conn_free(struct kref *ref) 81 { 82 struct sco_conn *conn = container_of(ref, struct sco_conn, ref); 83 84 BT_DBG("conn %p", conn); 85 86 if (conn->sk) 87 sco_pi(conn->sk)->conn = NULL; 88 89 if (conn->hcon) { 90 conn->hcon->sco_data = NULL; 91 hci_conn_drop(conn->hcon); 92 } 93 94 /* Ensure no more work items will run since hci_conn has been dropped */ 95 disable_delayed_work_sync(&conn->timeout_work); 96 97 kfree(conn); 98 } 99 100 static void sco_conn_put(struct sco_conn *conn) 101 { 102 if (!conn) 103 return; 104 105 BT_DBG("conn %p refcnt %d", conn, kref_read(&conn->ref)); 106 107 kref_put(&conn->ref, sco_conn_free); 108 } 109 110 static struct sco_conn *sco_conn_hold(struct sco_conn *conn) 111 { 112 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref)); 113 114 kref_get(&conn->ref); 115 return conn; 116 } 117 118 static struct sco_conn *sco_conn_hold_unless_zero(struct sco_conn *conn) 119 { 120 if (!conn) 121 return NULL; 122 123 BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref)); 124 125 if (!kref_get_unless_zero(&conn->ref)) 126 return NULL; 127 128 return conn; 129 } 130 131 static struct sock *sco_sock_hold(struct sco_conn *conn) 132 { 133 if (!conn || !bt_sock_linked(&sco_sk_list, conn->sk)) 134 return NULL; 135 136 sock_hold(conn->sk); 137 138 return conn->sk; 139 } 140 141 static void sco_sock_timeout(struct work_struct *work) 142 { 143 struct sco_conn *conn = container_of(work, struct sco_conn, 144 timeout_work.work); 145 struct sock *sk; 146 147 conn = sco_conn_hold_unless_zero(conn); 148 if (!conn) 149 return; 150 151 sco_conn_lock(conn); 152 if (!conn->hcon) { 153 sco_conn_unlock(conn); 154 sco_conn_put(conn); 155 return; 156 } 157 sk = sco_sock_hold(conn); 158 sco_conn_unlock(conn); 159 sco_conn_put(conn); 160 161 if (!sk) 162 return; 163 164 BT_DBG("sock %p state %d", sk, sk->sk_state); 165 166 lock_sock(sk); 167 sk->sk_err = ETIMEDOUT; 168 sk->sk_state_change(sk); 169 release_sock(sk); 170 sock_put(sk); 171 } 172 173 static void sco_sock_set_timer(struct sock *sk, long timeout) 174 { 175 if (!sco_pi(sk)->conn) 176 return; 177 178 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 179 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 180 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout); 181 } 182 183 static void sco_sock_clear_timer(struct sock *sk) 184 { 185 if (!sco_pi(sk)->conn) 186 return; 187 188 BT_DBG("sock %p state %d", sk, sk->sk_state); 189 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 190 } 191 192 /* ---- SCO connections ---- */ 193 static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 194 { 195 struct sco_conn *conn = hcon->sco_data; 196 197 conn = sco_conn_hold_unless_zero(conn); 198 if (conn) { 199 if (!conn->hcon) { 200 sco_conn_lock(conn); 201 conn->hcon = hcon; 202 sco_conn_unlock(conn); 203 } 204 return conn; 205 } 206 207 conn = kzalloc_obj(struct sco_conn); 208 if (!conn) 209 return NULL; 210 211 kref_init(&conn->ref); 212 spin_lock_init(&conn->lock); 213 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout); 214 215 hcon->sco_data = conn; 216 conn->hcon = hcon; 217 conn->mtu = hcon->mtu; 218 219 if (hcon->mtu > 0) 220 conn->mtu = hcon->mtu; 221 else 222 conn->mtu = 60; 223 224 BT_DBG("hcon %p conn %p", hcon, conn); 225 226 return conn; 227 } 228 229 /* Delete channel. 230 * Must be called on the locked socket. */ 231 static void sco_chan_del(struct sock *sk, int err) 232 { 233 struct sco_conn *conn; 234 235 conn = sco_pi(sk)->conn; 236 sco_pi(sk)->conn = NULL; 237 238 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 239 240 if (conn) { 241 sco_conn_lock(conn); 242 conn->sk = NULL; 243 sco_conn_unlock(conn); 244 sco_conn_put(conn); 245 } 246 247 sk->sk_state = BT_CLOSED; 248 sk->sk_err = err; 249 sk->sk_state_change(sk); 250 251 sock_set_flag(sk, SOCK_ZAPPED); 252 } 253 254 static void sco_conn_del(struct hci_conn *hcon, int err) 255 { 256 struct sco_conn *conn = hcon->sco_data; 257 struct sock *sk; 258 259 conn = sco_conn_hold_unless_zero(conn); 260 if (!conn) 261 return; 262 263 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 264 265 sco_conn_lock(conn); 266 sk = sco_sock_hold(conn); 267 sco_conn_unlock(conn); 268 sco_conn_put(conn); 269 270 if (!sk) { 271 sco_conn_put(conn); 272 return; 273 } 274 275 /* Kill socket */ 276 lock_sock(sk); 277 sco_sock_clear_timer(sk); 278 sco_chan_del(sk, err); 279 