1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth SCO sockets. */ 26 27 #include <linux/module.h> 28 #include <linux/debugfs.h> 29 #include <linux/seq_file.h> 30 #include <linux/sched/signal.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/sco.h> 35 36 static bool disable_esco; 37 38 static const struct proto_ops sco_sock_ops; 39 40 static struct bt_sock_list sco_sk_list = { 41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 42 }; 43 44 /* ---- SCO connections ---- */ 45 struct sco_conn { 46 struct hci_conn *hcon; 47 48 spinlock_t lock; 49 struct sock *sk; 50 51 struct delayed_work timeout_work; 52 53 unsigned int mtu; 54 }; 55 56 #define sco_conn_lock(c) spin_lock(&c->lock) 57 #define sco_conn_unlock(c) spin_unlock(&c->lock) 58 59 static void sco_sock_close(struct sock *sk); 60 static void sco_sock_kill(struct sock *sk); 61 62 /* ----- SCO socket info ----- */ 63 #define sco_pi(sk) ((struct sco_pinfo *) sk) 64 65 struct sco_pinfo { 66 struct bt_sock bt; 67 bdaddr_t src; 68 bdaddr_t dst; 69 __u32 flags; 70 __u16 setting; 71 struct bt_codec codec; 72 struct sco_conn *conn; 73 }; 74 75 /* ---- SCO timers ---- */ 76 #define SCO_CONN_TIMEOUT (HZ * 40) 77 #define SCO_DISCONN_TIMEOUT (HZ * 2) 78 79 static void sco_sock_timeout(struct work_struct *work) 80 { 81 struct sco_conn *conn = container_of(work, struct sco_conn, 82 timeout_work.work); 83 struct sock *sk; 84 85 sco_conn_lock(conn); 86 sk = conn->sk; 87 if (sk) 88 sock_hold(sk); 89 sco_conn_unlock(conn); 90 91 if (!sk) 92 return; 93 94 BT_DBG("sock %p state %d", sk, sk->sk_state); 95 96 lock_sock(sk); 97 sk->sk_err = ETIMEDOUT; 98 sk->sk_state_change(sk); 99 release_sock(sk); 100 sock_put(sk); 101 } 102 103 static void sco_sock_set_timer(struct sock *sk, long timeout) 104 { 105 if (!sco_pi(sk)->conn) 106 return; 107 108 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 109 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 110 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout); 111 } 112 113 static void sco_sock_clear_timer(struct sock *sk) 114 { 115 if (!sco_pi(sk)->conn) 116 return; 117 118 BT_DBG("sock %p state %d", sk, sk->sk_state); 119 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 120 } 121 122 /* ---- SCO connections ---- */ 123 static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 124 { 125 struct hci_dev *hdev = hcon->hdev; 126 struct sco_conn *conn = hcon->sco_data; 127 128 if (conn) { 129 if (!conn->hcon) 130 conn->hcon = hcon; 131 return conn; 132 } 133 134 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); 135 if (!conn) 136 return NULL; 137 138 spin_lock_init(&conn->lock); 139 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout); 140 141 hcon->sco_data = conn; 142 conn->hcon = hcon; 143 144 if (hdev->sco_mtu > 0) 145 conn->mtu = hdev->sco_mtu; 146 else 147 conn->mtu = 60; 148 149 BT_DBG("hcon %p conn %p", hcon, conn); 150 151 return conn; 152 } 153 154 /* Delete channel. 155 * Must be called on the locked socket. */ 156 static void sco_chan_del(struct sock *sk, int err) 157 { 158 struct sco_conn *conn; 159 160 conn = sco_pi(sk)->conn; 161 162 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 163 164 if (conn) { 165 sco_conn_lock(conn); 166 conn->sk = NULL; 167 sco_pi(sk)->conn = NULL; 168 sco_conn_unlock(conn); 169 170 if (conn->hcon) 171 hci_conn_drop(conn->hcon); 172 } 173 174 sk->sk_state = BT_CLOSED; 175 sk->sk_err = err; 176 sk->sk_state_change(sk); 177 178 sock_set_flag(sk, SOCK_ZAPPED); 179 } 180 181 static void sco_conn_del(struct hci_conn *hcon, int err) 182 { 183 struct sco_conn *conn = hcon->sco_data; 184 struct sock *sk; 185 186 if (!conn) 187 return; 188 189 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 190 191 /* Kill socket */ 192 sco_conn_lock(conn); 193 sk = conn->sk; 194 if (sk) 195 sock_hold(sk); 196 sco_conn_unlock(conn); 197 198 if (sk) { 199 lock_sock(sk); 200 sco_sock_clear_timer(sk); 201 sco_chan_del(sk, err); 202 release_sock(sk); 203 sock_put(sk); 204 } 205 206 /* Ensure no more work items will run before freeing conn. */ 207 cancel_delayed_work_sync(&conn->timeout_work); 