1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth SCO sockets. */ 26 27 #include <linux/module.h> 28 #include <linux/debugfs.h> 29 #include <linux/seq_file.h> 30 #include <linux/sched/signal.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/sco.h> 35 36 static bool disable_esco; 37 38 static const struct proto_ops sco_sock_ops; 39 40 static struct bt_sock_list sco_sk_list = { 41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 42 }; 43 44 /* ---- SCO connections ---- */ 45 struct sco_conn { 46 struct hci_conn *hcon; 47 48 spinlock_t lock; 49 struct sock *sk; 50 51 struct delayed_work timeout_work; 52 53 unsigned int mtu; 54 }; 55 56 #define sco_conn_lock(c) spin_lock(&c->lock) 57 #define sco_conn_unlock(c) spin_unlock(&c->lock) 58 59 static void sco_sock_close(struct sock *sk); 60 static void sco_sock_kill(struct sock *sk); 61 62 /* ----- SCO socket info ----- */ 63 #define sco_pi(sk) ((struct sco_pinfo *) sk) 64 65 struct sco_pinfo { 66 struct bt_sock bt; 67 bdaddr_t src; 68 bdaddr_t dst; 69 __u32 flags; 70 __u16 setting; 71 struct bt_codec codec; 72 struct sco_conn *conn; 73 }; 74 75 /* ---- SCO timers ---- */ 76 #define SCO_CONN_TIMEOUT (HZ * 40) 77 #define SCO_DISCONN_TIMEOUT (HZ * 2) 78 79 static void sco_sock_timeout(struct work_struct *work) 80 { 81 struct sco_conn *conn = container_of(work, struct sco_conn, 82 timeout_work.work); 83 struct sock *sk; 84 85 sco_conn_lock(conn); 86 sk = conn->sk; 87 if (sk) 88 sock_hold(sk); 89 sco_conn_unlock(conn); 90 91 if (!sk) 92 return; 93 94 BT_DBG("sock %p state %d", sk, sk->sk_state); 95 96 lock_sock(sk); 97 sk->sk_err = ETIMEDOUT; 98 sk->sk_state_change(sk); 99 release_sock(sk); 100 sock_put(sk); 101 } 102 103 static void sco_sock_set_timer(struct sock *sk, long timeout) 104 { 105 if (!sco_pi(sk)->conn) 106 return; 107 108 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 109 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 110 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout); 111 } 112 113 static void sco_sock_clear_timer(struct sock *sk) 114 { 115 if (!sco_pi(sk)->conn) 116 return; 117 118 BT_DBG("sock %p state %d", sk, sk->sk_state); 119 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 120 } 121 122 /* ---- SCO connections ---- */ 123 static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 124 { 125 struct hci_dev *hdev = hcon->hdev; 126 struct sco_conn *conn = hcon->sco_data; 127 128 if (conn) { 129 if (!conn->hcon) 130 conn->hcon = hcon; 131 return conn; 132 } 133 134 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); 135 if (!conn) 136 return NULL; 137 138 spin_lock_init(&conn->lock); 139 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout); 140 141 hcon->sco_data = conn; 142 conn->hcon = hcon; 143 144 if (hdev->sco_mtu > 0) 145 conn->mtu = hdev->sco_mtu; 146 else 147 conn->mtu = 60; 148 149 BT_DBG("hcon %p conn %p", hcon, conn); 150 151 return conn; 152 } 153 154 /* Delete channel. 155 * Must be called on the locked socket. */ 156 static void sco_chan_del(struct sock *sk, int err) 157 { 158 struct sco_conn *conn; 159 160 conn = sco_pi(sk)->conn; 161 162 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 163 164 if (conn) { 165 sco_conn_lock(conn); 166 conn->sk = NULL; 167 sco_pi(sk)->conn = NULL; 168 sco_conn_unlock(conn); 169 170 if (conn->hcon) 171 hci_conn_drop(conn->hcon); 172 } 173 174 sk->sk_state = BT_CLOSED; 175 sk->sk_err = err; 176 sk->sk_state_change(sk); 177 178 sock_set_flag(sk, SOCK_ZAPPED); 179 } 180 181 static void sco_conn_del(struct hci_conn *hcon, int err) 182 { 183 struct sco_conn *conn = hcon->sco_data; 184 struct sock *sk; 185 186 if (!conn) 187 return; 188 189 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 190 191 /* Kill socket */ 192 sco_conn_lock(conn); 193 sk = conn->sk; 194 if (sk) 195 sock_hold(sk); 196 sco_conn_unlock(conn); 197 198 if (sk) { 199 lock_sock(sk); 200 sco_sock_clear_timer(sk); 201 sco_chan_del(sk, err); 202 release_sock(sk); 203 sock_put(sk); 204 } 205 206 /* Ensure no more work items will run before freeing conn. */ 207 cancel_delayed_work_sync(&conn->timeout_work); 