release_sock(sk); 280 sock_put(sk); 281 } 282 283 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, 284 struct sock *parent) 285 { 286 BT_DBG("conn %p", conn); 287 288 sco_pi(sk)->conn = conn; 289 conn->sk = sk; 290 291 if (parent) 292 bt_accept_enqueue(parent, sk, true); 293 } 294 295 static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 296 struct sock *parent) 297 { 298 int err = 0; 299 300 sco_conn_lock(conn); 301 if (conn->sk || sco_pi(sk)->conn) 302 err = -EBUSY; 303 else 304 __sco_chan_add(conn, sk, parent); 305 306 sco_conn_unlock(conn); 307 return err; 308 } 309 310 static int sco_connect(struct sock *sk) 311 { 312 struct sco_conn *conn; 313 struct hci_conn *hcon; 314 struct hci_dev *hdev; 315 int err, type; 316 317 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 318 319 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 320 if (!hdev) 321 return -EHOSTUNREACH; 322 323 hci_dev_lock(hdev); 324 325 if (lmp_esco_capable(hdev) && !disable_esco) 326 type = ESCO_LINK; 327 else 328 type = SCO_LINK; 329 330 switch (sco_pi(sk)->setting & SCO_AIRMODE_MASK) { 331 case SCO_AIRMODE_TRANSP: 332 if (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)) { 333 err = -EOPNOTSUPP; 334 goto unlock; 335 } 336 break; 337 } 338 339 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, 340 sco_pi(sk)->setting, &sco_pi(sk)->codec, 341 READ_ONCE(sk->sk_sndtimeo)); 342 if (IS_ERR(hcon)) { 343 err = PTR_ERR(hcon); 344 goto unlock; 345 } 346 347 conn = sco_conn_add(hcon); 348 if (!conn) { 349 hci_conn_drop(hcon); 350 err = -ENOMEM; 351 goto unlock; 352 } 353 354 lock_sock(sk); 355 356 /* Recheck state after reacquiring the socket lock, as another 357 * thread may have changed it (e.g., closed the socket). 358 */ 359 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 360 release_sock(sk); 361 hci_conn_drop(hcon); 362 err = -EBADFD; 363 goto unlock; 364 } 365 366 err = sco_chan_add(conn, sk, NULL); 367 if (err) { 368 release_sock(sk); 369 hci_conn_drop(hcon); 370 goto unlock; 371 } 372 373 /* Update source addr of the socket */ 374 bacpy(&sco_pi(sk)->src, &hcon->src); 375 376 if (hcon->state == BT_CONNECTED) { 377 sco_sock_clear_timer(sk); 378 sk->sk_state = BT_CONNECTED; 379 } else { 380 sk->sk_state = BT_CONNECT; 381 sco_sock_set_timer(sk, READ_ONCE(sk->sk_sndtimeo)); 382 } 383 384 release_sock(sk); 385 386 unlock: 387 hci_dev_unlock(hdev); 388 hci_dev_put(hdev); 389 return err; 390 } 391 392 static int sco_send_frame(struct sock *sk, struct sk_buff *skb, 393 const struct sockcm_cookie *sockc) 394 { 395 struct sco_conn *conn = sco_pi(sk)->conn; 396 int len = skb->len; 397 398 /* Check outgoing MTU */ 399 if (len > conn->mtu) 400 return -EINVAL; 401 402 BT_DBG("sk %p len %d", sk, len); 403 404 hci_setup_tx_timestamp(skb, 1, sockc); 405 hci_send_sco(conn->hcon, skb); 406 407 return len; 408 } 409 410 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 411 { 412 struct sock *sk; 413 414 sco_conn_lock(conn); 415 sk = sco_sock_hold(conn); 416 sco_conn_unlock(conn); 417 418 if (!sk) 419 goto drop; 420 421 BT_DBG("sk %p len %u", sk, skb->len); 422 423 if (sk->sk_state != BT_CONNECTED) 424 goto drop_put; 425 426 if (!sock_queue_rcv_skb(sk, skb)) { 427 sock_put(sk); 428 return; 429 } 430 431 drop_put: 432 sock_put(sk); 433 drop: 434 kfree_skb(skb); 435 } 436 437 /* -------- Socket interface ---------- */ 438 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 439 { 440 struct sock *sk; 441 442 sk_for_each(sk, &sco_sk_list.head) { 443 if (sk->sk_state != BT_LISTEN) 444 continue; 445 446 if (!bacmp(&sco_pi(sk)->src, ba)) 447 return sk; 448 } 449 450 return NULL; 451 } 452 453 /* Find socket listening on source bdaddr. 454 * Returns closest match. 455 */ 456 static struct sock *sco_get_sock_listen(bdaddr_t *src) 457 { 458 struct sock *sk = NULL, *sk1 = NULL; 459 460 read_lock(&sco_sk_list.lock); 461 462 sk_for_each(sk, &sco_sk_list.head) { 463 if (sk->sk_state != BT_LISTEN) 464 continue; 465 466 /* Exact match. */ 467 if (!bacmp(&sco_pi(sk)->src, src)) 468 break; 469 470 /* Closest match */ 471 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 472 sk1 = sk; 473 } 474 475 sk = sk ? sk : sk1; 476 if (sk) 477 sock_hold(sk); 478 479 read_unlock(&sco_sk_list.lock); 480 481 return sk; 482 } 483 484 static void sco_sock_destruct(struct sock *sk) 485 { 486 BT_DBG("sk %p", sk); 487 488 sco_conn_put(sco_pi(sk)->conn); 489 