208 209 hcon->sco_data = NULL; 210 kfree(conn); 211 } 212 213 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, 214 struct sock *parent) 215 { 216 BT_DBG("conn %p", conn); 217 218 sco_pi(sk)->conn = conn; 219 conn->sk = sk; 220 221 if (parent) 222 bt_accept_enqueue(parent, sk, true); 223 } 224 225 static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 226 struct sock *parent) 227 { 228 int err = 0; 229 230 sco_conn_lock(conn); 231 if (conn->sk) 232 err = -EBUSY; 233 else 234 __sco_chan_add(conn, sk, parent); 235 236 sco_conn_unlock(conn); 237 return err; 238 } 239 240 static int sco_connect(struct sock *sk) 241 { 242 struct sco_conn *conn; 243 struct hci_conn *hcon; 244 struct hci_dev *hdev; 245 int err, type; 246 247 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 248 249 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 250 if (!hdev) 251 return -EHOSTUNREACH; 252 253 hci_dev_lock(hdev); 254 255 if (lmp_esco_capable(hdev) && !disable_esco) 256 type = ESCO_LINK; 257 else 258 type = SCO_LINK; 259 260 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT && 261 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) { 262 err = -EOPNOTSUPP; 263 goto unlock; 264 } 265 266 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, 267 sco_pi(sk)->setting, &sco_pi(sk)->codec, 268 sk->sk_sndtimeo); 269 if (IS_ERR(hcon)) { 270 err = PTR_ERR(hcon); 271 goto unlock; 272 } 273 274 conn = sco_conn_add(hcon); 275 if (!conn) { 276 hci_conn_drop(hcon); 277 err = -ENOMEM; 278 goto unlock; 279 } 280 281 lock_sock(sk); 282 283 err = sco_chan_add(conn, sk, NULL); 284 if (err) { 285 release_sock(sk); 286 goto unlock; 287 } 288 289 /* Update source addr of the socket */ 290 bacpy(&sco_pi(sk)->src, &hcon->src); 291 292 if (hcon->state == BT_CONNECTED) { 293 sco_sock_clear_timer(sk); 294 sk->sk_state = BT_CONNECTED; 295 } else { 296 sk->sk_state = BT_CONNECT; 297 sco_sock_set_timer(sk, sk->sk_sndtimeo); 298 } 299 300 release_sock(sk); 301 302 unlock: 303 hci_dev_unlock(hdev); 304 hci_dev_put(hdev); 305 return err; 306 } 307 308 static int sco_send_frame(struct sock *sk, struct sk_buff *skb) 309 { 310 struct sco_conn *conn = sco_pi(sk)->conn; 311 int len = skb->len; 312 313 /* Check outgoing MTU */ 314 if (len > conn->mtu) 315 return -EINVAL; 316 317 BT_DBG("sk %p len %d", sk, len); 318 319 hci_send_sco(conn->hcon, skb); 320 321 return len; 322 } 323 324 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 325 { 326 struct sock *sk; 327 328 sco_conn_lock(conn); 329 sk = conn->sk; 330 sco_conn_unlock(conn); 331 332 if (!sk) 333 goto drop; 334 335 BT_DBG("sk %p len %u", sk, skb->len); 336 337 if (sk->sk_state != BT_CONNECTED) 338 goto drop; 339 340 if (!sock_queue_rcv_skb(sk, skb)) 341 return; 342 343 drop: 344 kfree_skb(skb); 345 } 346 347 /* -------- Socket interface ---------- */ 348 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 349 { 350 struct sock *sk; 351 352 sk_for_each(sk, &sco_sk_list.head) { 353 if (sk->sk_state != BT_LISTEN) 354 continue; 355 356 if (!bacmp(&sco_pi(sk)->src, ba)) 357 return sk; 358 } 359 360 return NULL; 361 } 362 363 /* Find socket listening on source bdaddr. 364 * Returns closest match. 365 */ 366 static struct sock *sco_get_sock_listen(bdaddr_t *src) 367 { 368 struct sock *sk = NULL, *sk1 = NULL; 369 370 read_lock(&sco_sk_list.lock); 371 372 sk_for_each(sk, &sco_sk_list.head) { 373 if (sk->sk_state != BT_LISTEN) 374 continue; 375 376 /* Exact match. */ 377 if (!bacmp(&sco_pi(sk)->src, src)) 378 break; 379 380 /* Closest match */ 381 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 382 sk1 = sk; 383 } 384 385 read_unlock(&sco_sk_list.lock); 386 387 return sk ? sk : sk1; 388 } 389 390 static void sco_sock_destruct(struct sock *sk) 391 { 392 BT_DBG("sk %p", sk); 393 394 skb_queue_purge(&sk->sk_receive_queue); 395 skb_queue_purge(&sk->sk_write_queue); 396 } 397 398 static void sco_sock_cleanup_listen(struct sock *parent) 399 { 400 struct sock *sk; 401 402 BT_DBG("parent %p", parent); 403 404 /* Close not yet accepted channels */ 405 while ((sk = bt_accept_dequeue(parent, NULL))) { 406 sco_sock_close(sk); 407 sco_sock_kill(sk); 408 } 409 410 parent->sk_state = BT_CLOSED; 411 sock_set_flag(parent, SOCK_ZAPPED); 412 } 413 414 /* Kill socket (only if zapped and orphan) 415 * Must be called on unlocked socket. 