1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth SCO sockets. */ 26 27 #include <linux/module.h> 28 #include <linux/debugfs.h> 29 #include <linux/seq_file.h> 30 #include <linux/sched/signal.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/sco.h> 35 36 static bool disable_esco; 37 38 static const struct proto_ops sco_sock_ops; 39 40 static struct bt_sock_list sco_sk_list = { 41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 42 }; 43 44 /* ---- SCO connections ---- */ 45 struct sco_conn { 46 struct hci_conn *hcon; 47 48 spinlock_t lock; 49 struct sock *sk; 50 51 struct delayed_work timeout_work; 52 53 unsigned int mtu; 54 }; 55 56 #define sco_conn_lock(c) spin_lock(&c->lock) 57 #define sco_conn_unlock(c) spin_unlock(&c->lock) 58 59 static void sco_sock_close(struct sock *sk); 60 static void sco_sock_kill(struct sock *sk); 61 62 /* ----- SCO socket info ----- */ 63 #define sco_pi(sk) ((struct sco_pinfo *) sk) 64 65 struct sco_pinfo { 66 struct bt_sock bt; 67 bdaddr_t src; 68 bdaddr_t dst; 69 __u32 flags; 70 __u16 setting; 71 struct bt_codec codec; 72 struct sco_conn *conn; 73 }; 74 75 /* ---- SCO timers ---- */ 76 #define SCO_CONN_TIMEOUT (HZ * 40) 77 #define SCO_DISCONN_TIMEOUT (HZ * 2) 78 79 static struct sock *sco_sock_hold(struct sco_conn *conn) 80 { 81 if (!conn || !bt_sock_linked(&sco_sk_list, conn->sk)) 82 return NULL; 83 84 sock_hold(conn->sk); 85 86 return conn->sk; 87 } 88 89 static void sco_sock_timeout(struct work_struct *work) 90 { 91 struct sco_conn *conn = container_of(work, struct sco_conn, 92 timeout_work.work); 93 struct sock *sk; 94 95 sco_conn_lock(conn); 96 if (!conn->hcon) { 97 sco_conn_unlock(conn); 98 return; 99 } 100 sk = sco_sock_hold(conn); 101 sco_conn_unlock(conn); 102 103 if (!sk) 104 return; 105 106 BT_DBG("sock %p state %d", sk, sk->sk_state); 107 108 lock_sock(sk); 109 sk->sk_err = ETIMEDOUT; 110 sk->sk_state_change(sk); 111 release_sock(sk); 112 sock_put(sk); 113 } 114 115 static void sco_sock_set_timer(struct sock *sk, long timeout) 116 { 117 if (!sco_pi(sk)->conn) 118 return; 119 120 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 121 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 122 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout); 123 } 124 125 static void sco_sock_clear_timer(struct sock *sk) 126 { 127 if (!sco_pi(sk)->conn) 128 return; 129 130 BT_DBG("sock %p state %d", sk, sk->sk_state); 131 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 132 } 133 134 /* ---- SCO connections ---- */ 135 static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 136 { 137 struct sco_conn *conn = hcon->sco_data; 138 139 if (conn) { 140 if (!conn->hcon) 141 conn->hcon = hcon; 142 return conn; 143 } 144 145 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); 146 if (!conn) 147 return NULL; 148 149 spin_lock_init(&conn->lock); 150 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout); 151 152 hcon->sco_data = conn; 153 conn->hcon = hcon; 154 conn->mtu = hcon->mtu; 155 156 if (hcon->mtu > 0) 157 conn->mtu = hcon->mtu; 158 else 159 conn->mtu = 60; 160 161 BT_DBG("hcon %p conn %p", hcon, conn); 162 163 return conn; 164 } 165 166 /* Delete channel. 167 * Must be called on the locked socket. */ 168 static void sco_chan_del(struct sock *sk, int err) 169 { 170 struct sco_conn *conn; 171 172 conn = sco_pi(sk)->conn; 173 174 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 175 176 if (conn) { 177 sco_conn_lock(conn); 178 conn->sk = NULL; 179 sco_pi(sk)->conn = NULL; 180 sco_conn_unlock(conn); 181 182 if (conn->hcon) 183 hci_conn_drop(conn->hcon); 184 } 185 186 sk->sk_state = BT_CLOSED; 187 sk->sk_err = err; 188 sk->sk_state_change(sk); 189 190 sock_set_flag(sk, SOCK_ZAPPED); 191 } 192 193 static void sco_conn_del(struct hci_conn *hcon, int err) 194 { 195 struct sco_conn *conn = hcon->sco_data; 196 struct sock *sk; 197 198 if (!conn) 199 return; 200 201 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 202 203 /* Kill socket */ 204 sco_conn_lock(conn); 205 sk = sco_sock_hold(conn); 206 sco_conn_unlock(conn); 207 208 if (sk) { 209 lock_sock(sk); 210 sco_sock_clear_timer(sk); 