208 209 hcon->sco_data = NULL; 210 kfree(conn); 211 } 212 213 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, 214 struct sock *parent) 215 { 216 BT_DBG("conn %p", conn); 217 218 sco_pi(sk)->conn = conn; 219 conn->sk = sk; 220 221 if (parent) 222 bt_accept_enqueue(parent, sk, true); 223 } 224 225 static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 226 struct sock *parent) 227 { 228 int err = 0; 229 230 sco_conn_lock(conn); 231 if (conn->sk) 232 err = -EBUSY; 233 else 234 __sco_chan_add(conn, sk, parent); 235 236 sco_conn_unlock(conn); 237 return err; 238 } 239 240 static int sco_connect(struct sock *sk) 241 { 242 struct sco_conn *conn; 243 struct hci_conn *hcon; 244 struct hci_dev *hdev; 245 int err, type; 246 247 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 248 249 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 250 if (!hdev) 251 return -EHOSTUNREACH; 252 253 hci_dev_lock(hdev); 254 255 if (lmp_esco_capable(hdev) && !disable_esco) 256 type = ESCO_LINK; 257 else 258 type = SCO_LINK; 259 260 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT && 261 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) { 262 err = -EOPNOTSUPP; 263 goto unlock; 264 } 265 266 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, 267 sco_pi(sk)->setting, &sco_pi(sk)->codec, 268 sk->sk_sndtimeo); 269 if (IS_ERR(hcon)) { 270 err = PTR_ERR(hcon); 271 goto unlock; 272 } 273 274 conn = sco_conn_add(hcon); 275 if (!conn) { 276 hci_conn_drop(hcon); 277 err = -ENOMEM; 278 goto unlock; 279 } 280 281 lock_sock(sk); 282 283 err = sco_chan_add(conn, sk, NULL); 284 if (err) { 285 release_sock(sk); 286 goto unlock; 287 } 288 289 /* Update source addr of the socket */ 290 bacpy(&sco_pi(sk)->src, &hcon->src); 291 292 if (hcon->state == BT_CONNECTED) { 293 sco_sock_clear_timer(sk); 294 sk->sk_state = BT_CONNECTED; 295 } else { 296 sk->sk_state = BT_CONNECT; 297 sco_sock_set_timer(sk, sk->sk_sndtimeo); 298 } 299 300 release_sock(sk); 301 302 unlock: 303 hci_dev_unlock(hdev); 304 hci_dev_put(hdev); 305 return err; 306 } 307 308 static int sco_send_frame(struct sock *sk, struct sk_buff *skb) 309 { 310 struct sco_conn *conn = sco_pi(sk)->conn; 311 int len = skb->len; 312 313 /* Check outgoing MTU */ 314 if (len > conn->mtu) 315 return -EINVAL; 316 317 BT_DBG("sk %p len %d", sk, len); 318 319 hci_send_sco(conn->hcon, skb); 320 321 return len; 322 } 323 324 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 325 { 326 struct sock *sk; 327 328 sco_conn_lock(conn); 329 sk = conn->sk; 330 sco_conn_unlock(conn); 331 332 if (!sk) 333 goto drop; 334 335 BT_DBG("sk %p len %u", sk, skb->len); 336 337 if (sk->sk_state != BT_CONNECTED) 338 goto drop; 339 340 if (!sock_queue_rcv_skb(sk, skb)) 341 return; 342 343 drop: 344 kfree_skb(skb); 345 } 346 347 /* -------- Socket interface ---------- */ 348 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 349 { 350 struct sock *sk; 351 352 sk_for_each(sk, &sco_sk_list.head) { 353 if (sk->sk_state != BT_LISTEN) 354 continue; 355 356 if (!bacmp(&sco_pi(sk)->src, ba)) 357 return sk; 358 } 359 360 return NULL; 361 } 362 363 /* Find socket listening on source bdaddr. 364 * Returns closest match. 365 */ 366 static struct sock *sco_get_sock_listen(bdaddr_t *src) 367 { 368 struct sock *sk = NULL, *sk1 = NULL; 369 370 read_lock(&sco_sk_list.lock); 371 372 sk_for_each(sk, &sco_sk_list.head) { 373 if (sk->sk_state != BT_LISTEN) 374 continue; 375 376 /* Exact match. */ 377 if (!bacmp(&sco_pi(sk)->src, src)) 378 break; 379 380 /* Closest match */ 381 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 382 sk1 = sk; 383 } 384 385 read_unlock(&sco_sk_list.lock); 386 387 return sk ? sk : sk1; 388 } 389 390 static void sco_sock_destruct(struct sock *sk) 391 { 392 BT_DBG("sk %p", sk); 393 394 skb_queue_purge(&sk->sk_receive_queue); 395 skb_queue_purge(&sk->sk_write_queue); 396 } 397 398 static void sco_sock_cleanup_listen(struct sock *parent) 399 { 400 struct sock *sk; 401 402 BT_DBG("parent %p", parent); 403 404 /* Close not yet accepted channels */ 405 while ((sk = bt_accept_dequeue(parent, NULL))) { 406 sco_sock_close(sk); 407 sco_sock_kill(sk); 408 } 409 410 parent->sk_state = BT_CLOSED; 411 sock_set_flag(parent, SOCK_ZAPPED); 412 } 413 414 /* Kill socket (only if zapped and orphan) 415 * Must be called on unlocked socket. 