416 */ 417 static void sco_sock_kill(struct sock *sk) 418 { 419 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 420 return; 421 422 BT_DBG("sk %p state %d", sk, sk->sk_state); 423 424 /* Kill poor orphan */ 425 bt_sock_unlink(&sco_sk_list, sk); 426 sock_set_flag(sk, SOCK_DEAD); 427 sock_put(sk); 428 } 429 430 static void __sco_sock_close(struct sock *sk) 431 { 432 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 433 434 switch (sk->sk_state) { 435 case BT_LISTEN: 436 sco_sock_cleanup_listen(sk); 437 break; 438 439 case BT_CONNECTED: 440 case BT_CONFIG: 441 if (sco_pi(sk)->conn->hcon) { 442 sk->sk_state = BT_DISCONN; 443 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 444 sco_conn_lock(sco_pi(sk)->conn); 445 hci_conn_drop(sco_pi(sk)->conn->hcon); 446 sco_pi(sk)->conn->hcon = NULL; 447 sco_conn_unlock(sco_pi(sk)->conn); 448 } else 449 sco_chan_del(sk, ECONNRESET); 450 break; 451 452 case BT_CONNECT2: 453 case BT_CONNECT: 454 case BT_DISCONN: 455 sco_chan_del(sk, ECONNRESET); 456 break; 457 458 default: 459 sock_set_flag(sk, SOCK_ZAPPED); 460 break; 461 } 462 463 } 464 465 /* Must be called on unlocked socket. */ 466 static void sco_sock_close(struct sock *sk) 467 { 468 lock_sock(sk); 469 sco_sock_clear_timer(sk); 470 __sco_sock_close(sk); 471 release_sock(sk); 472 } 473 474 static void sco_sock_init(struct sock *sk, struct sock *parent) 475 { 476 BT_DBG("sk %p", sk); 477 478 if (parent) { 479 sk->sk_type = parent->sk_type; 480 bt_sk(sk)->flags = bt_sk(parent)->flags; 481 security_sk_clone(parent, sk); 482 } 483 } 484 485 static struct proto sco_proto = { 486 .name = "SCO", 487 .owner = THIS_MODULE, 488 .obj_size = sizeof(struct sco_pinfo) 489 }; 490 491 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, 492 int proto, gfp_t prio, int kern) 493 { 494 struct sock *sk; 495 496 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern); 497 if (!sk) 498 return NULL; 499 500 sk->sk_destruct = sco_sock_destruct; 501 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 502 503 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 504 sco_pi(sk)->codec.id = BT_CODEC_CVSD; 505 sco_pi(sk)->codec.cid = 0xffff; 506 sco_pi(sk)->codec.vid = 0xffff; 507 sco_pi(sk)->codec.data_path = 0x00; 508 509 bt_sock_link(&sco_sk_list, sk); 510 return sk; 511 } 512 513 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 514 int kern) 515 { 516 struct sock *sk; 517 518 BT_DBG("sock %p", sock); 519 520 sock->state = SS_UNCONNECTED; 521 522 if (sock->type != SOCK_SEQPACKET) 523 return -ESOCKTNOSUPPORT; 524 525 sock->ops = &sco_sock_ops; 526 527 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 528 if (!sk) 529 return -ENOMEM; 530 531 sco_sock_init(sk, NULL); 532 return 0; 533 } 534 535 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, 536 int addr_len) 537 { 538 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 539 struct sock *sk = sock->sk; 540 int err = 0; 541 542 if (!addr || addr_len < sizeof(struct sockaddr_sco) || 543 addr->sa_family != AF_BLUETOOTH) 544 return -EINVAL; 545 546 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 547 548 lock_sock(sk); 549 550 if (sk->sk_state != BT_OPEN) { 551 err = -EBADFD; 552 goto done; 553 } 554 555 if (sk->sk_type != SOCK_SEQPACKET) { 556 err = -EINVAL; 557 goto done; 558 } 559 560 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 561 562 sk->sk_state = BT_BOUND; 563 564 done: 565 release_sock(sk); 566 return err; 567 } 568 569 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 570 { 571 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 572 struct sock *sk = sock->sk; 573 int err; 574 575 BT_DBG("sk %p", sk); 576 577 if (alen < sizeof(struct sockaddr_sco) || 578 addr->sa_family != AF_BLUETOOTH) 579 return -EINVAL; 580 581 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 582 return -EBADFD; 583 584 if (sk->sk_type != SOCK_SEQPACKET) 