1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth SCO sockets. */
26
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30
31 #include <net/bluetooth/bluetooth.h>
32 #include <net/bluetooth/hci_core.h>
33 #include <net/bluetooth/sco.h>
34
35 static bool disable_esco;
36
37 static const struct proto_ops sco_sock_ops;
38
39 static struct bt_sock_list sco_sk_list = {
40 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
41 };
42
43 /* ---- SCO connections ---- */
44 struct sco_conn {
45 struct hci_conn *hcon;
46
47 spinlock_t lock;
48 struct sock *sk;
49
50 unsigned int mtu;
51 };
52
53 #define sco_conn_lock(c) spin_lock(&c->lock);
54 #define sco_conn_unlock(c) spin_unlock(&c->lock);
55
56 static void sco_sock_close(struct sock *sk);
57 static void sco_sock_kill(struct sock *sk);
58
59 /* ----- SCO socket info ----- */
60 #define sco_pi(sk) ((struct sco_pinfo *) sk)
61
62 struct sco_pinfo {
63 struct bt_sock bt;
64 bdaddr_t src;
65 bdaddr_t dst;
66 __u32 flags;
67 __u16 setting;
68 struct sco_conn *conn;
69 };
70
71 /* ---- SCO timers ---- */
72 #define SCO_CONN_TIMEOUT (HZ * 40)
73 #define SCO_DISCONN_TIMEOUT (HZ * 2)
74
sco_sock_timeout(unsigned long arg)75 static void sco_sock_timeout(unsigned long arg)
76 {
77 struct sock *sk = (struct sock *) arg;
78
79 BT_DBG("sock %p state %d", sk, sk->sk_state);
80
81 bh_lock_sock(sk);
82 sk->sk_err = ETIMEDOUT;
83 sk->sk_state_change(sk);
84 bh_unlock_sock(sk);
85
86 sco_sock_kill(sk);
87 sock_put(sk);
88 }
89
sco_sock_set_timer(struct sock * sk,long timeout)90 static void sco_sock_set_timer(struct sock *sk, long timeout)
91 {
92 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
93 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
94 }
95
sco_sock_clear_timer(struct sock * sk)96 static void sco_sock_clear_timer(struct sock *sk)
97 {
98 BT_DBG("sock %p state %d", sk, sk->sk_state);
99 sk_stop_timer(sk, &sk->sk_timer);
100 }
101
102 /* ---- SCO connections ---- */
sco_conn_add(struct hci_conn * hcon)103 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
104 {
105 struct hci_dev *hdev = hcon->hdev;
106 struct sco_conn *conn = hcon->sco_data;
107
108 if (conn)
109 return conn;
110
111 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
112 if (!conn)
113 return NULL;
114
115 spin_lock_init(&conn->lock);
116
117 hcon->sco_data = conn;
118 conn->hcon = hcon;
119
120 if (hdev->sco_mtu > 0)
121 conn->mtu = hdev->sco_mtu;
122 else
123 conn->mtu = 60;
124
125 BT_DBG("hcon %p conn %p", hcon, conn);
126
127 return conn;
128 }
129
130 /* Delete channel.