490 skb_queue_purge(&sk->sk_receive_queue); 491 skb_queue_purge(&sk->sk_write_queue); 492 skb_queue_purge(&sk->sk_error_queue); 493 } 494 495 static void sco_sock_cleanup_listen(struct sock *parent) 496 { 497 struct sock *sk; 498 499 BT_DBG("parent %p", parent); 500 501 /* Close not yet accepted channels */ 502 while ((sk = bt_accept_dequeue(parent, NULL))) { 503 sco_sock_close(sk); 504 sco_sock_kill(sk); 505 /* Drop the reference handed back by bt_accept_dequeue(). */ 506 sock_put(sk); 507 } 508 509 parent->sk_state = BT_CLOSED; 510 sock_set_flag(parent, SOCK_ZAPPED); 511 } 512 513 /* Kill socket (only if zapped and orphan) 514 * Must be called on unlocked socket. 515 */ 516 static void sco_sock_kill(struct sock *sk) 517 { 518 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 519 return; 520 521 BT_DBG("sk %p state %d", sk, sk->sk_state); 522 523 /* Sock is dead, so set conn->sk to NULL to avoid possible UAF */ 524 lock_sock(sk); 525 if (sco_pi(sk)->conn) { 526 sco_conn_lock(sco_pi(sk)->conn); 527 sco_pi(sk)->conn->sk = NULL; 528 sco_conn_unlock(sco_pi(sk)->conn); 529 } 530 release_sock(sk); 531 532 /* Kill poor orphan */ 533 bt_sock_unlink(&sco_sk_list, sk); 534 sock_set_flag(sk, SOCK_DEAD); 535 sock_put(sk); 536 } 537 538 static void __sco_sock_close(struct sock *sk) 539 { 540 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 541 542 switch (sk->sk_state) { 543 case BT_LISTEN: 544 sco_sock_cleanup_listen(sk); 545 break; 546 547 case BT_CONNECTED: 548 case BT_CONFIG: 549 case BT_CONNECT2: 550 case BT_CONNECT: 551 case BT_DISCONN: 552 sco_chan_del(sk, ECONNRESET); 553 break; 554 555 default: 556 sock_set_flag(sk, SOCK_ZAPPED); 557 break; 558 } 559 560 } 561 562 /* Must be called on unlocked socket. */ 563 static void sco_sock_close(struct sock *sk) 564 { 565 lock_sock(sk); 566 sco_sock_clear_timer(sk); 567 __sco_sock_close(sk); 568 release_sock(sk); 569 } 570 571 static void sco_sock_init(struct sock *sk, struct sock *parent) 572 { 573 BT_DBG("sk %p", sk); 574 575 if (parent) { 576 sk->sk_type = parent->sk_type; 577 bt_sk(sk)->flags = bt_sk(parent)->flags; 578 security_sk_clone(parent, sk); 579 } 580 } 581 582 static struct proto sco_proto = { 583 .name = "SCO", 584 .owner = THIS_MODULE, 585 .obj_size = sizeof(struct sco_pinfo) 586 }; 587 588 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, 589 int proto, gfp_t prio, int kern) 590 { 591 struct sock *sk; 592 593 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern); 594 if (!sk) 595 return NULL; 596 597 sk->sk_destruct = sco_sock_destruct; 598 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 599 600 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 601 sco_pi(sk)->codec.id = BT_CODEC_CVSD; 602 sco_pi(sk)->codec.cid = 0xffff; 603 sco_pi(sk)->codec.vid = 0xffff; 604 sco_pi(sk)->codec.data_path = 0x00; 605 606 bt_sock_link(&sco_sk_list, sk); 607 return sk; 608 } 609 610 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 611 int kern) 612 { 613 struct sock *sk; 614 615 BT_DBG("sock %p", sock); 616 617 sock->state = SS_UNCONNECTED; 618 619 if (sock->type != SOCK_SEQPACKET) 620 return -ESOCKTNOSUPPORT; 621 622 sock->ops = &sco_sock_ops; 623 624 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 625 if (!sk) 626 return -ENOMEM; 627 628 sco_sock_init(sk, NULL); 629 return 0; 630 } 631 632 static int sco_sock_bind(struct socket *sock, struct sockaddr_unsized *addr, 633 int addr_len) 634 { 635 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 636 struct sock *sk = sock->sk; 637 int err = 0; 638 639 if (!addr || addr_len < sizeof(struct sockaddr_sco) || 640 addr->sa_family != AF_BLUETOOTH) 641 return -EINVAL; 642 643 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 644 645 lock_sock(sk); 646 647 if (sk->sk_state != BT_OPEN) { 648 err = -EBADFD; 649 goto done; 650 } 651 652 if (sk->sk_type != SOCK_SEQPACKET) { 653 err = -EINVAL; 654 goto done; 655 } 656 657 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 658 659 sk->sk_state = BT_BOUND; 660 661 done: 662 release_sock(sk); 663 return err; 664 } 665 666 static int sco_sock_connect(struct socket *sock, struct sockaddr_unsized *addr, int alen, int flags) 667 { 668 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 669 struct sock *sk = sock->sk; 670 int err; 671 672 BT_DBG("sk %p", sk); 673 674 if (alen < sizeof(struct sockaddr_sco) || 675 addr->sa_family != AF_BLUETOOTH) 