211 sco_chan_del(sk, err); 212 release_sock(sk); 213 sock_put(sk); 214 } 215 216 /* Ensure no more work items will run before freeing conn. */ 217 cancel_delayed_work_sync(&conn->timeout_work); 218 219 hcon->sco_data = NULL; 220 kfree(conn); 221 } 222 223 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, 224 struct sock *parent) 225 { 226 BT_DBG("conn %p", conn); 227 228 sco_pi(sk)->conn = conn; 229 conn->sk = sk; 230 231 if (parent) 232 bt_accept_enqueue(parent, sk, true); 233 } 234 235 static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 236 struct sock *parent) 237 { 238 int err = 0; 239 240 sco_conn_lock(conn); 241 if (conn->sk) 242 err = -EBUSY; 243 else 244 __sco_chan_add(conn, sk, parent); 245 246 sco_conn_unlock(conn); 247 return err; 248 } 249 250 static int sco_connect(struct sock *sk) 251 { 252 struct sco_conn *conn; 253 struct hci_conn *hcon; 254 struct hci_dev *hdev; 255 int err, type; 256 257 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 258 259 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 260 if (!hdev) 261 return -EHOSTUNREACH; 262 263 hci_dev_lock(hdev); 264 265 if (lmp_esco_capable(hdev) && !disable_esco) 266 type = ESCO_LINK; 267 else 268 type = SCO_LINK; 269 270 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT && 271 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) { 272 err = -EOPNOTSUPP; 273 goto unlock; 274 } 275 276 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, 277 sco_pi(sk)->setting, &sco_pi(sk)->codec, 278 sk->sk_sndtimeo); 279 if (IS_ERR(hcon)) { 280 err = PTR_ERR(hcon); 281 goto unlock; 282 } 283 284 conn = sco_conn_add(hcon); 285 if (!conn) { 286 hci_conn_drop(hcon); 287 err = -ENOMEM; 288 goto unlock; 289 } 290 291 lock_sock(sk); 292 293 err = sco_chan_add(conn, sk, NULL); 294 if (err) { 295 release_sock(sk); 296 goto unlock; 297 } 298 299 /* Update source addr of the socket */ 300 bacpy(&sco_pi(sk)->src, &hcon->src); 301 302 if (hcon->state == BT_CONNECTED) { 303 sco_sock_clear_timer(sk); 304 sk->sk_state = BT_CONNECTED; 305 } else { 306 sk->sk_state = BT_CONNECT; 307 sco_sock_set_timer(sk, sk->sk_sndtimeo); 308 } 309 310 release_sock(sk); 311 312 unlock: 313 hci_dev_unlock(hdev); 314 hci_dev_put(hdev); 315 return err; 316 } 317 318 static int sco_send_frame(struct sock *sk, struct sk_buff *skb) 319 { 320 struct sco_conn *conn = sco_pi(sk)->conn; 321 int len = skb->len; 322 323 /* Check outgoing MTU */ 324 if (len > conn->mtu) 325 return -EINVAL; 326 327 BT_DBG("sk %p len %d", sk, len); 328 329 hci_send_sco(conn->hcon, skb); 330 331 return len; 332 } 333 334 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 335 { 336 struct sock *sk; 337 338 sco_conn_lock(conn); 339 sk = conn->sk; 340 sco_conn_unlock(conn); 341 342 if (!sk) 343 goto drop; 344 345 BT_DBG("sk %p len %u", sk, skb->len); 346 347 if (sk->sk_state != BT_CONNECTED) 348 goto drop; 349 350 if (!sock_queue_rcv_skb(sk, skb)) 351 return; 352 353 drop: 354 kfree_skb(skb); 355 } 356 357 /* -------- Socket interface ---------- */ 358 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 359 { 360 struct sock *sk; 361 362 sk_for_each(sk, &sco_sk_list.head) { 363 if (sk->sk_state != BT_LISTEN) 364 continue; 365 366 if (!bacmp(&sco_pi(sk)->src, ba)) 367 return sk; 368 } 369 370 return NULL; 371 } 372 373 /* Find socket listening on source bdaddr. 374 * Returns closest match. 375 */ 376 static struct sock *sco_get_sock_listen(bdaddr_t *src) 377 { 378 struct sock *sk = NULL, *sk1 = NULL; 379 380 read_lock(&sco_sk_list.lock); 381 382 sk_for_each(sk, &sco_sk_list.head) { 383 if (sk->sk_state != BT_LISTEN) 384 continue; 385 386 /* Exact match. */ 387 if (!bacmp(&sco_pi(sk)->src, src)) 388 break; 389 390 /* Closest match */ 391 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 392 sk1 = sk; 393 } 394 395 read_unlock(&sco_sk_list.lock); 396 397 return sk ? sk : sk1; 398 } 399 400 static void sco_sock_destruct(struct sock *sk) 401 { 402 BT_DBG("sk %p", sk); 403 404 skb_queue_purge(&sk->sk_receive_queue); 405 skb_queue_purge(&sk->sk_write_queue); 406 } 407 408 static void sco_sock_cleanup_listen(struct sock *parent) 409 { 410 struct sock *sk; 411 412 BT_DBG("parent %p", parent); 413 414 /* Close not yet accepted channels */ 415 while ((sk = bt_accept_dequeue(parent, NULL))) { 416 sco_sock_close(sk); 417 sco_sock_kill(sk); 418 } 419 420 parent->sk_state = BT_CLOSED; 421 sock_set_flag(parent, SOCK_ZAPPED); 422 } 423 424 /* Kill socket (only if zapped and orphan) 425 * Must be called on unlocked socket. 