585 err = -EINVAL; 586 587 lock_sock(sk); 588 /* Set destination address and psm */ 589 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 590 release_sock(sk); 591 592 err = sco_connect(sk); 593 if (err) 594 return err; 595 596 lock_sock(sk); 597 598 err = bt_sock_wait_state(sk, BT_CONNECTED, 599 sock_sndtimeo(sk, flags & O_NONBLOCK)); 600 601 release_sock(sk); 602 return err; 603 } 604 605 static int sco_sock_listen(struct socket *sock, int backlog) 606 { 607 struct sock *sk = sock->sk; 608 bdaddr_t *src = &sco_pi(sk)->src; 609 int err = 0; 610 611 BT_DBG("sk %p backlog %d", sk, backlog); 612 613 lock_sock(sk); 614 615 if (sk->sk_state != BT_BOUND) { 616 err = -EBADFD; 617 goto done; 618 } 619 620 if (sk->sk_type != SOCK_SEQPACKET) { 621 err = -EINVAL; 622 goto done; 623 } 624 625 write_lock(&sco_sk_list.lock); 626 627 if (__sco_get_sock_listen_by_addr(src)) { 628 err = -EADDRINUSE; 629 goto unlock; 630 } 631 632 sk->sk_max_ack_backlog = backlog; 633 sk->sk_ack_backlog = 0; 634 635 sk->sk_state = BT_LISTEN; 636 637 unlock: 638 write_unlock(&sco_sk_list.lock); 639 640 done: 641 release_sock(sk); 642 return err; 643 } 644 645 static int sco_sock_accept(struct socket *sock, struct socket *newsock, 646 int flags, bool kern) 647 { 648 DEFINE_WAIT_FUNC(wait, woken_wake_function); 649 struct sock *sk = sock->sk, *ch; 650 long timeo; 651 int err = 0; 652 653 lock_sock(sk); 654 655 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 656 657 BT_DBG("sk %p timeo %ld", sk, timeo); 658 659 /* Wait for an incoming connection. (wake-one). */ 660 add_wait_queue_exclusive(sk_sleep(sk), &wait); 661 while (1) { 662 if (sk->sk_state != BT_LISTEN) { 663 err = -EBADFD; 664 break; 665 } 666 667 ch = bt_accept_dequeue(sk, newsock); 668 if (ch) 669 break; 670 671 if (!timeo) { 672 err = -EAGAIN; 673 break; 674 } 675 676 if (signal_pending(current)) { 677 err = sock_intr_errno(timeo); 678 break; 679 } 680 681 release_sock(sk); 682 683 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 684 lock_sock(sk); 685 } 686 remove_wait_queue(sk_sleep(sk), &wait); 687 688 if (err) 689 goto done; 690 691 newsock->state = SS_CONNECTED; 692 693 BT_DBG("new socket %p", ch); 694 695 done: 696 release_sock(sk); 697 return err; 698 } 699 700 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, 701 int peer) 702 { 703 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 704 struct sock *sk = sock->sk; 705 706 BT_DBG("sock %p, sk %p", sock, sk); 707 708 addr->sa_family = AF_BLUETOOTH; 709 710 if (peer) 711 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 712 else 713 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 714 715 return sizeof(struct sockaddr_sco); 716 } 717 718 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, 719 size_t len) 720 { 721 struct sock *sk = sock->sk; 722 struct sk_buff *skb; 723 int err; 724 725 BT_DBG("sock %p, sk %p", sock, sk); 726 727 err = sock_error(sk); 728 if (err) 729 return err; 730 731 if (msg->msg_flags & MSG_OOB) 732 return -EOPNOTSUPP; 733 734 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0); 735 if (IS_ERR(skb)) 736 return PTR_ERR(skb); 737 738 lock_sock(sk); 739 740 if (sk->sk_state == BT_CONNECTED) 741 err = sco_send_frame(sk, skb); 742 else 743 err = -ENOTCONN; 744 745 release_sock(sk); 746 747 if (err < 0) 748 kfree_skb(skb); 749 return err; 750 } 751 752 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 753 { 754 struct hci_dev *hdev = conn->hdev; 755 756 BT_DBG("conn %p", conn); 757 758 conn->state = BT_CONFIG; 759 760 if (!lmp_esco_capable(hdev)) { 761 struct hci_cp_accept_conn_req cp; 762 763 bacpy(&cp.bdaddr, &conn->dst); 764 cp.role = 0x00; /* Ignored */ 765 766 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 767 } else { 768 struct hci_cp_accept_sync_conn_req cp; 769 770 bacpy(&cp.bdaddr, &conn->dst); 771 cp.pkt_type = cpu_to_le16(conn->pkt_type); 772 773 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 774 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 775 cp.content_format = cpu_to_le16(setting); 776 777 switch (setting & SCO_AIRMODE_MASK) { 778 case