676 return -EINVAL; 677 678 lock_sock(sk); 679 680 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 681 release_sock(sk); 682 return -EBADFD; 683 } 684 685 if (sk->sk_type != SOCK_SEQPACKET) { 686 release_sock(sk); 687 return -EINVAL; 688 } 689 690 /* Set destination address and psm */ 691 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 692 release_sock(sk); 693 694 err = sco_connect(sk); 695 if (err) 696 return err; 697 698 lock_sock(sk); 699 700 err = bt_sock_wait_state(sk, BT_CONNECTED, 701 sock_sndtimeo(sk, flags & O_NONBLOCK)); 702 703 release_sock(sk); 704 return err; 705 } 706 707 static int sco_sock_listen(struct socket *sock, int backlog) 708 { 709 struct sock *sk = sock->sk; 710 bdaddr_t *src = &sco_pi(sk)->src; 711 int err = 0; 712 713 BT_DBG("sk %p backlog %d", sk, backlog); 714 715 lock_sock(sk); 716 717 if (sk->sk_state != BT_BOUND) { 718 err = -EBADFD; 719 goto done; 720 } 721 722 if (sk->sk_type != SOCK_SEQPACKET) { 723 err = -EINVAL; 724 goto done; 725 } 726 727 write_lock(&sco_sk_list.lock); 728 729 if (__sco_get_sock_listen_by_addr(src)) { 730 err = -EADDRINUSE; 731 goto unlock; 732 } 733 734 sk->sk_max_ack_backlog = backlog; 735 sk->sk_ack_backlog = 0; 736 737 sk->sk_state = BT_LISTEN; 738 739 unlock: 740 write_unlock(&sco_sk_list.lock); 741 742 done: 743 release_sock(sk); 744 return err; 745 } 746 747 static int sco_sock_accept(struct socket *sock, struct socket *newsock, 748 struct proto_accept_arg *arg) 749 { 750 DEFINE_WAIT_FUNC(wait, woken_wake_function); 751 struct sock *sk = sock->sk, *ch; 752 long timeo; 753 int err = 0; 754 755 lock_sock(sk); 756 757 timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK); 758 759 BT_DBG("sk %p timeo %ld", sk, timeo); 760 761 /* Wait for an incoming connection. (wake-one). */ 762 add_wait_queue_exclusive(sk_sleep(sk), &wait); 763 while (1) { 764 if (sk->sk_state != BT_LISTEN) { 765 err = -EBADFD; 766 break; 767 } 768 769 ch = bt_accept_dequeue(sk, newsock); 770 if (ch) { 771 /* Drop the bridging ref from bt_accept_dequeue(); 772 * the grafted socket keeps ch alive from here. 773 */ 774 sock_put(ch); 775 break; 776 } 777 778 if (!timeo) { 779 err = -EAGAIN; 780 break; 781 } 782 783 if (signal_pending(current)) { 784 err = sock_intr_errno(timeo); 785 break; 786 } 787 788 release_sock(sk); 789 790 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 791 lock_sock(sk); 792 } 793 remove_wait_queue(sk_sleep(sk), &wait); 794 795 if (err) 796 goto done; 797 798 newsock->state = SS_CONNECTED; 799 800 BT_DBG("new socket %p", ch); 801 802 done: 803 release_sock(sk); 804 return err; 805 } 806 807 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, 808 int peer) 809 { 810 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 811 struct sock *sk = sock->sk; 812 813 BT_DBG("sock %p, sk %p", sock, sk); 814 815 addr->sa_family = AF_BLUETOOTH; 816 817 if (peer) 818 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 819 else 820 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 821 822 return sizeof(struct sockaddr_sco); 823 } 824 825 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, 826 size_t len) 827 { 828 struct sock *sk = sock->sk; 829 struct sk_buff *skb; 830 struct sockcm_cookie sockc; 831 int err; 832 833 BT_DBG("sock %p, sk %p", sock, sk); 834 835 err = sock_error(sk); 836 if (err) 837 return err; 838 839 if (msg->msg_flags & MSG_OOB) 840 return -EOPNOTSUPP; 841 842 hci_sockcm_init(&sockc, sk); 843 844 if (msg->msg_controllen) { 845 err = sock_cmsg_send(sk, msg, &sockc); 846 if (err) 847 return err; 848 } 849 850 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0); 851 if (IS_ERR(skb)) 852 return PTR_ERR(skb); 853 854 lock_sock(sk); 855 856 if (sk->sk_state == BT_CONNECTED) 857 err = sco_send_frame(sk, skb, &sockc); 858 else 859 err = -ENOTCONN; 860 861 release_sock(sk); 862 863 if (err < 0) 864 kfree_skb(skb); 865 return err; 866 } 867 868 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 869 { 870 struct hci_dev *hdev = conn->hdev; 871 872 BT_DBG("conn %p", conn); 873 874 conn->state = BT_CONFIG; 875 876 if (!lmp_esco_capable(hdev)) { 877 struct hci_cp_accept_conn_req cp; 878 879 bacpy(&cp.bdaddr, &conn->dst); 880 cp.role = 0x00; /* Ignored */ 881 882 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 883 } else { 884 struct hci_cp_accept_sync_conn_req cp; 885 886 bacpy(&cp.bdaddr, &conn->dst); 887 cp.pkt_type = cpu_to_le16(conn->pkt_type); 888 889 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 890 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 891 cp.content_format = cpu_to_le16(setting); 892 893 switch (setting & SCO_AIRMODE_MASK) { 894 case SCO_AIRMODE_TRANSP: 895 if (conn->pkt_type & ESCO_2EV3) 896 cp.max_latency = cpu_to_le16(0x0008); 897 else 898 cp.max_latency = cpu_to_le16(0x000D); 899 cp.retrans_effort = 0x02; 900 break; 901 case SCO_AIRMODE_CVSD: 902 cp.max_latency = cpu_to_le16(0xffff); 903 cp.retrans_effort = 0xff; 904 break; 905 default: 906 /* use CVSD settings as fallback */ 907 cp.max_latency = cpu_to_le16(0xffff); 908 cp.retrans_effort = 0xff; 909 break; 910 } 911 912 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 913 sizeof(cp), &cp); 914 } 915 } 916 917 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, 918 size_t len, int flags) 919 { 920 struct sock *sk = sock->sk; 921 struct sco_pinfo *pi = sco_pi(sk); 922 923 if (unlikely(flags & MSG_ERRQUEUE)) 924 return sock_recv_errqueue(sk, msg, len, SOL_BLUETOOTH, 925 BT_SCM_ERROR); 926 927 lock_sock(sk); 928 929 if (sk->sk_state == BT_CONNECT2 && 930 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 931 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 932 sk->sk_state = BT_CONFIG; 933 934 release_sock(sk); 935 return 0; 936 } 937 938 release_sock(sk); 939 940 return bt_sock_recvmsg(sock, msg, len, flags); 941 } 942 943 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, 944 sockptr_t optval, unsigned int optlen) 945 { 946 struct sock *sk = sock->sk; 947 int err = 0; 948 struct bt_voice voice; 949 u32 opt; 950 struct bt_codecs *codecs; 951 struct hci_dev *hdev; 952 __u8 buffer[255]; 953 954 BT_DBG("sk %p", sk); 955 956 lock_sock(sk); 957 958 switch (optname) { 959 960 case BT_DEFER_SETUP: 961 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 962 err = -EINVAL; 963 break; 964 } 965 966 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen); 967 if (err) 968 break; 969 970 if (opt) 971 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 972 else 973 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 974 break; 975 976 case BT_VOICE: 977 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 978 sk->sk_state != BT_CONNECT2) { 979 err = -EINVAL; 980 break; 981 } 982 983 voice.setting = sco_pi(sk)->setting; 984 985 err = copy_safe_from_sockptr(&voice, sizeof(voice), optval, 986 optlen); 987 if (err) 988 break; 989 990 sco_pi(sk)->setting = voice.setting; 991 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 992 BDADDR_BREDR); 993 if (!hdev) { 994 err = -EBADFD; 995 break; 996 } 997 998 switch (sco_pi(sk)->setting & SCO_AIRMODE_MASK) { 999 case SCO_AIRMODE_TRANSP: 1000 if (enhanced_sync_conn_capable(hdev)) 1001 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT; 1002 break; 1003 } 1004 1005 hci_dev_put(hdev); 1006 break; 1007 1008 case BT_PKT_STATUS: 1009 err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen); 1010 if (err) 1011 break; 1012 1013 if (opt) 1014 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 1015 else 1016 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 1017 break; 1018 1019 case BT_CODEC: 1020 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1021 sk->sk_state != BT_CONNECT2) { 1022 err = -EINVAL; 1023 break; 1024 } 1025 1026 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 1027 BDADDR_BREDR); 1028 if (!hdev) { 1029 err = -EBADFD; 1030 break; 1031 } 1032 1033 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 1034 hci_dev_put(hdev); 1035 err = -EOPNOTSUPP; 1036 break; 1037 } 1038 1039 if (!hdev->get_data_path_id) { 1040 hci_dev_put(hdev); 1041 err = -EOPNOTSUPP; 1042 break; 1043 } 1044 1045 if (optlen < sizeof(struct bt_codecs) || 1046 optlen > sizeof(buffer)) { 1047 hci_dev_put(hdev); 1048 err = -EINVAL; 1049 break; 1050 } 1051 1052 err = copy_struct_from_sockptr(buffer, sizeof(buffer), optval, 1053 optlen); 1054 if (err) { 1055 hci_dev_put(hdev); 1056 break; 1057 } 1058 1059 codecs = (void *)buffer; 1060 1061 if (codecs->num_codecs != 1 || 1062 optlen < struct_size(codecs, codecs, codecs->num_codecs)) { 1063 hci_dev_put(hdev); 1064 err = -EINVAL; 1065 break; 1066 } 1067 1068 sco_pi(sk)->codec = codecs->codecs[0]; 1069 hci_dev_put(hdev); 1070 break; 1071 1072 default: 1073 err = -ENOPROTOOPT; 1074 break; 1075 } 1076 1077 release_sock(sk); 1078 return err; 1079 } 1080 1081 static int sco_sock_getsockopt_old(struct socket *sock, int optname, 1082 char __user *optval, int __user *optlen) 1083 { 1084 struct sock *sk = sock->sk; 1085 struct sco_options opts; 1086 struct sco_conninfo cinfo; 1087 int err = 0; 1088 size_t len; 1089 1090 BT_DBG("sk %p", sk); 1091 1092 if (get_user(len, optlen)) 1093 return -EFAULT; 1094 1095 lock_sock(sk); 1096 1097 switch (optname) { 1098 case SCO_OPTIONS: 1099 if (sk->sk_state != BT_CONNECTED && 1100 !