416 */ 417 static void sco_sock_kill(struct sock *sk) 418 { 419 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 420 return; 421 422 BT_DBG("sk %p state %d", sk, sk->sk_state); 423 424 /* Kill poor orphan */ 425 bt_sock_unlink(&sco_sk_list, sk); 426 sock_set_flag(sk, SOCK_DEAD); 427 sock_put(sk); 428 } 429 430 static void __sco_sock_close(struct sock *sk) 431 { 432 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 433 434 switch (sk->sk_state) { 435 case BT_LISTEN: 436 sco_sock_cleanup_listen(sk); 437 break; 438 439 case BT_CONNECTED: 440 case BT_CONFIG: 441 if (sco_pi(sk)->conn->hcon) { 442 sk->sk_state = BT_DISCONN; 443 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 444 sco_conn_lock(sco_pi(sk)->conn); 445 hci_conn_drop(sco_pi(sk)->conn->hcon); 446 sco_pi(sk)->conn->hcon = NULL; 447 sco_conn_unlock(sco_pi(sk)->conn); 448 } else 449 sco_chan_del(sk, ECONNRESET); 450 break; 451 452 case BT_CONNECT2: 453 case BT_CONNECT: 454 case BT_DISCONN: 455 sco_chan_del(sk, ECONNRESET); 456 break; 457 458 default: 459 sock_set_flag(sk, SOCK_ZAPPED); 460 break; 461 } 462 463 } 464 465 /* Must be called on unlocked socket. */ 466 static void sco_sock_close(struct sock *sk) 467 { 468 lock_sock(sk); 469 sco_sock_clear_timer(sk); 470 __sco_sock_close(sk); 471 release_sock(sk); 472 } 473 474 static void sco_sock_init(struct sock *sk, struct sock *parent) 475 { 476 BT_DBG("sk %p", sk); 477 478 if (parent) { 479 sk->sk_type = parent->sk_type; 480 bt_sk(sk)->flags = bt_sk(parent)->flags; 481 security_sk_clone(parent, sk); 482 } 483 } 484 485 static struct proto sco_proto = { 486 .name = "SCO", 487 .owner = THIS_MODULE, 488 .obj_size = sizeof(struct sco_pinfo) 489 }; 490 491 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, 492 int proto, gfp_t prio, int kern) 493 { 494 struct sock *sk; 495 496 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern); 497 if (!sk) 498 return NULL; 499 500 sk->sk_destruct = sco_sock_destruct; 501 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 502 503 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 504 sco_pi(sk)->codec.id = BT_CODEC_CVSD; 505 sco_pi(sk)->codec.cid = 0xffff; 506 sco_pi(sk)->codec.vid = 0xffff; 507 sco_pi(sk)->codec.data_path = 0x00; 508 509 bt_sock_link(&sco_sk_list, sk); 510 return sk; 511 } 512 513 static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 514 int kern) 515 { 516 struct sock *sk; 517 518 BT_DBG("sock %p", sock); 519 520 sock->state = SS_UNCONNECTED; 521 522 if (sock->type != SOCK_SEQPACKET) 523 return -ESOCKTNOSUPPORT; 524 525 sock->ops = &sco_sock_ops; 526 527 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 528 if (!sk) 529 return -ENOMEM; 530 531 sco_sock_init(sk, NULL); 532 return 0; 533 } 534 535 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, 536 int addr_len) 537 { 538 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 539 struct sock *sk = sock->sk; 540 int err = 0; 541 542 if (!addr || addr_len < sizeof(struct sockaddr_sco) || 543 addr->sa_family != AF_BLUETOOTH) 544 return -EINVAL; 545 546 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 547 548 lock_sock(sk); 549 550 if (sk->sk_state != BT_OPEN) { 551 err = -EBADFD; 552 goto done; 553 } 554 555 if (sk->sk_type != SOCK_SEQPACKET) { 556 err = -EINVAL; 557 goto done; 558 } 559 560 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 561 562 sk->sk_state = BT_BOUND; 563 564 done: 565 release_sock(sk); 566 return err; 567 } 568 569 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 570 { 571 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 572 struct sock *sk = sock->sk; 573 int err; 574 575 BT_DBG("sk %p", sk); 576 577 if (alen < sizeof(struct sockaddr_sco) || 578 addr->sa_family != AF_BLUETOOTH) 579 return -EINVAL; 580 581 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 582 return -EBADFD; 583 584 if (sk->sk_type != SOCK_SEQPACKET) 585 err = -EINVAL; 586 587 lock_sock(sk); 588 /* Set destination address and psm */ 589 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 590 release_sock(sk); 591 592 err = sco_connect(sk); 593 if (err) 594 return err; 595 596 lock_sock(sk); 597 598 err = bt_sock_wait_state(sk, BT_CONNECTED, 599 sock_sndtimeo(sk, flags & O_NONBLOCK)); 600 601 release_sock(sk); 602 return err; 603 } 604 605 static int sco_sock_listen(struct socket *sock, int backlog) 606 { 607 struct sock *sk = sock->sk; 608 bdaddr_t *src = &sco_pi(sk)->src; 609 int err = 0; 610 611 BT_DBG("sk %p backlog %d", sk, backlog); 612 613 lock_sock(sk); 614 615 if (sk->sk_state != BT_BOUND) { 616 err = -EBADFD; 617 goto done; 618 } 619 620 if (sk->sk_type != SOCK_SEQPACKET) { 621 err = -EINVAL; 622 goto done; 623 } 624 625 write_lock(&sco_sk_list.lock); 626 627 if (__sco_get_sock_listen_by_addr(src)) { 628 err = -EADDRINUSE; 629 goto unlock; 630 } 631 632 sk->sk_max_ack_backlog = backlog; 633 sk->sk_ack_backlog = 0; 634 635 sk->sk_state = BT_LISTEN; 636 637 unlock: 638 write_unlock(&sco_sk_list.lock); 639 640 done: 641 release_sock(sk); 642 return err; 643 } 644 645 static int sco_sock_accept(struct socket *sock, struct socket *newsock, 646 int flags, bool kern) 647 { 648 DEFINE_WAIT_FUNC(wait, woken_wake_function); 649 struct sock *sk = sock->sk, *ch; 650 long timeo; 651 int err = 0; 652 653 lock_sock(sk); 654 655 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 656 657 BT_DBG("sk %p timeo %ld", sk, timeo); 658 659 /* Wait for an incoming connection. (wake-one). */ 660 add_wait_queue_exclusive(sk_sleep(sk), &wait); 661 while (1) { 662 if (sk->sk_state != BT_LISTEN) { 663 err = -EBADFD; 664 break; 665 } 666 667 ch = bt_accept_dequeue(sk, newsock); 668 if (ch) 669 break; 670 671 if (!timeo) { 672 err = -EAGAIN; 673 break; 674 } 675 676 if (signal_pending(current)) { 677 err = sock_intr_errno(timeo); 678 break; 679 } 680 681 release_sock(sk); 682 683 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 684 lock_sock(sk); 685 } 686 remove_wait_queue(sk_sleep(sk), &wait); 687 688 if (err) 689 goto done; 690 691 newsock->state = SS_CONNECTED; 692 693 BT_DBG("new socket %p", ch); 694 695 done: 696 release_sock(sk); 697 return err; 698 } 699 700 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, 701 int peer) 702 { 703 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 704 struct sock *sk = sock->sk; 705 706 BT_DBG("sock %p, sk %p", sock, sk); 707 708 addr->sa_family = AF_BLUETOOTH; 709 710 if (peer) 711 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 712 else 713 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 714 715 return sizeof(struct sockaddr_sco); 716 } 717 718 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, 719 size_t len) 720 { 721 struct sock *sk = sock->sk; 722 struct sk_buff *skb; 723 int err; 724 725 BT_DBG("sock %p, sk %p", sock, sk); 726 727 err = sock_error(sk); 728 if (err) 729 return err; 730 731 if (msg->msg_flags & MSG_OOB) 732 return -EOPNOTSUPP; 733 734 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0); 735 if (IS_ERR(skb)) 736 return PTR_ERR(skb); 737 738 lock_sock(sk); 739 740 if (sk->sk_state == BT_CONNECTED) 741 err = sco_send_frame(sk, skb); 742 else 743 err = -ENOTCONN; 744 745 release_sock(sk); 746 747 if (err < 0) 748 kfree_skb(skb); 749 return err; 750 } 751 752 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 753 { 754 struct hci_dev *hdev = conn->hdev; 755 756 BT_DBG("conn %p", conn); 757 758 conn->state = BT_CONFIG; 759 760 if (!lmp_esco_capable(hdev)) { 761 struct hci_cp_accept_conn_req cp; 762 763 bacpy(&cp.bdaddr, &conn->dst); 764 cp.role = 0x00; /* Ignored */ 765 766 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 767 } else { 768 struct hci_cp_accept_sync_conn_req cp; 769 770 bacpy(&cp.bdaddr, &conn->dst); 771 cp.pkt_type = cpu_to_le16(conn->pkt_type); 772 773 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 774 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 775 cp.content_format = cpu_to_le16(setting); 776 777 switch (setting & SCO_AIRMODE_MASK) { 778 case SCO_AIRMODE_TRANSP: 779 if (conn->pkt_type & ESCO_2EV3) 780 cp.max_latency = cpu_to_le16(0x0008); 781 else 782 cp.max_latency = cpu_to_le16(0x000D); 783 cp.retrans_effort = 0x02; 784 break; 785 case SCO_AIRMODE_CVSD: 786 cp.max_latency = cpu_to_le16(0xffff); 787 cp.retrans_effort = 0xff; 788 break; 789 default: 790 /* use CVSD settings as fallback */ 791 cp.max_latency = cpu_to_le16(0xffff); 792 cp.retrans_effort = 0xff; 793 break; 794 } 795 796 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 797 sizeof(cp), &cp); 798 } 799 } 800 801 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, 802 size_t len, int flags) 803 { 804 struct sock *sk = sock->sk; 805 struct sco_pinfo *pi = sco_pi(sk); 806 807 lock_sock(sk); 808 809 if (sk->sk_state == BT_CONNECT2 && 810 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 811 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 812 sk->sk_state = BT_CONFIG; 813 814 release_sock(sk); 815 return 0; 816 } 817 818 release_sock(sk); 819 820 return bt_sock_recvmsg(sock, msg, len, flags); 821 } 822 823 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, 824 sockptr_t optval, unsigned int optlen) 825 { 826 struct sock *sk = sock->sk; 827 int err = 0; 828 struct bt_voice voice; 829 u32 opt; 830 struct bt_codecs *codecs; 831 struct hci_dev *hdev; 832 __u8 buffer[255]; 833 834 BT_DBG("sk %p", sk); 835 836 lock_sock(sk); 837 838 switch (optname) { 839 840 case BT_DEFER_SETUP: 841 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 842 err = -EINVAL; 843 break; 844 } 845 846 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen); 847 if (err) 848 break; 849 850 if (opt) 851 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 852 else 853 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 854 break; 855 856 case BT_VOICE: 857 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 858 sk->sk_state != BT_CONNECT2) { 859 err = -EINVAL; 860 break; 861 } 862 863 voice.setting = sco_pi(sk)->setting; 864 865 err = bt_copy_from_sockptr(&voice, sizeof(voice), optval, 866 optlen); 867 if (err) 868 break; 869 870 /* Explicitly check for these values */ 871 if (voice.setting != BT_VOICE_TRANSPARENT && 872 voice.setting != BT_VOICE_CVSD_16BIT) { 873 err = -EINVAL; 874 break; 875 } 876 877 sco_pi(sk)->setting = voice.setting; 878 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 879 BDADDR_BREDR); 880 if (!hdev) { 881 err = -EBADFD; 882 break; 883 } 884 if (enhanced_sync_conn_capable(hdev) && 885 voice.setting == BT_VOICE_TRANSPARENT) 886 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT; 887 hci_dev_put(hdev); 888 break; 889 890 case BT_PKT_STATUS: 891 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen); 892 if (err) 893 break; 894 895 if (opt) 896 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 897 else 898 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 899 break; 900 901 case BT_CODEC: 902 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 903 sk->sk_state != BT_CONNECT2) { 904 err = -EINVAL; 905 break; 906 } 907 908 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 909 BDADDR_BREDR); 910 if (!hdev) { 911 err = -EBADFD; 912 break; 913 } 914 915 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 916 hci_dev_put(hdev); 917 err = -EOPNOTSUPP; 918 break; 919 } 920 921 if (!hdev->get_data_path_id) { 922 hci_dev_put(hdev); 923 err = -EOPNOTSUPP; 924 break; 925 } 926 927 if (optlen < sizeof(struct bt_codecs) || 928 optlen > sizeof(buffer)) { 929 hci_dev_put(hdev); 930 err = -EINVAL; 931 break; 932 } 933 934 err = bt_copy_from_sockptr(buffer, optlen, optval, optlen); 935 if (err) { 936 hci_dev_put(hdev); 937 break; 938 } 939 940 codecs = (void *)buffer; 941 942 if (codecs->num_codecs > 1) { 943 hci_dev_put(hdev); 944 err = -EINVAL; 945 break; 946 } 947 948 sco_pi(sk)->codec = codecs->codecs[0]; 949 hci_dev_put(hdev); 950 break; 951 952 default: 953 err = -ENOPROTOOPT; 954 break; 955 } 956 957 release_sock(sk); 958 return err; 959 } 960 961 static int sco_sock_getsockopt_old(struct socket *sock, int optname, 962 char __user *optval, int __user *optlen) 963 { 964 struct sock *sk = sock->sk; 965 struct sco_options opts; 966 struct sco_conninfo cinfo; 967 int len, err = 0; 968 969 BT_DBG("sk %p", sk); 970 971 if (get_user(len, optlen)) 972 return -EFAULT; 973 974 lock_sock(sk); 975 976 switch (optname) { 977 case SCO_OPTIONS: 978 if (sk->sk_state != BT_CONNECTED && 979 !