SCO_AIRMODE_TRANSP: 779 if (conn->pkt_type & ESCO_2EV3) 780 cp.max_latency = cpu_to_le16(0x0008); 781 else 782 cp.max_latency = cpu_to_le16(0x000D); 783 cp.retrans_effort = 0x02; 784 break; 785 case SCO_AIRMODE_CVSD: 786 cp.max_latency = cpu_to_le16(0xffff); 787 cp.retrans_effort = 0xff; 788 break; 789 default: 790 /* use CVSD settings as fallback */ 791 cp.max_latency = cpu_to_le16(0xffff); 792 cp.retrans_effort = 0xff; 793 break; 794 } 795 796 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 797 sizeof(cp), &cp); 798 } 799 } 800 801 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, 802 size_t len, int flags) 803 { 804 struct sock *sk = sock->sk; 805 struct sco_pinfo *pi = sco_pi(sk); 806 807 lock_sock(sk); 808 809 if (sk->sk_state == BT_CONNECT2 && 810 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 811 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 812 sk->sk_state = BT_CONFIG; 813 814 release_sock(sk); 815 return 0; 816 } 817 818 release_sock(sk); 819 820 return bt_sock_recvmsg(sock, msg, len, flags); 821 } 822 823 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, 824 sockptr_t optval, unsigned int optlen) 825 { 826 struct sock *sk = sock->sk; 827 int len, err = 0; 828 struct bt_voice voice; 829 u32 opt; 830 struct bt_codecs *codecs; 831 struct hci_dev *hdev; 832 __u8 buffer[255]; 833 834 BT_DBG("sk %p", sk); 835 836 lock_sock(sk); 837 838 switch (optname) { 839 840 case BT_DEFER_SETUP: 841 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 842 err = -EINVAL; 843 break; 844 } 845 846 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 847 err = -EFAULT; 848 break; 849 } 850 851 if (opt) 852 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 853 else 854 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 855 break; 856 857 case BT_VOICE: 858 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 859 sk->sk_state != BT_CONNECT2) { 860 err = -EINVAL; 861 break; 862 } 863 864 voice.setting = sco_pi(sk)->setting; 865 866 len = min_t(unsigned int, sizeof(voice), optlen); 867 if (copy_from_sockptr(&voice, optval, len)) { 868 err = -EFAULT; 869 break; 870 } 871 872 /* Explicitly check for these values */ 873 if (voice.setting != BT_VOICE_TRANSPARENT && 874 voice.setting != BT_VOICE_CVSD_16BIT) { 875 err = -EINVAL; 876 break; 877 } 878 879 sco_pi(sk)->setting = voice.setting; 880 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 881 BDADDR_BREDR); 882 if (!hdev) { 883 err = -EBADFD; 884 break; 885 } 886 if (enhanced_sync_conn_capable(hdev) && 887 voice.setting == BT_VOICE_TRANSPARENT) 888 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT; 889 hci_dev_put(hdev); 890 break; 891 892 case BT_PKT_STATUS: 893 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 894 err = -EFAULT; 895 break; 896 } 897 898 if (opt) 899 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 900 else 901 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 902 break; 903 904 case BT_CODEC: 905 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 906 sk->sk_state != BT_CONNECT2) { 907 err = -EINVAL; 908 break; 909 } 910 911 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 912 BDADDR_BREDR); 913 if (!hdev) { 914 err = -EBADFD; 915 break; 916 } 917 918 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 919 hci_dev_put(hdev); 920 err = -EOPNOTSUPP; 921 break; 922 } 923 924 if (!hdev->get_data_path_id) { 925 hci_dev_put(hdev); 926 err = -EOPNOTSUPP; 927 break; 928 } 929 930 if (optlen < sizeof(struct bt_codecs) || 931 optlen > sizeof(buffer)) { 932 hci_dev_put(hdev); 933 err = -EINVAL; 934 break; 935 } 936 937 if (copy_from_sockptr(buffer, optval, optlen)) { 938 hci_dev_put(hdev); 939 err = -EFAULT; 940 break; 941 } 942 943 codecs = (void *)buffer; 944 945 if (codecs->num_codecs > 1) { 946 hci_dev_put(hdev); 947 err = -EINVAL; 948 break; 949 } 950 951 sco_pi(sk)->codec = codecs->codecs[0]; 952 hci_dev_put(hdev); 953 break; 954 955 default: 956 err = -ENOPROTOOPT; 957 break; 958 } 959 960 release_sock(sk); 961 return err; 962 } 963 964 static int sco_sock_getsockopt_old(struct socket *sock, int optname, 965 char __user *optval, int __user *optlen) 966 { 967 struct sock *sk = sock->sk; 968 struct sco_options opts; 969 struct sco_conninfo cinfo; 970 int len, err = 0; 971 972 BT_DBG("sk %p", sk); 973 974 if (get_user(len, optlen)) 975 return -EFAULT; 976 977 lock_sock(sk); 978 979 switch (optname) { 980 case SCO_OPTIONS: 981 if (sk->sk_state != BT_CONNECTED && 982 !