426 */ 427 static void sco_sock_kill(struct sock *sk) 428 { 429 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 430 return; 431 432 BT_DBG("sk %p state %d", sk, sk->sk_state); 433 434 /* Kill poor orphan */ 435 bt_sock_unlink(&sco_sk_list, sk); 436 sock_set_flag(sk, SOCK_DEAD); 437 sock_put(sk); 438 } 439 440 static void __sco_sock_close(struct sock *sk) 441 { 442 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 443 444 switch (sk->sk_state) { 445 case BT_LISTEN: 446 sco_sock_cleanup_listen(sk); 447 break; 448 449 case BT_CONNECTED: 450 case BT_CONFIG: 451 if (sco_pi(sk)->conn->hcon) { 452 sk->sk_state = BT_DISCONN; 453 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 454 sco_conn_lock(sco_pi(sk)->conn); 455 hci_conn_drop(sco_pi(sk)->conn->hcon); 456 sco_pi(sk)->conn->hcon = NULL; 457 sco_conn_unlock(sco_pi(sk)->conn); 458 } else 459 sco_chan_del(sk, ECONNRESET); 460 break; 461 462 case BT_CONNECT2: 463 case BT_CONNECT: 464 case BT_DISCONN: 465 sco_chan_del(sk, ECONNRESET); 466 break; 467 468 default: 469 sock_set_flag(sk, SOCK_ZAPPED); 470 break; 471 } 472 473 } 474 475 /* Must be called on unlocked socket. */ 476 static void sco_sock_close(struct sock *sk) 477 { 478 lock_sock(sk); 479 sco_sock_clear_timer(sk); 480 __sco_sock_close(sk); 481 release_sock(sk); 482 } 483 484 static void sco_sock_init(struct sock *sk, struct sock *parent) 485 { 486 BT_DBG("sk %p", sk); 487 488 if (parent) { 489 sk->sk_type = parent->sk_type; 490 bt_sk(sk)->flags = bt_sk(parent)->flags; 491 security_sk_clone(parent, sk); 492 } 493 } 494 495 static struct proto sco_proto = { 496 .name = "SCO", 497 .owner = THIS_MODULE, 498 .obj_size = sizeof(struct sco_pinfo) 499 }; 500 501 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, 502 int proto, gfp_t prio, int kern) 503 { 504 struct sock *sk; 505 506 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern); 507 if (!sk) 508 return NULL; 509 510 sk->sk_destruct = sco_sock_destruct; 511 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 512 513 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 514 sco_pi(sk)->codec.id = BT_CODEC_CVSD; 515 sco_pi(sk)->codec.cid = 0xffff; 516 sco_pi(sk)->codec.vid = 0xffff; 517 sco_pi(sk)->codec.data_path = 0x00; 518 519 bt_sock_link(&sco_sk_list, sk); 520 return sk; 521 } 522 523 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 524 int kern) 525 { 526 struct sock *sk; 527 528 BT_DBG("sock %p", sock); 529 530 sock->state = SS_UNCONNECTED; 531 532 if (sock->type != SOCK_SEQPACKET) 533 return -ESOCKTNOSUPPORT; 534 535 sock->ops = &sco_sock_ops; 536 537 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 538 if (!sk) 539 return -ENOMEM; 540 541 sco_sock_init(sk, NULL); 542 return 0; 543 } 544 545 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, 546 int addr_len) 547 { 548 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 549 struct sock *sk = sock->sk; 550 int err = 0; 551 552 if (!addr || addr_len < sizeof(struct sockaddr_sco) || 553 addr->sa_family != AF_BLUETOOTH) 554 return -EINVAL; 555 556 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 557 558 lock_sock(sk); 559 560 if (sk->sk_state != BT_OPEN) { 561 err = -EBADFD; 562 goto done; 563 } 564 565 if (sk->sk_type != SOCK_SEQPACKET) { 566 err = -EINVAL; 567 goto done; 568 } 569 570 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 571 572 sk->sk_state = BT_BOUND; 573 574 done: 575 release_sock(sk); 576 return err; 577 } 578 579 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 580 { 581 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 582 struct sock *sk = sock->sk; 583 int err; 584 585 BT_DBG("sk %p", sk); 586 587 if (alen < sizeof(struct sockaddr_sco) || 588 addr->sa_family != AF_BLUETOOTH) 589 return -EINVAL; 590 591 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 592 return -EBADFD; 593 594 if (sk->sk_type != SOCK_SEQPACKET) 595 err = -EINVAL; 596 597 lock_sock(sk); 598 /* Set destination address and psm */ 599 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 600 release_sock(sk); 601 602 err = sco_connect(sk); 603 if (err) 604 return err; 605 606 lock_sock(sk); 607 608 err = bt_sock_wait_state(sk, BT_CONNECTED, 609 sock_sndtimeo(sk, flags & O_NONBLOCK)); 610 611 release_sock(sk); 612 return err; 613 } 614 615 static int sco_sock_listen(struct socket *sock, int backlog) 616 { 617 struct sock *sk = sock->sk; 618 bdaddr_t *src = &sco_pi(sk)->src; 619 int err = 0; 620 621 BT_DBG("sk %p backlog %d", sk, backlog); 622 623 lock_sock(sk); 624 625 if (sk->sk_state != BT_BOUND) { 626 err = -EBADFD; 627 goto done; 628 } 629 630 if (sk->sk_type != SOCK_SEQPACKET) { 631 err = -EINVAL; 632 goto done; 633 } 634 635 write_lock(&sco_sk_list.lock); 636 637 if (__sco_get_sock_listen_by_addr(src)) { 638 err = -EADDRINUSE; 639 goto unlock; 640 } 641 642 sk->sk_max_ack_backlog = backlog; 643 sk->sk_ack_backlog = 0; 644 645 sk->sk_state = BT_LISTEN; 646 647 unlock: 648 write_unlock(&sco_sk_list.lock); 649 650 done: 651 release_sock(sk); 652 return err; 653 } 654 655 static int sco_sock_accept(struct socket *sock, struct socket *newsock, 656 struct proto_accept_arg *arg) 657 { 658 DEFINE_WAIT_FUNC(wait, woken_wake_function); 659 struct sock *sk = sock->sk, *ch; 660 long timeo; 661 int err = 0; 662 663 lock_sock(sk); 664 665 timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK); 666 667 BT_DBG("sk %p timeo %ld", sk, timeo); 668 669 /* Wait for an incoming connection. (wake-one). */ 670 add_wait_queue_exclusive(sk_sleep(sk), &wait); 671 while (1) { 672 if (sk->sk_state != BT_LISTEN) { 673 err = -EBADFD; 674 break; 675 } 676 677 ch = bt_accept_dequeue(sk, newsock); 678 if (ch) 679 break; 680 681 if (!timeo) { 682 err = -EAGAIN; 683 break; 684 } 685 686 if (signal_pending(current)) { 687 err = sock_intr_errno(timeo); 688 break; 689 } 690 691 release_sock(sk); 692 693 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 694 lock_sock(sk); 695 } 696 remove_wait_queue(sk_sleep(sk), &wait); 697 698 if (err) 699 goto done; 700 701 newsock->state = SS_CONNECTED; 702 703 BT_DBG("new socket %p", ch); 704 705 done: 706 release_sock(sk); 707 return err; 708 } 709 710 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, 711 int peer) 712 { 713 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 714 struct sock *sk = sock->sk; 715 716 BT_DBG("sock %p, sk %p", sock, sk); 717 718 addr->sa_family = AF_BLUETOOTH; 719 720 if (peer) 721 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 722 else 723 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 724 725 return sizeof(struct sockaddr_sco); 726 } 727 728 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, 729 size_t len) 730 { 731 struct sock *sk = sock->sk; 732 struct sk_buff *skb; 733 int err; 734 735 BT_DBG("sock %p, sk %p", sock, sk); 736 737 err = sock_error(sk); 738 if (err) 739 return err; 740 741 if (msg->msg_flags & MSG_OOB) 742 return -EOPNOTSUPP; 743 744 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0); 745 if (IS_ERR(skb)) 746 return PTR_ERR(skb); 747 748 lock_sock(sk); 749 750 if (sk->sk_state == BT_CONNECTED) 751 err = sco_send_frame(sk, skb); 752 else 753 err = -ENOTCONN; 754 755 release_sock(sk); 756 757 if (err < 0) 758 kfree_skb(skb); 759 return err; 760 } 761 762 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 763 { 764 struct hci_dev *hdev = conn->hdev; 765 766 BT_DBG("conn %p", conn); 767 768 conn->state = BT_CONFIG; 769 770 if (!lmp_esco_capable(hdev)) { 771 struct hci_cp_accept_conn_req cp; 772 773 bacpy(&cp.bdaddr, &conn->dst); 774 cp.role = 0x00; /* Ignored */ 775 776 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 777 } else { 778 struct hci_cp_accept_sync_conn_req cp; 779 780 bacpy(&cp.bdaddr, &conn->dst); 781 cp.pkt_type = cpu_to_le16(conn->pkt_type); 782 783 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 784 