(sk->sk_state == BT_CONNECT2 && 980 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 981 err = -ENOTCONN; 982 break; 983 } 984 985 opts.mtu = sco_pi(sk)->conn->mtu; 986 987 BT_DBG("mtu %u", opts.mtu); 988 989 len = min_t(unsigned int, len, sizeof(opts)); 990 if (copy_to_user(optval, (char *)&opts, len)) 991 err = -EFAULT; 992 993 break; 994 995 case SCO_CONNINFO: 996 if (sk->sk_state != BT_CONNECTED && 997 !(sk->sk_state == BT_CONNECT2 && 998 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 999 err = -ENOTCONN; 1000 break; 1001 } 1002 1003 memset(&cinfo, 0, sizeof(cinfo)); 1004 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 1005 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 1006 1007 len = min_t(unsigned int, len, sizeof(cinfo)); 1008 if (copy_to_user(optval, (char *)&cinfo, len)) 1009 err = -EFAULT; 1010 1011 break; 1012 1013 default: 1014 err = -ENOPROTOOPT; 1015 break; 1016 } 1017 1018 release_sock(sk); 1019 return err; 1020 } 1021 1022 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, 1023 char __user *optval, int __user *optlen) 1024 { 1025 struct sock *sk = sock->sk; 1026 int len, err = 0; 1027 struct bt_voice voice; 1028 u32 phys; 1029 int buf_len; 1030 struct codec_list *c; 1031 u8 num_codecs, i, __user *ptr; 1032 struct hci_dev *hdev; 1033 struct hci_codec_caps *caps; 1034 struct bt_codec codec; 1035 1036 BT_DBG("sk %p", sk); 1037 1038 if (level == SOL_SCO) 1039 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 1040 1041 if (get_user(len, optlen)) 1042 return -EFAULT; 1043 1044 lock_sock(sk); 1045 1046 switch (optname) { 1047 1048 case BT_DEFER_SETUP: 1049 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1050 err = -EINVAL; 1051 break; 1052 } 1053 1054 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1055 (u32 __user *)optval)) 1056 err = -EFAULT; 1057 1058 break; 1059 1060 case BT_VOICE: 1061 voice.setting = sco_pi(sk)->setting; 1062 1063 len = min_t(unsigned int, len, sizeof(voice)); 1064 if (copy_to_user(optval, (char *)&voice, len)) 1065 err = -EFAULT; 1066 1067 break; 1068 1069 case BT_PHY: 1070 if (sk->sk_state != BT_CONNECTED) { 1071 err = -ENOTCONN; 1072 break; 1073 } 1074 1075 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon); 1076 1077 if (put_user(phys, (u32 __user *) optval)) 1078 err = -EFAULT; 1079 break; 1080 1081 case BT_PKT_STATUS: 1082 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags), 1083 (int __user *)optval)) 1084 err = -EFAULT; 1085 break; 1086 1087 case BT_SNDMTU: 1088 case BT_RCVMTU: 1089 if (sk->sk_state != BT_CONNECTED) { 1090 err = -ENOTCONN; 1091 break; 1092 } 1093 1094 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval)) 1095 err = -EFAULT; 1096 break; 1097 1098 case BT_CODEC: 1099 num_codecs = 0; 1100 buf_len = 0; 1101 1102 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 1103 if (!hdev) { 1104 err = -EBADFD; 1105 break; 1106 } 1107 1108 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 1109 hci_dev_put(hdev); 1110 err = -EOPNOTSUPP; 1111 break; 1112 } 1113 1114 if (!hdev->get_data_path_id) { 1115 hci_dev_put(hdev); 1116 err = -EOPNOTSUPP; 1117 break; 1118 } 1119 1120 release_sock(sk); 1121 1122 /* find total buffer size required to copy codec + caps */ 1123 hci_dev_lock(hdev); 1124 list_for_each_entry(c, &hdev->local_codecs, list) { 1125 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1126 continue; 1127 num_codecs++; 1128 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1129 buf_len += 1 + caps->len; 1130 caps = (void *)&caps->data[caps->len]; 1131 } 1132 buf_len += sizeof(struct bt_codec); 1133 } 1134 hci_dev_unlock(hdev); 1135 1136 buf_len += sizeof(struct bt_codecs); 1137 if (buf_len > len) { 1138 hci_dev_put(hdev); 1139 return -ENOBUFS; 1140 } 1141 ptr = optval; 1142 1143 if (put_user(num_codecs, ptr)) { 1144 hci_dev_put(hdev); 1145 return -EFAULT; 1146 } 1147 ptr += sizeof(num_codecs); 1148 1149 /* Iterate all the codecs supported over SCO and populate 1150 * codec data 1151 */ 1152 hci_dev_lock(hdev); 1153 list_for_each_entry(c, &hdev->local_codecs, list) { 1154 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1155 continue; 1156 1157 codec.id = c->id; 1158 codec.cid = c->cid; 1159 codec.vid = c->vid; 1160 err = hdev->get_data_path_id(hdev, &codec.data_path); 1161 if (err < 0) 1162 break; 1163 codec.num_caps = c->num_caps; 1164 if (copy_to_user(ptr, &codec, sizeof(codec))) { 1165 err = -EFAULT; 1166 break; 1167 } 1168 ptr += sizeof(codec); 1169 1170 /* find codec capabilities data length */ 1171 len = 0; 1172 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1173 len += 1 + caps->len; 1174 caps = (void *)&caps->data[caps->len]; 1175 } 1176 1177 /* copy codec capabilities data */ 1178 if (len && copy_to_user(ptr, c->caps, len)) { 1179 err = -EFAULT; 1180 break; 1181 } 1182 ptr += len; 1183 } 1184 1185 hci_dev_unlock(hdev); 1186 hci_dev_put(hdev); 1187 1188 lock_sock(sk); 1189 1190 if (!err && put_user(buf_len, optlen)) 1191 err = -EFAULT; 1192 1193 break; 1194 1195 default: 1196 err = -ENOPROTOOPT; 1197 break; 1198 } 1199 1200 release_sock(sk); 1201 return err; 1202 } 1203 1204 static int sco_sock_shutdown(struct socket *sock, int how) 1205 { 1206 struct sock *sk = sock->sk; 1207 int err = 0; 1208 1209 BT_DBG("sock %p, sk %p", sock, sk); 1210 1211 if (!sk) 1212 return 0; 1213 1214 sock_hold(sk); 1215 lock_sock(sk); 1216 1217 if (!sk->sk_shutdown) { 1218 sk->sk_shutdown = SHUTDOWN_MASK; 1219 sco_sock_clear_timer(sk); 1220 __sco_sock_close(sk); 1221 1222 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1223 !(current->flags & PF_EXITING)) 1224 err = bt_sock_wait_state(sk, BT_CLOSED, 1225 sk->sk_lingertime); 1226 } 1227 1228 release_sock(sk); 1229 sock_put(sk); 1230 1231 return err; 1232 } 1233 1234 static int sco_sock_release(struct socket *sock) 1235 { 1236 struct sock *sk = sock->sk; 1237 int err = 0; 1238 1239 BT_DBG("sock %p, sk %p", sock, sk); 1240 1241 if (!sk) 1242 return 0; 1243 1244 sco_sock_close(sk); 1245 1246 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) && 1247 !(current->flags & PF_EXITING)) { 1248 lock_sock(sk); 1249 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1250 release_sock(sk); 1251 } 1252 1253 sock_orphan(sk); 1254 sco_sock_kill(sk); 1255 return err; 1256 } 1257 1258 static void sco_conn_ready(struct sco_conn *conn) 1259 { 1260 struct sock *parent; 1261 struct sock *sk = conn->sk; 1262 1263 BT_DBG("conn %p", conn); 1264 1265 if (sk) { 1266 lock_sock(sk); 1267 sco_sock_clear_timer(sk); 1268 sk->sk_state = BT_CONNECTED; 1269 sk->sk_state_change(sk); 1270 release_sock(sk); 1271 } else { 1272 sco_conn_lock(conn); 1273 1274 if (!conn->hcon) { 1275 sco_conn_unlock(conn); 1276 return; 1277 } 1278 1279 parent = sco_get_sock_listen(&conn->hcon->src); 1280 if (!parent) { 1281 sco_conn_unlock(conn); 1282 return; 1283 } 1284 1285 lock_sock(parent); 1286 1287 sk = sco_sock_alloc(sock_net(parent), NULL, 1288 BTPROTO_SCO, GFP_ATOMIC, 0); 1289 if (!sk) { 1290 release_sock(parent); 1291 sco_conn_unlock(conn); 1292 return; 1293 } 1294 1295 sco_sock_init(sk, parent); 1296 1297 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1298 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1299 1300 hci_conn_hold(conn->hcon); 1301 __sco_chan_add(conn, sk, parent); 1302 1303 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1304 sk->sk_state = BT_CONNECT2; 1305 else 1306 sk->sk_state = BT_CONNECTED; 1307 1308 /* Wake up parent */ 1309 parent->sk_data_ready(parent); 1310 1311 release_sock(parent); 1312 1313 sco_conn_unlock(conn); 1314 } 1315 } 1316 1317 /* ----- SCO interface with lower layer (HCI) ----- */ 1318 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1319 { 1320 struct sock *sk; 1321 int lm = 0; 1322 1323 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1324 1325 /* Find listening sockets */ 1326 