(sk->sk_state == BT_CONNECT2 && 1101 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1102 err = -ENOTCONN; 1103 break; 1104 } 1105 1106 opts.mtu = sco_pi(sk)->conn->mtu; 1107 1108 BT_DBG("mtu %u", opts.mtu); 1109 1110 len = min(len, sizeof(opts)); 1111 if (copy_to_user(optval, (char *)&opts, len)) 1112 err = -EFAULT; 1113 1114 break; 1115 1116 case SCO_CONNINFO: 1117 if (sk->sk_state != BT_CONNECTED && 1118 !(sk->sk_state == BT_CONNECT2 && 1119 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1120 err = -ENOTCONN; 1121 break; 1122 } 1123 1124 memset(&cinfo, 0, sizeof(cinfo)); 1125 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 1126 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 1127 1128 len = min(len, sizeof(cinfo)); 1129 if (copy_to_user(optval, (char *)&cinfo, len)) 1130 err = -EFAULT; 1131 1132 break; 1133 1134 default: 1135 err = -ENOPROTOOPT; 1136 break; 1137 } 1138 1139 release_sock(sk); 1140 return err; 1141 } 1142 1143 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, 1144 char __user *optval, int __user *optlen) 1145 { 1146 struct sock *sk = sock->sk; 1147 int len, err = 0; 1148 struct bt_voice voice; 1149 u32 phys; 1150 int buf_len; 1151 struct codec_list *c; 1152 u8 num_codecs, i, __user *ptr; 1153 struct hci_dev *hdev; 1154 struct hci_codec_caps *caps; 1155 struct bt_codec codec; 1156 1157 BT_DBG("sk %p", sk); 1158 1159 if (level == SOL_SCO) 1160 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 1161 1162 if (get_user(len, optlen)) 1163 return -EFAULT; 1164 1165 lock_sock(sk); 1166 1167 switch (optname) { 1168 1169 case BT_DEFER_SETUP: 1170 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1171 err = -EINVAL; 1172 break; 1173 } 1174 1175 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1176 (u32 __user *)optval)) 1177 err = -EFAULT; 1178 1179 break; 1180 1181 case BT_VOICE: 1182 voice.setting = sco_pi(sk)->setting; 1183 1184 len = min_t(unsigned int, len, sizeof(voice)); 1185 if (copy_to_user(optval, (char *)&voice, len)) 1186 err = -EFAULT; 1187 1188 break; 1189 1190 case BT_PHY: 1191 if (sk->sk_state != BT_CONNECTED) { 1192 err = -ENOTCONN; 1193 break; 1194 } 1195 1196 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon); 1197 1198 if (put_user(phys, (u32 __user *) optval)) 1199 err = -EFAULT; 1200 break; 1201 1202 case BT_PKT_STATUS: 1203 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags), 1204 (int __user *)optval)) 1205 err = -EFAULT; 1206 break; 1207 1208 case BT_SNDMTU: 1209 case BT_RCVMTU: 1210 if (sk->sk_state != BT_CONNECTED) { 1211 err = -ENOTCONN; 1212 break; 1213 } 1214 1215 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval)) 1216 err = -EFAULT; 1217 break; 1218 1219 case BT_CODEC: 1220 num_codecs = 0; 1221 buf_len = 0; 1222 1223 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 1224 if (!hdev) { 1225 err = -EBADFD; 1226 break; 1227 } 1228 1229 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 1230 hci_dev_put(hdev); 1231 err = -EOPNOTSUPP; 1232 break; 1233 } 1234 1235 if (!hdev->get_data_path_id) { 1236 hci_dev_put(hdev); 1237 err = -EOPNOTSUPP; 1238 break; 1239 } 1240 1241 release_sock(sk); 1242 1243 /* find total buffer size required to copy codec + caps */ 1244 hci_dev_lock(hdev); 1245 list_for_each_entry(c, &hdev->local_codecs, list) { 1246 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1247 continue; 1248 num_codecs++; 1249 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1250 buf_len += 1 + caps->len; 1251 caps = (void *)&caps->data[caps->len]; 1252 } 1253 buf_len += sizeof(struct bt_codec); 1254 } 1255 hci_dev_unlock(hdev); 1256 1257 buf_len += sizeof(struct bt_codecs); 1258 if (buf_len > len) { 1259 hci_dev_put(hdev); 1260 return -ENOBUFS; 1261 } 1262 ptr = optval; 1263 1264 if (put_user(num_codecs, ptr)) { 1265 hci_dev_put(hdev); 1266 return -EFAULT; 1267 } 1268 ptr += sizeof(num_codecs); 1269 1270 /* Iterate all the codecs