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 785 cp.content_format = cpu_to_le16(setting); 786 787 switch (setting & SCO_AIRMODE_MASK) { 788 case SCO_AIRMODE_TRANSP: 789 if (conn->pkt_type & ESCO_2EV3) 790 cp.max_latency = cpu_to_le16(0x0008); 791 else 792 cp.max_latency = cpu_to_le16(0x000D); 793 cp.retrans_effort = 0x02; 794 break; 795 case SCO_AIRMODE_CVSD: 796 cp.max_latency = cpu_to_le16(0xffff); 797 cp.retrans_effort = 0xff; 798 break; 799 default: 800 /* use CVSD settings as fallback */ 801 cp.max_latency = cpu_to_le16(0xffff); 802 cp.retrans_effort = 0xff; 803 break; 804 } 805 806 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 807 sizeof(cp), &cp); 808 } 809 } 810 811 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, 812 size_t len, int flags) 813 { 814 struct sock *sk = sock->sk; 815 struct sco_pinfo *pi = sco_pi(sk); 816 817 lock_sock(sk); 818 819 if (sk->sk_state == BT_CONNECT2 && 820 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 821 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 822 sk->sk_state = BT_CONFIG; 823 824 release_sock(sk); 825 return 0; 826 } 827 828 release_sock(sk); 829 830 return bt_sock_recvmsg(sock, msg, len, flags); 831 } 832 833 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, 834 sockptr_t optval, unsigned int optlen) 835 { 836 struct sock *sk = sock->sk; 837 int err = 0; 838 struct bt_voice voice; 839 u32 opt; 840 struct bt_codecs *codecs; 841 struct hci_dev *hdev; 842 __u8 buffer[255]; 843 844 BT_DBG("sk %p", sk); 845 846 lock_sock(sk); 847 848 switch (optname) { 849 850 case BT_DEFER_SETUP: 851 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 852 err = -EINVAL; 853 break; 854 } 855 856 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen); 857 if (err) 858 break; 859 860 if (opt) 861 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 862 else 863 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 864 break; 865 866 case BT_VOICE: 867 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 868 sk->sk_state != BT_CONNECT2) { 869 err = -EINVAL; 870 break; 871 } 872 873 voice.setting = sco_pi(sk)->setting; 874 875 err = bt_copy_from_sockptr(&voice, sizeof(voice), optval, 876 optlen); 877 if (err) 878 break; 879 880 /* Explicitly check for these values */ 881 if (voice.setting != BT_VOICE_TRANSPARENT && 882 voice.setting != BT_VOICE_CVSD_16BIT) { 883 err = -EINVAL; 884 break; 885 } 886 887 sco_pi(sk)->setting = voice.setting; 888 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 889 BDADDR_BREDR); 890 if (!hdev) { 891 err = -EBADFD; 892 break; 893 } 894 if (enhanced_sync_conn_capable(hdev) && 895 voice.setting == BT_VOICE_TRANSPARENT) 896 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT; 897 hci_dev_put(hdev); 898 break; 899 900 case BT_PKT_STATUS: 901 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen); 902 if (err) 903 break; 904 905 if (opt) 906 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 907 else 908 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 909 break; 910 911 case BT_CODEC: 912 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 913 sk->sk_state != BT_CONNECT2) { 914 err = -EINVAL; 915 break; 916 } 917 918 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 919 BDADDR_BREDR); 920 if (!hdev) { 921 err = -EBADFD; 922 break; 923 } 924 925 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 926 hci_dev_put(hdev); 927 err = -EOPNOTSUPP; 928 break; 929 } 930 931 if (!hdev->get_data_path_id) { 932 hci_dev_put(hdev); 933 err = -EOPNOTSUPP; 934 break; 935 } 936 937 if (optlen < sizeof(struct bt_codecs) || 938 optlen > sizeof(buffer)) { 939 hci_dev_put(hdev); 940 err = -EINVAL; 941 break; 942 } 943 944 err = bt_copy_from_sockptr(buffer, optlen, optval, optlen); 945 if (err) { 946 hci_dev_put(hdev); 947 break; 948 } 949 950 codecs = (void *)buffer; 951 952 if (codecs->num_codecs > 1) { 953 hci_dev_put(hdev); 954 err = -EINVAL; 955 break; 956 } 957 958 sco_pi(sk)->codec = codecs->codecs[0]; 959 hci_dev_put(hdev); 960 break; 961 962 default: 963 err = -ENOPROTOOPT; 964 break; 965 } 966 967 release_sock(sk); 968 return err; 969 } 970 971 static int sco_sock_getsockopt_old(struct socket *sock, int optname, 972 char __user *optval, int __user *optlen) 973 { 974 struct sock *sk = sock->sk; 975 struct sco_options opts; 976 struct sco_conninfo cinfo; 977 int err = 0; 978 size_t len; 979 980 BT_DBG("sk %p", sk); 981 982 if (get_user(len, optlen)) 983 return -EFAULT; 984 985 lock_sock(sk); 986 987 switch (optname) { 988 case SCO_OPTIONS: 989 if (sk->sk_state != BT_CONNECTED && 990 !