read_lock(&sco_sk_list.lock); 1327 sk_for_each(sk, &sco_sk_list.head) { 1328 if (sk->sk_state != BT_LISTEN) 1329 continue; 1330 1331 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1332 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1333 lm |= HCI_LM_ACCEPT; 1334 1335 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1336 *flags |= HCI_PROTO_DEFER; 1337 break; 1338 } 1339 } 1340 read_unlock(&sco_sk_list.lock); 1341 1342 return lm; 1343 } 1344 1345 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1346 { 1347 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1348 return; 1349 1350 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status); 1351 1352 if (!status) { 1353 struct sco_conn *conn; 1354 1355 conn = sco_conn_add(hcon); 1356 if (conn) 1357 sco_conn_ready(conn); 1358 } else 1359 sco_conn_del(hcon, bt_to_errno(status)); 1360 } 1361 1362 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1363 { 1364 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1365 return; 1366 1367 BT_DBG("hcon %p reason %d", hcon, reason); 1368 1369 sco_conn_del(hcon, bt_to_errno(reason)); 1370 } 1371 1372 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 1373 { 1374 struct sco_conn *conn = hcon->sco_data; 1375 1376 if (!conn) 1377 goto drop; 1378 1379 BT_DBG("conn %p len %u", conn, skb->len); 1380 1381 if (skb->len) { 1382 sco_recv_frame(conn, skb); 1383 return; 1384 } 1385 1386 drop: 1387 kfree_skb(skb); 1388 } 1389 1390 static struct hci_cb sco_cb = { 1391 .name = "SCO", 1392 .connect_cfm = sco_connect_cfm, 1393 .disconn_cfm = sco_disconn_cfm, 1394 }; 1395 1396 static int sco_debugfs_show(struct seq_file *f, void *p) 1397 { 1398 struct sock *sk; 1399 1400 read_lock(&sco_sk_list.lock); 1401 1402 sk_for_each(sk, &sco_sk_list.head) { 1403 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1404 &sco_pi(sk)->dst, sk->sk_state); 1405 } 1406 1407 read_unlock(&sco_sk_list.lock); 1408 1409 return 0; 1410 } 1411 1412 DEFINE_SHOW_ATTRIBUTE(sco_debugfs); 1413 1414 static struct dentry *sco_debugfs; 1415 1416 static const struct proto_ops sco_sock_ops = { 1417 .family = PF_BLUETOOTH, 1418 .owner = THIS_MODULE, 1419 .release = sco_sock_release, 1420 .bind = sco_sock_bind, 1421 .connect = sco_sock_connect, 1422 .listen = sco_sock_listen, 1423 .accept = sco_sock_accept, 1424 .getname = sco_sock_getname, 1425 .sendmsg = sco_sock_sendmsg, 1426 .recvmsg = sco_sock_recvmsg, 1427 .poll = bt_sock_poll, 1428 .ioctl = bt_sock_ioctl, 1429 .gettstamp = sock_gettstamp, 1430 .mmap = sock_no_mmap, 1431 .socketpair = sock_no_socketpair, 1432 .shutdown = sco_sock_shutdown, 1433 .setsockopt = sco_sock_setsockopt, 1434 .getsockopt = sco_sock_getsockopt 1435 }; 1436 1437 static const struct net_proto_family sco_sock_family_ops = { 1438 .family = PF_BLUETOOTH, 1439 .owner = THIS_MODULE, 1440 .create = sco_sock_create, 1441 }; 1442 1443 int __init sco_init(void) 1444 { 1445 int err; 1446 1447 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1448 1449 err = proto_register(&sco_proto, 0); 1450 if (err < 0) 1451 return err; 1452 1453 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1454 if (err < 0) { 1455 BT_ERR("SCO socket registration failed"); 1456 goto error; 1457 } 1458 1459 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1460 if (err < 0) { 1461 BT_ERR("Failed to create SCO proc file"); 1462 bt_sock_unregister(BTPROTO_SCO); 1463 goto error; 1464 } 1465 1466 BT_INFO("SCO socket layer initialized"); 1467 1468 hci_register_cb(&sco_cb); 1469 1470 if (IS_ERR_OR_NULL(bt_debugfs)) 1471 return 0; 1472 1473 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1474 NULL, &sco_debugfs_fops); 1475 1476 return 0; 1477 1478 error: 1479 proto_unregister(&sco_proto); 1480 return err; 1481 } 1482 1483 void sco_exit(void) 1484 { 1485 bt_procfs_cleanup(&init_net, "sco"); 1486 1487 debugfs_remove(sco_debugfs); 1488 1489 hci_unregister_cb(&sco_cb); 1490 1491 bt_sock_unregister(BTPROTO_SCO); 1492 1493 proto_unregister(&sco_proto); 1494 } 1495 1496 module_param(disable_esco, bool, 0644); 1497 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1498