supported over SCO and populate 1271 * codec data 1272 */ 1273 hci_dev_lock(hdev); 1274 list_for_each_entry(c, &hdev->local_codecs, list) { 1275 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1276 continue; 1277 1278 codec.id = c->id; 1279 codec.cid = c->cid; 1280 codec.vid = c->vid; 1281 err = hdev->get_data_path_id(hdev, &codec.data_path); 1282 if (err < 0) 1283 break; 1284 codec.num_caps = c->num_caps; 1285 if (copy_to_user(ptr, &codec, sizeof(codec))) { 1286 err = -EFAULT; 1287 break; 1288 } 1289 ptr += sizeof(codec); 1290 1291 /* find codec capabilities data length */ 1292 len = 0; 1293 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1294 len += 1 + caps->len; 1295 caps = (void *)&caps->data[caps->len]; 1296 } 1297 1298 /* copy codec capabilities data */ 1299 if (len && copy_to_user(ptr, c->caps, len)) { 1300 err = -EFAULT; 1301 break; 1302 } 1303 ptr += len; 1304 } 1305 1306 hci_dev_unlock(hdev); 1307 hci_dev_put(hdev); 1308 1309 lock_sock(sk); 1310 1311 if (!err && put_user(buf_len, optlen)) 1312 err = -EFAULT; 1313 1314 break; 1315 1316 default: 1317 err = -ENOPROTOOPT; 1318 break; 1319 } 1320 1321 release_sock(sk); 1322 return err; 1323 } 1324 1325 static int sco_sock_shutdown(struct socket *sock, int how) 1326 { 1327 struct sock *sk = sock->sk; 1328 int err = 0; 1329 1330 BT_DBG("sock %p, sk %p", sock, sk); 1331 1332 if (!sk) 1333 return 0; 1334 1335 sock_hold(sk); 1336 lock_sock(sk); 1337 1338 if (!sk->sk_shutdown) { 1339 sk->sk_shutdown = SHUTDOWN_MASK; 1340 sco_sock_clear_timer(sk); 1341 __sco_sock_close(sk); 1342 1343 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1344 !(current->flags & PF_EXITING)) 1345 err = bt_sock_wait_state(sk, BT_CLOSED, 1346 sk->sk_lingertime); 1347 } 1348 1349 release_sock(sk); 1350 sock_put(sk); 1351 1352 return err; 1353 } 1354 1355 static int sco_sock_release(struct socket *sock) 1356 { 1357 struct sock *sk = sock->sk; 1358 int err = 0; 1359 1360 BT_DBG("sock %p, sk %p", sock, sk); 1361 1362 if (!sk) 1363 return 0; 1364 1365 sco_sock_close(sk); 1366 1367 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) && 1368 !(current->flags & PF_EXITING)) { 1369 lock_sock(sk); 1370 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1371 release_sock(sk); 1372 } 1373 1374 sock_orphan(sk); 1375 sco_sock_kill(sk); 1376 return err; 1377 } 1378 1379 static void sco_conn_ready(struct sco_conn *conn) 1380 { 1381 struct sock *parent, *sk; 1382 1383 sco_conn_lock(conn); 1384 sk = sco_sock_hold(conn); 1385 sco_conn_unlock(conn); 1386 1387 BT_DBG("conn %p", conn); 1388 1389 if (sk) { 1390 lock_sock(sk); 1391 1392 /* conn->sk may have become NULL if racing with sk close, but 1393 * due to held hdev->lock, it can't become different sk. 1394 */ 1395 if (conn->sk) { 1396 sco_sock_clear_timer(sk); 1397 sk->sk_state = BT_CONNECTED; 1398 sk->sk_state_change(sk); 1399 } 1400 1401 release_sock(sk); 1402 sock_put(sk); 1403 } else { 1404 if (!conn->hcon) 1405 return; 1406 1407 lockdep_assert_held(&conn->hcon->hdev->lock); 1408 1409 parent = sco_get_sock_listen(&conn->hcon->src); 1410 if (!parent) 1411 return; 1412 1413 lock_sock(parent); 1414 1415 sco_conn_lock(conn); 1416 1417 /* hdev->lock guarantees conn->sk == NULL still here */ 1418 1419 if (parent->sk_state != BT_LISTEN) 1420 goto release; 1421 1422 sk = sco_sock_alloc(sock_net(parent), NULL, 1423 BTPROTO_SCO, GFP_ATOMIC, 0); 1424 if (!sk) 1425 goto release; 1426 1427 sco_sock_init(sk, parent); 1428 1429 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1430 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1431 1432 sco_conn_hold(conn); 1433 hci_conn_hold(conn->hcon); 1434 __sco_chan_add(conn, sk, parent); 1435 1436 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1437 sk->sk_state = BT_CONNECT2; 1438 else 1439 sk->sk_state = BT_CONNECTED; 1440 1441 /* Wake up parent */ 1442 parent->sk_data_ready(parent); 1443 1444 release: 1445 sco_conn_unlock(conn); 1446 release_sock(parent); 1447 sock_put(parent); 1448 } 1449 } 1450 1451 /* ----- SCO interface with lower layer (HCI) ----- */ 1452 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1453 { 1454 struct sock *sk; 1455 int lm = 0; 1456 1457 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1458 1459 /* Find listening sockets */ 1460 read_lock(&sco_sk_list.lock); 1461 sk_for_each(sk, &sco_sk_list.head) { 1462 if (sk->sk_state != BT_LISTEN) 1463 continue; 