(sk->sk_state == BT_CONNECT2 && 991 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 992 err = -ENOTCONN; 993 break; 994 } 995 996 opts.mtu = sco_pi(sk)->conn->mtu; 997 998 BT_DBG("mtu %u", opts.mtu); 999 1000 len = min(len, sizeof(opts)); 1001 if (copy_to_user(optval, (char *)&opts, len)) 1002 err = -EFAULT; 1003 1004 break; 1005 1006 case SCO_CONNINFO: 1007 if (sk->sk_state != BT_CONNECTED && 1008 !(sk->sk_state == BT_CONNECT2 && 1009 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1010 err = -ENOTCONN; 1011 break; 1012 } 1013 1014 memset(&cinfo, 0, sizeof(cinfo)); 1015 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 1016 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 1017 1018 len = min(len, sizeof(cinfo)); 1019 if (copy_to_user(optval, (char *)&cinfo, len)) 1020 err = -EFAULT; 1021 1022 break; 1023 1024 default: 1025 err = -ENOPROTOOPT; 1026 break; 1027 } 1028 1029 release_sock(sk); 1030 return err; 1031 } 1032 1033 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, 1034 char __user *optval, int __user *optlen) 1035 { 1036 struct sock *sk = sock->sk; 1037 int len, err = 0; 1038 struct bt_voice voice; 1039 u32 phys; 1040 int buf_len; 1041 struct codec_list *c; 1042 u8 num_codecs, i, __user *ptr; 1043 struct hci_dev *hdev; 1044 struct hci_codec_caps *caps; 1045 struct bt_codec codec; 1046 1047 BT_DBG("sk %p", sk); 1048 1049 if (level == SOL_SCO) 1050 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 1051 1052 if (get_user(len, optlen)) 1053 return -EFAULT; 1054 1055 lock_sock(sk); 1056 1057 switch (optname) { 1058 1059 case BT_DEFER_SETUP: 1060 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1061 err = -EINVAL; 1062 break; 1063 } 1064 1065 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1066 (u32 __user *)optval)) 1067 err = -EFAULT; 1068 1069 break; 1070 1071 case BT_VOICE: 1072 voice.setting = sco_pi(sk)->setting; 1073 1074 len = min_t(unsigned int, len, sizeof(voice)); 1075 if (copy_to_user(optval, (char *)&voice, len)) 1076 err = -EFAULT; 1077 1078 break; 1079 1080 case BT_PHY: 1081 if (sk->sk_state != BT_CONNECTED) { 1082 err = -ENOTCONN; 1083 break; 1084 } 1085 1086 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon); 1087 1088 if (put_user(phys, (u32 __user *) optval)) 1089 err = -EFAULT; 1090 break; 1091 1092 case BT_PKT_STATUS: 1093 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags), 1094 (int __user *)optval)) 1095 err = -EFAULT; 1096 break; 1097 1098 case BT_SNDMTU: 1099 case BT_RCVMTU: 1100 if (sk->sk_state != BT_CONNECTED) { 1101 err = -ENOTCONN; 1102 break; 1103 } 1104 1105 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval)) 1106 err = -EFAULT; 1107 break; 1108 1109 case BT_CODEC: 1110 num_codecs = 0; 1111 buf_len = 0; 1112 1113 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 1114 if (!hdev) { 1115 err = -EBADFD; 1116 break; 1117 } 1118 1119 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 1120 hci_dev_put(hdev); 1121 err = -EOPNOTSUPP; 1122 break; 1123 } 1124 1125 if (!hdev->get_data_path_id) { 1126 hci_dev_put(hdev); 1127 err = -EOPNOTSUPP; 1128 break; 1129 } 1130 1131 release_sock(sk); 1132 1133 /* find total buffer size required to copy codec + caps */ 1134 hci_dev_lock(hdev); 1135 list_for_each_entry(c, &hdev->local_codecs, list) { 1136 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1137 continue; 1138 num_codecs++; 1139 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1140 buf_len += 1 + caps->len; 1141 caps = (void *)&caps->data[caps->len]; 1142 } 1143 buf_len += sizeof(struct bt_codec); 1144 } 1145 hci_dev_unlock(hdev); 1146 1147 buf_len += sizeof(struct bt_codecs); 1148 if (buf_len > len) { 