131 * Must be called on the locked socket. */
sco_chan_del(struct sock * sk,int err)132 static void sco_chan_del(struct sock *sk, int err)
133 {
134 struct sco_conn *conn;
135
136 conn = sco_pi(sk)->conn;
137
138 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
139
140 if (conn) {
141 sco_conn_lock(conn);
142 conn->sk = NULL;
143 sco_pi(sk)->conn = NULL;
144 sco_conn_unlock(conn);
145
146 if (conn->hcon)
147 hci_conn_drop(conn->hcon);
148 }
149
150 sk->sk_state = BT_CLOSED;
151 sk->sk_err = err;
152 sk->sk_state_change(sk);
153
154 sock_set_flag(sk, SOCK_ZAPPED);
155 }
156
sco_conn_del(struct hci_conn * hcon,int err)157 static int sco_conn_del(struct hci_conn *hcon, int err)
158 {
159 struct sco_conn *conn = hcon->sco_data;
160 struct sock *sk;
161
162 if (!conn)
163 return 0;
164
165 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
166
167 /* Kill socket */
168 sco_conn_lock(conn);
169 sk = conn->sk;
170 sco_conn_unlock(conn);
171
172 if (sk) {
173 bh_lock_sock(sk);
174 sco_sock_clear_timer(sk);
175 sco_chan_del(sk, err);
176 bh_unlock_sock(sk);
177 sco_sock_kill(sk);
178 }
179
180 hcon->sco_data = NULL;
181 kfree(conn);
182 return 0;
183 }
184
__sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)185 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent)
186 {
187 BT_DBG("conn %p", conn);
188
189 sco_pi(sk)->conn = conn;
190 conn->sk = sk;
191
192 if (parent)
193 bt_accept_enqueue(parent, sk);
194 }
195
sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)196 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
197 struct sock *parent)
198 {
199 int err = 0;
200
201 sco_conn_lock(conn);
202 if (conn->sk)
203 err = -EBUSY;
204 else
205 __sco_chan_add(conn, sk, parent);
206
207 sco_conn_unlock(conn);
208 return err;
209 }
210
sco_connect(struct sock * sk)211 static int sco_connect(struct sock *sk)
212 {
213 struct sco_conn *conn;
214 struct hci_conn *hcon;
215 struct hci_dev *hdev;
216 int err, type;
217
218 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
219
220 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src);
221 if (!hdev)
222 return -EHOSTUNREACH;
223
224 hci_dev_lock(hdev);
225
226 if (lmp_esco_capable(hdev) && !disable_esco)
227 type = ESCO_LINK;
228 else
229 type = SCO_LINK;
230
231 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
232 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
233 err = -EOPNOTSUPP;
234 goto done;
235 }
236
237 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
238 sco_pi(sk)->setting);
239 if (IS_ERR(hcon)) {
240 err = PTR_ERR(hcon);
241 goto done;
242 }
243
244 conn = sco_conn_add(hcon);
245 if (!conn) {
246 hci_conn_drop(hcon);
247 err = -ENOMEM;
248 goto done;
249 }
250
251 /* Update source addr of the socket */
252 bacpy(&sco_pi(sk)->src, &hcon->src);
253
254 err = sco_chan_add(conn, sk, NULL);
255 if (err)
256 goto done;
257
258 if (hcon->state == BT_CONNECTED) {
259 sco_sock_clear_timer(sk);
260 sk->sk_state = BT_CONNECTED;
261 } else {
262 sk->sk_state = BT_CONNECT;
263 sco_sock_set_timer(sk, sk->sk_sndtimeo);
264 }
265
266 done:
267 hci_dev_unlock(hdev);
268 hci_dev_put(hdev);
269 return err;
270 }
271
sco_send_frame(struct sock * sk,struct msghdr * msg,int len)272 static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
273 {
274 struct sco_conn *conn = sco_pi(sk)->conn;
275 struct sk_buff *skb;
276 int err;
277
278 /* Check outgoing MTU */
279 if (len > conn->mtu)
280 return -EINVAL;
281
282 BT_DBG("sk %p len %d", sk, len);
283
284 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
285 if (!skb)
286 return err;
287
288 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
289 kfree_skb(skb);
290 return -EFAULT;
291 }
292
293 hci_send_sco(conn->hcon, skb);
294
295 return len;
296 }
297
sco_recv_frame(struct sco_conn * conn,struct sk_buff * skb)298 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
299 {
300 struct sock *sk;
301
302 sco_conn_lock(conn);
303 sk = conn->sk;
304 sco_conn_unlock(conn);
305
306 if (!sk)
307 goto drop;
308
309 BT_DBG("sk %p len %d", sk, skb->len);
310
311 if (sk->sk_state != BT_CONNECTED)
312 goto drop;
313
314 if (!sock_queue_rcv_skb(sk, skb))
315 return;
316
317 drop:
318 kfree_skb(skb);
319 }
320
321 /* -------- Socket interface ---------- */
__sco_get_sock_listen_by_addr(bdaddr_t * ba)322 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
323 {
324 struct sock *sk;
325
326 sk_for_each(sk, &sco_sk_list.head) {
327 if (sk->sk_state != BT_LISTEN)
328 continue;
329
330 if (!bacmp(&sco_pi(sk)->src, ba))
331 return sk;
332 }
333
334 return NULL;
335 }
336
337 /* Find socket listening on source bdaddr.