(sk->sk_state == BT_CONNECT2 && 983 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 984 err = -ENOTCONN; 985 break; 986 } 987 988 opts.mtu = sco_pi(sk)->conn->mtu; 989 990 BT_DBG("mtu %u", opts.mtu); 991 992 len = min_t(unsigned int, len, sizeof(opts)); 993 if (copy_to_user(optval, (char *)&opts, len)) 994 err = -EFAULT; 995 996 break; 997 998 case SCO_CONNINFO: 999 if (sk->sk_state != BT_CONNECTED && 1000 !(sk->sk_state == BT_CONNECT2 && 1001 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1002 err = -ENOTCONN; 1003 break; 1004 } 1005 1006 memset(&cinfo, 0, sizeof(cinfo)); 1007 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 1008 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 1009 1010 len = min_t(unsigned int, len, sizeof(cinfo)); 1011 if (copy_to_user(optval, (char *)&cinfo, len)) 1012 err = -EFAULT; 1013 1014 break; 1015 1016 default: 1017 err = -ENOPROTOOPT; 1018 break; 1019 } 1020 1021 release_sock(sk); 1022 return err; 1023 } 1024 1025 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, 1026 char __user *optval, int __user *optlen) 1027 { 1028 struct sock *sk = sock->sk; 1029 int len, err = 0; 1030 struct bt_voice voice; 1031 u32 phys; 1032 int buf_len; 1033 struct codec_list *c; 1034 u8 num_codecs, i, __user *ptr; 1035 struct hci_dev *hdev; 1036 struct hci_codec_caps *caps; 1037 struct bt_codec codec; 1038 1039 BT_DBG("sk %p", sk); 1040 1041 if (level == SOL_SCO) 1042 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 1043 1044 if (get_user(len, optlen)) 1045 return -EFAULT; 1046 1047 lock_sock(sk); 1048 1049 switch (optname) { 1050 1051 case BT_DEFER_SETUP: 1052 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1053 err = -EINVAL; 1054 break; 1055 } 1056 1057 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1058 (u32 __user *)optval)) 1059 err = -EFAULT; 1060 1061 break; 1062 1063 case BT_VOICE: 1064 voice.setting = sco_pi(sk)->setting; 1065 1066 len = min_t(unsigned int, len, sizeof(voice)); 1067 if (copy_to_user(optval, (char *)&voice, len)) 1068 err = -EFAULT; 1069 1070 break; 1071 1072 case BT_PHY: 1073 if (sk->sk_state != BT_CONNECTED) { 1074 err = -ENOTCONN; 1075 break; 1076 } 1077 1078 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon); 1079 1080 if (put_user(phys, (u32 __user *) optval)) 1081 err = -EFAULT; 1082 break; 1083 1084 case BT_PKT_STATUS: 1085 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags), 1086 (int __user *)optval)) 1087 err = -EFAULT; 1088 break; 1089 1090 case BT_SNDMTU: 1091 case BT_RCVMTU: 1092 if (sk->sk_state != BT_CONNECTED) { 1093 err = -ENOTCONN; 1094 break; 1095 } 1096 1097 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval)) 1098 err = -EFAULT; 1099 break; 1100 1101 case BT_CODEC: 1102 num_codecs = 0; 1103 buf_len = 0; 1104 1105 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 1106 if (!hdev) { 1107 err = -EBADFD; 1108 break; 1109 } 1110 1111 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 1112 hci_dev_put(hdev); 1113 err = -EOPNOTSUPP; 1114 break; 1115 } 1116 1117 if (!hdev->get_data_path_id) { 1118 hci_dev_put(hdev); 1119 err = -EOPNOTSUPP; 1120 break; 1121 } 1122 1123 release_sock(sk); 1124 1125 /* find total buffer size required to copy codec + caps */ 1126 hci_dev_lock(hdev); 1127 list_for_each_entry(c, &hdev->local_codecs, list) { 1128 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1129 continue; 1130 num_codecs++; 1131 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1132 buf_len += 1 + caps->len; 1133 caps = (void *)&caps->data[caps->len]; 1134 } 1135 buf_len += sizeof(struct bt_codec); 1136 } 1137 hci_dev_unlock(hdev); 1138 1139 buf_len += sizeof(struct bt_codecs); 1140 if (buf_len > len) { 1141 hci_dev_put(hdev); 1142 return -ENOBUFS; 1143 } 1144 ptr = optval; 1145 1146 if (put_user(num_codecs, ptr)) { 1147 hci_dev_put(hdev); 1148 return -EFAULT; 1149 } 1150 ptr += sizeof(num_codecs); 1151 1152 /* Iterate all the codecs supported over SCO and populate 1153 * codec data 1154 */ 1155 hci_dev_lock(hdev); 1156 list_for_each_entry(c, &hdev->local_codecs, list) { 1157 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1158 continue; 1159 1160 codec.id = c->id; 1161 codec.cid = c->cid; 1162 codec.vid = c->vid; 1163 err = hdev->get_data_path_id(hdev, &codec.data_path); 1164 if (err < 0) 1165 break; 1166 codec.num_caps = c->num_caps; 1167 if (copy_to_user(ptr, &codec, sizeof(codec))) { 1168 err = -EFAULT; 1169 break; 1170 } 1171 ptr += sizeof(codec); 1172 1173 /* find codec capabilities data length */ 1174 len = 0; 1175 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1176 len += 1 + caps->len; 1177 caps = (void *)&caps->data[caps->len]; 1178 } 1179 1180 /* copy codec capabilities data */ 1181 if (len && copy_to_user(ptr, c->caps, len)) { 1182 err = -EFAULT; 1183 break; 1184 } 1185 ptr += len; 1186 } 1187 1188 hci_dev_unlock(hdev); 1189 hci_dev_put(hdev); 1190 1191 lock_sock(sk); 1192 1193 if (!err && put_user(buf_len, optlen)) 1194 err = -EFAULT; 1195 1196 break; 1197 1198 default: 1199 err = -ENOPROTOOPT; 1200 break; 1201 } 1202 1203 release_sock(sk); 1204 return err; 1205 } 1206 1207 static int sco_sock_shutdown(struct socket *sock, int how) 1208 { 1209 struct sock *sk = sock->sk; 1210 int err = 0; 1211 1212 BT_DBG("sock %p, sk %p", sock, sk); 1213 1214 if (!sk) 1215 return 0; 1216 1217 sock_hold(sk); 1218 lock_sock(sk); 1219 1220 if (!sk->sk_shutdown) { 1221 sk->sk_shutdown = SHUTDOWN_MASK; 1222 sco_sock_clear_timer(sk); 1223 __sco_sock_close(sk); 1224 1225 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1226 !(current->flags & PF_EXITING)) 1227 err = bt_sock_wait_state(sk, BT_CLOSED, 1228 sk->sk_lingertime); 1229 } 1230 1231 release_sock(sk); 1232 sock_put(sk); 1233 1234 return err; 1235 } 1236 1237 static int sco_sock_release(struct socket *sock) 1238 { 1239 struct sock *sk = sock->sk; 1240 int err = 0; 1241 1242 BT_DBG("sock %p, sk %p", sock, sk); 1243 1244 if (!sk) 1245 return 0; 1246 1247 sco_sock_close(sk); 1248 1249 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) && 1250 !(current->flags & PF_EXITING)) { 1251 lock_sock(sk); 1252 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1253 release_sock(sk); 1254 } 1255 1256 sock_orphan(sk); 1257 sco_sock_kill(sk); 1258 return err; 1259 } 1260 1261 static void sco_conn_ready(struct sco_conn *conn) 1262 { 1263 struct sock *parent; 1264 struct sock *sk = conn->sk; 1265 1266 BT_DBG("conn %p", conn); 1267 1268 if (sk) { 1269 lock_sock(sk); 1270 sco_sock_clear_timer(sk); 1271 sk->sk_state = BT_CONNECTED; 1272 sk->sk_state_change(sk); 1273 release_sock(sk); 1274 } else { 1275 sco_conn_lock(conn); 1276 1277 if (!conn->hcon) { 1278 sco_conn_unlock(conn); 1279 return; 1280 } 1281 1282 parent = sco_get_sock_listen(&conn->hcon->src); 1283 if (!parent) { 1284 sco_conn_unlock(conn); 1285 return; 1286 } 1287 1288 lock_sock(parent); 1289 1290 sk = sco_sock_alloc(sock_net(parent), NULL, 1291 BTPROTO_SCO, GFP_ATOMIC, 0); 1292 if (!sk) { 1293 release_sock(parent); 1294 sco_conn_unlock(conn); 1295 return; 1296 } 1297 1298 sco_sock_init(sk, parent); 1299 1300 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1301 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1302 1303 hci_conn_hold(conn->hcon); 1304 __sco_chan_add(conn, sk, parent); 1305 1306 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1307 sk->sk_state = BT_CONNECT2; 1308 else 1309 sk->sk_state = BT_CONNECTED; 1310 1311 /* Wake up parent */ 1312 parent->sk_data_ready(parent); 1313 1314 release_sock(parent); 1315 1316 sco_conn_unlock(conn); 1317 } 1318 } 1319 1320 /* ----- SCO interface with lower layer (HCI) ----- */ 1321 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1322 { 1323 struct sock *sk; 1324 int lm = 0; 1325 1326 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1327 1328 /* Find listening sockets */ 1329 