1149 hci_dev_put(hdev); 1150 return -ENOBUFS; 1151 } 1152 ptr = optval; 1153 1154 if (put_user(num_codecs, ptr)) { 1155 hci_dev_put(hdev); 1156 return -EFAULT; 1157 } 1158 ptr += sizeof(num_codecs); 1159 1160 /* Iterate all the codecs supported over SCO and populate 1161 * codec data 1162 */ 1163 hci_dev_lock(hdev); 1164 list_for_each_entry(c, &hdev->local_codecs, list) { 1165 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1166 continue; 1167 1168 codec.id = c->id; 1169 codec.cid = c->cid; 1170 codec.vid = c->vid; 1171 err = hdev->get_data_path_id(hdev, &codec.data_path); 1172 if (err < 0) 1173 break; 1174 codec.num_caps = c->num_caps; 1175 if (copy_to_user(ptr, &codec, sizeof(codec))) { 1176 err = -EFAULT; 1177 break; 1178 } 1179 ptr += sizeof(codec); 1180 1181 /* find codec capabilities data length */ 1182 len = 0; 1183 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1184 len += 1 + caps->len; 1185 caps = (void *)&caps->data[caps->len]; 1186 } 1187 1188 /* copy codec capabilities data */ 1189 if (len && copy_to_user(ptr, c->caps, len)) { 1190 err = -EFAULT; 1191 break; 1192 } 1193 ptr += len; 1194 } 1195 1196 hci_dev_unlock(hdev); 1197 hci_dev_put(hdev); 1198 1199 lock_sock(sk); 1200 1201 if (!err && put_user(buf_len, optlen)) 1202 err = -EFAULT; 1203 1204 break; 1205 1206 default: 1207 err = -ENOPROTOOPT; 1208 break; 1209 } 1210 1211 release_sock(sk); 1212 return err; 1213 } 1214 1215 static int sco_sock_shutdown(struct socket *sock, int how) 1216 { 1217 struct sock *sk = sock->sk; 1218 int err = 0; 1219 1220 BT_DBG("sock %p, sk %p", sock, sk); 1221 1222 if (!sk) 1223 return 0; 1224 1225 sock_hold(sk); 1226 lock_sock(sk); 1227 1228 if (!sk->sk_shutdown) { 1229 sk->sk_shutdown = SHUTDOWN_MASK; 1230 sco_sock_clear_timer(sk); 1231 __sco_sock_close(sk); 1232 1233 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1234 !(current->flags & PF_EXITING)) 1235 err = bt_sock_wait_state(sk, BT_CLOSED, 1236 sk->sk_lingertime); 1237 } 1238 1239 release_sock(sk); 1240 sock_put(sk); 1241 1242 return err; 1243 } 1244 1245 static int sco_sock_release(struct socket *sock) 1246 { 1247 struct sock *sk = sock->sk; 1248 int err = 0; 1249 1250 BT_DBG("sock %p, sk %p", sock, sk); 1251 1252 if (!sk) 1253 return 0; 1254 1255 sco_sock_close(sk); 1256 1257 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) && 1258 !(current->flags & PF_EXITING)) { 1259 lock_sock(sk); 1260 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1261 release_sock(sk); 1262 } 1263 1264 sock_orphan(sk); 1265 sco_sock_kill(sk); 1266 return err; 1267 } 1268 1269 static void sco_conn_ready(struct sco_conn *conn) 1270 { 1271 struct sock *parent; 1272 struct sock *sk = conn->sk; 1273 1274 BT_DBG("conn %p", conn); 1275 1276 if (sk) { 1277 lock_sock(sk); 1278 sco_sock_clear_timer(sk); 1279 sk->sk_state = BT_CONNECTED; 1280 sk->sk_state_change(sk); 1281 release_sock(sk); 1282 } else { 1283 sco_conn_lock(conn); 1284 1285 if (!conn->hcon) { 1286 sco_conn_unlock(conn); 1287 return; 1288 } 1289 1290 parent = sco_get_sock_listen(&conn->hcon->src); 1291 if (!parent) { 1292 sco_conn_unlock(conn); 1293 return; 1294 } 1295 1296 lock_sock(parent); 1297 1298 sk = sco_sock_alloc(sock_net(parent), NULL, 1299 BTPROTO_SCO, GFP_ATOMIC, 0); 1300 if (!sk) { 1301 release_sock(parent); 1302 sco_conn_unlock(conn); 1303 return; 1304 } 1305 1306 sco_sock_init(sk, parent); 1307 1308 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1309 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1310 1311 hci_conn_hold(conn->hcon); 1312 __sco_chan_add(conn, sk, parent); 1313 1314 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1315 sk->sk_state = BT_CONNECT2; 1316 else 1317 sk->sk_state = BT_CONNECTED; 1318 1319 /* Wake up parent */ 1320 parent->sk_data_ready(parent); 1321 1322 release_sock(parent); 1323 1324 sco_conn_unlock(conn); 1325 } 1326 } 1327 1328 /* ----- SCO interface with lower layer (HCI) ----- */ 1329 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1330 { 1331 struct sock *sk; 1332 int lm = 0; 1333 1334 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1335 1336 /* Find listening