1464 1465 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1466 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1467 lm |= HCI_LM_ACCEPT; 1468 1469 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1470 *flags |= HCI_PROTO_DEFER; 1471 break; 1472 } 1473 } 1474 read_unlock(&sco_sk_list.lock); 1475 1476 return lm; 1477 } 1478 1479 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1480 { 1481 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1482 return; 1483 1484 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status); 1485 1486 if (!status) { 1487 struct sco_conn *conn; 1488 1489 conn = sco_conn_add(hcon); 1490 if (conn) { 1491 sco_conn_ready(conn); 1492 sco_conn_put(conn); 1493 } 1494 } else 1495 sco_conn_del(hcon, bt_to_errno(status)); 1496 } 1497 1498 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1499 { 1500 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1501 return; 1502 1503 BT_DBG("hcon %p reason %d", hcon, reason); 1504 1505 sco_conn_del(hcon, bt_to_errno(reason)); 1506 } 1507 1508 int sco_recv_scodata(struct hci_dev *hdev, u16 handle, struct sk_buff *skb) 1509 { 1510 struct hci_conn *hcon; 1511 struct sco_conn *conn; 1512 1513 hci_dev_lock(hdev); 1514 1515 hcon = hci_conn_hash_lookup_handle(hdev, handle); 1516 if (!hcon) { 1517 hci_dev_unlock(hdev); 1518 kfree_skb(skb); 1519 return -ENOENT; 1520 } 1521 1522 conn = sco_conn_hold_unless_zero(hcon->sco_data); 1523 hcon = NULL; 1524 1525 hci_dev_unlock(hdev); 1526 1527 if (!conn) { 1528 kfree_skb(skb); 1529 return -EINVAL; 1530 } 1531 1532 BT_DBG("conn %p len %u", conn, skb->len); 1533 1534 if (skb->len) 1535 sco_recv_frame(conn, skb); 1536 else 1537 kfree_skb(skb); 1538 1539 sco_conn_put(conn); 1540 return 0; 1541 } 1542 1543 static struct hci_cb sco_cb = { 1544 .name = "SCO", 1545 .connect_cfm = sco_connect_cfm, 1546 .disconn_cfm = sco_disconn_cfm, 1547 }; 1548 1549 static int sco_debugfs_show(struct seq_file *f, void *p) 1550 { 1551 struct sock *sk; 1552 1553 read_lock(&sco_sk_list.lock); 1554 1555 sk_for_each(sk, &sco_sk_list.head) { 1556 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1557 &sco_pi(sk)->dst, sk->sk_state); 1558 } 1559 1560 read_unlock(&sco_sk_list.lock); 1561 1562 return 0; 1563 } 1564 1565 DEFINE_SHOW_ATTRIBUTE(sco_debugfs); 1566 1567 static struct dentry *sco_debugfs; 1568 1569 static const struct proto_ops sco_sock_ops = { 1570 .family = PF_BLUETOOTH, 1571 .owner = THIS_MODULE, 1572 .release = sco_sock_release, 1573 .bind = sco_sock_bind, 1574 .connect = sco_sock_connect, 1575 .listen = sco_sock_listen, 1576 .accept = sco_sock_accept, 1577 .getname = sco_sock_getname, 1578 .sendmsg = sco_sock_sendmsg, 1579 .recvmsg = sco_sock_recvmsg, 1580 .poll = bt_sock_poll, 1581 .ioctl = bt_sock_ioctl, 1582 .gettstamp = sock_gettstamp, 1583 .mmap = sock_no_mmap, 1584 .socketpair = sock_no_socketpair, 1585 .shutdown = sco_sock_shutdown, 1586 .setsockopt = sco_sock_setsockopt, 1587 .getsockopt = sco_sock_getsockopt 1588 }; 1589 1590 static const struct net_proto_family sco_sock_family_ops = { 1591 .family = PF_BLUETOOTH, 1592 .owner = THIS_MODULE, 1593 .create = sco_sock_create, 1594 }; 1595 1596 int __init sco_init(void) 1597 { 1598 int err; 1599 1600 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1601 1602 err = proto_register(&sco_proto, 0); 1603 if (err < 0) 1604 return err; 1605 1606 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1607 if (err < 0) { 1608 BT_ERR("SCO socket registration failed"); 1609 goto error; 1610 } 1611 1612 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1613 if (err < 0) { 1614 BT_ERR("Failed to create SCO proc file"); 1615 bt_sock_unregister(BTPROTO_SCO); 1616 goto error; 1617 } 1618 1619 BT_INFO("SCO socket layer initialized"); 1620 1621 hci_register_cb(&sco_cb); 1622 1623 if (IS_ERR_OR_NULL(bt_debugfs)) 1624 return 0; 1625 1626 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1627 NULL, &sco_debugfs_fops); 1628 1629 return 0; 1630 1631 error: 1632 proto_unregister(&sco_proto); 1633 return err; 1634 } 1635 1636 void sco_exit(void) 1637 { 1638 bt_procfs_cleanup(&init_net, "sco"); 1639 1640 debugfs_remove(sco_debugfs); 1641 1642 hci_unregister_cb(&sco_cb); 1643 1644 bt_sock_unregister(BTPROTO_SCO); 1645 1646 proto_unregister(&sco_proto); 1647 } 1648 1649 module_param(disable_esco, bool, 0644); 1650 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1651