read_lock(&sco_sk_list.lock); 1330 sk_for_each(sk, &sco_sk_list.head) { 1331 if (sk->sk_state != BT_LISTEN) 1332 continue; 1333 1334 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1335 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1336 lm |= HCI_LM_ACCEPT; 1337 1338 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1339 *flags |= HCI_PROTO_DEFER; 1340 break; 1341 } 1342 } 1343 read_unlock(&sco_sk_list.lock); 1344 1345 return lm; 1346 } 1347 1348 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1349 { 1350 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1351 return; 1352 1353 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status); 1354 1355 if (!status) { 1356 struct sco_conn *conn; 1357 1358 conn = sco_conn_add(hcon); 1359 if (conn) 1360 sco_conn_ready(conn); 1361 } else 1362 sco_conn_del(hcon, bt_to_errno(status)); 1363 } 1364 1365 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1366 { 1367 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1368 return; 1369 1370 BT_DBG("hcon %p reason %d", hcon, reason); 1371 1372 sco_conn_del(hcon, bt_to_errno(reason)); 1373 } 1374 1375 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 1376 { 1377 struct sco_conn *conn = hcon->sco_data; 1378 1379 if (!conn) 1380 goto drop; 1381 1382 BT_DBG("conn %p len %u", conn, skb->len); 1383 1384 if (skb->len) { 1385 sco_recv_frame(conn, skb); 1386 return; 1387 } 1388 1389 drop: 1390 kfree_skb(skb); 1391 } 1392 1393 static struct hci_cb sco_cb = { 1394 .name = "SCO", 1395 .connect_cfm = sco_connect_cfm, 1396 .disconn_cfm = sco_disconn_cfm, 1397 }; 1398 1399 static int sco_debugfs_show(struct seq_file *f, void *p) 1400 { 1401 struct sock *sk; 1402 1403 read_lock(&sco_sk_list.lock); 1404 1405 sk_for_each(sk, &sco_sk_list.head) { 1406 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1407 &sco_pi(sk)->dst, sk->sk_state); 1408 } 1409 1410 read_unlock(&sco_sk_list.lock); 1411 1412 return 0; 1413 } 1414 1415 DEFINE_SHOW_ATTRIBUTE(sco_debugfs); 1416 1417 static struct dentry *sco_debugfs; 1418 1419 static const struct proto_ops sco_sock_ops = { 1420 .family = PF_BLUETOOTH, 1421 .owner = THIS_MODULE, 1422 .release = sco_sock_release, 1423 .bind = sco_sock_bind, 1424 .connect = sco_sock_connect, 1425 .listen = sco_sock_listen, 1426 .accept = sco_sock_accept, 1427 .getname = sco_sock_getname, 1428 .sendmsg = sco_sock_sendmsg, 1429 .recvmsg = sco_sock_recvmsg, 1430 .poll = bt_sock_poll, 1431 .ioctl = bt_sock_ioctl, 1432 .gettstamp = sock_gettstamp, 1433 .mmap = sock_no_mmap, 1434 .socketpair = sock_no_socketpair, 1435 .shutdown = sco_sock_shutdown, 1436 .setsockopt = sco_sock_setsockopt, 1437 .getsockopt = sco_sock_getsockopt 1438 }; 1439 1440 static const struct net_proto_family sco_sock_family_ops = { 1441 .family = PF_BLUETOOTH, 1442 .owner = THIS_MODULE, 1443 .create = sco_sock_create, 1444 }; 1445 1446 int __init sco_init(void) 1447 { 1448 int err; 1449 1450 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1451 1452 err = proto_register(&sco_proto, 0); 1453 if (err < 0) 1454 return err; 1455 1456 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1457 if (err < 0) { 1458 BT_ERR("SCO socket registration failed"); 1459 goto error; 1460 } 1461 1462 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1463 if (err < 0) { 1464 BT_ERR("Failed to create SCO proc file"); 1465 bt_sock_unregister(BTPROTO_SCO); 1466 goto error; 1467 } 1468 1469 BT_INFO("SCO socket layer initialized"); 1470 1471 hci_register_cb(&sco_cb); 1472 1473 if (IS_ERR_OR_NULL(bt_debugfs)) 1474 return 0; 1475 1476 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1477 NULL, &sco_debugfs_fops); 1478 1479 return 0; 1480 1481 error: 1482 proto_unregister(&sco_proto); 1483 return err; 1484 } 1485 1486 void sco_exit(void) 1487 { 1488 bt_procfs_cleanup(&init_net, "sco"); 1489 1490 debugfs_remove(sco_debugfs); 1491 1492 hci_unregister_cb(&sco_cb); 1493 1494 bt_sock_unregister(BTPROTO_SCO); 1495 1496 proto_unregister(&sco_proto); 1497 } 1498 1499 module_param(disable_esco, bool, 0644); 1500 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1501