sockets */ 1337 read_lock(&sco_sk_list.lock); 1338 sk_for_each(sk, &sco_sk_list.head) { 1339 if (sk->sk_state != BT_LISTEN) 1340 continue; 1341 1342 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1343 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1344 lm |= HCI_LM_ACCEPT; 1345 1346 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1347 *flags |= HCI_PROTO_DEFER; 1348 break; 1349 } 1350 } 1351 read_unlock(&sco_sk_list.lock); 1352 1353 return lm; 1354 } 1355 1356 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1357 { 1358 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1359 return; 1360 1361 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status); 1362 1363 if (!status) { 1364 struct sco_conn *conn; 1365 1366 conn = sco_conn_add(hcon); 1367 if (conn) 1368 sco_conn_ready(conn); 1369 } else 1370 sco_conn_del(hcon, bt_to_errno(status)); 1371 } 1372 1373 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1374 { 1375 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1376 return; 1377 1378 BT_DBG("hcon %p reason %d", hcon, reason); 1379 1380 sco_conn_del(hcon, bt_to_errno(reason)); 1381 } 1382 1383 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 1384 { 1385 struct sco_conn *conn = hcon->sco_data; 1386 1387 if (!conn) 1388 goto drop; 1389 1390 BT_DBG("conn %p len %u", conn, skb->len); 1391 1392 if (skb->len) { 1393 sco_recv_frame(conn, skb); 1394 return; 1395 } 1396 1397 drop: 1398 kfree_skb(skb); 1399 } 1400 1401 static struct hci_cb sco_cb = { 1402 .name = "SCO", 1403 .connect_cfm = sco_connect_cfm, 1404 .disconn_cfm = sco_disconn_cfm, 1405 }; 1406 1407 static int sco_debugfs_show(struct seq_file *f, void *p) 1408 { 1409 struct sock *sk; 1410 1411 read_lock(&sco_sk_list.lock); 1412 1413 sk_for_each(sk, &sco_sk_list.head) { 1414 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1415 &sco_pi(sk)->dst, sk->sk_state); 1416 } 1417 1418 read_unlock(&sco_sk_list.lock); 1419 1420 return 0; 1421 } 1422 1423 DEFINE_SHOW_ATTRIBUTE(sco_debugfs); 1424 1425 static struct dentry *sco_debugfs; 1426 1427 static const struct proto_ops sco_sock_ops = { 1428 .family = PF_BLUETOOTH, 1429 .owner = THIS_MODULE, 1430 .release = sco_sock_release, 1431 .bind = sco_sock_bind, 1432 .connect = sco_sock_connect, 1433 .listen = sco_sock_listen, 1434 .accept = sco_sock_accept, 1435 .getname = sco_sock_getname, 1436 .sendmsg = sco_sock_sendmsg, 1437 .recvmsg = sco_sock_recvmsg, 1438 .poll = bt_sock_poll, 1439 .ioctl = bt_sock_ioctl, 1440 .gettstamp = sock_gettstamp, 1441 .mmap = sock_no_mmap, 1442 .socketpair = sock_no_socketpair, 1443 .shutdown = sco_sock_shutdown, 1444 .setsockopt = sco_sock_setsockopt, 1445 .getsockopt = sco_sock_getsockopt 1446 }; 1447 1448 static const struct net_proto_family sco_sock_family_ops = { 1449 .family = PF_BLUETOOTH, 1450 .owner = THIS_MODULE, 1451 .create = sco_sock_create, 1452 }; 1453 1454 int __init sco_init(void) 1455 { 1456 int err; 1457 1458 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1459 1460 err = proto_register(&sco_proto, 0); 1461 if (err < 0) 1462 return err; 1463 1464 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1465 if (err < 0) { 1466 BT_ERR("SCO socket registration failed"); 1467 goto error; 1468 } 1469 1470 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1471 if (err < 0) { 1472 BT_ERR("Failed to create SCO proc file"); 1473 bt_sock_unregister(BTPROTO_SCO); 1474 goto error; 1475 } 1476 1477 BT_INFO("SCO socket layer initialized"); 1478 1479 hci_register_cb(&sco_cb); 1480 1481 if (IS_ERR_OR_NULL(bt_debugfs)) 1482 return 0; 1483 1484 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1485 NULL, &sco_debugfs_fops); 1486 1487 return 0; 1488 1489 error: 1490 proto_unregister(&sco_proto); 1491 return err; 1492 } 1493 1494 void sco_exit(void) 1495 { 1496 bt_procfs_cleanup(&init_net, "sco"); 1497 1498 debugfs_remove(sco_debugfs); 1499 1500 hci_unregister_cb(&sco_cb); 1501 1502 bt_sock_unregister(BTPROTO_SCO); 1503 1504 proto_unregister(&sco_proto); 1505 } 1506 1507 module_param(disable_esco, bool, 0644); 1508 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1509