338 * Returns closest match.
339 */
sco_get_sock_listen(bdaddr_t * src)340 static struct sock *sco_get_sock_listen(bdaddr_t *src)
341 {
342 struct sock *sk = NULL, *sk1 = NULL;
343
344 read_lock(&sco_sk_list.lock);
345
346 sk_for_each(sk, &sco_sk_list.head) {
347 if (sk->sk_state != BT_LISTEN)
348 continue;
349
350 /* Exact match. */
351 if (!bacmp(&sco_pi(sk)->src, src))
352 break;
353
354 /* Closest match */
355 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
356 sk1 = sk;
357 }
358
359 read_unlock(&sco_sk_list.lock);
360
361 return sk ? sk : sk1;
362 }
363
sco_sock_destruct(struct sock * sk)364 static void sco_sock_destruct(struct sock *sk)
365 {
366 BT_DBG("sk %p", sk);
367
368 skb_queue_purge(&sk->sk_receive_queue);
369 skb_queue_purge(&sk->sk_write_queue);
370 }
371
sco_sock_cleanup_listen(struct sock * parent)372 static void sco_sock_cleanup_listen(struct sock *parent)
373 {
374 struct sock *sk;
375
376 BT_DBG("parent %p", parent);
377
378 /* Close not yet accepted channels */
379 while ((sk = bt_accept_dequeue(parent, NULL))) {
380 sco_sock_close(sk);
381 sco_sock_kill(sk);
382 }
383
384 parent->sk_state = BT_CLOSED;
385 sock_set_flag(parent, SOCK_ZAPPED);
386 }
387
388 /* Kill socket (only if zapped and orphan)
389 * Must be called on unlocked socket.
390 */
sco_sock_kill(struct sock * sk)391 static void sco_sock_kill(struct sock *sk)
392 {
393 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
394 return;
395
396 BT_DBG("sk %p state %d", sk, sk->sk_state);
397
398 /* Kill poor orphan */
399 bt_sock_unlink(&sco_sk_list, sk);
400 sock_set_flag(sk, SOCK_DEAD);
401 sock_put(sk);
402 }
403
__sco_sock_close(struct sock * sk)404 static void __sco_sock_close(struct sock *sk)
405 {
406 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
407
408 switch (sk->sk_state) {
409 case BT_LISTEN:
410 sco_sock_cleanup_listen(sk);
411 break;
412
413 case BT_CONNECTED:
414 case BT_CONFIG:
415 if (sco_pi(sk)->conn->hcon) {
416 sk->sk_state = BT_DISCONN;
417 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
418 hci_conn_drop(sco_pi(sk)->conn->hcon);
419 sco_pi(sk)->conn->hcon = NULL;
420 } else
421 sco_chan_del(sk, ECONNRESET);
422 break;
423
424 case BT_CONNECT2:
425 case BT_CONNECT:
426 case BT_DISCONN:
427 sco_chan_del(sk, ECONNRESET);
428 break;
429
430 default:
431 sock_set_flag(sk, SOCK_ZAPPED);
432 break;
433 }
434 }
435
436 /* Must be called on unlocked socket. */
sco_sock_close(struct sock * sk)437 static void sco_sock_close(struct sock *sk)
438 {
439 sco_sock_clear_timer(sk);
440 lock_sock(sk);
441 __sco_sock_close(sk);
442 release_sock(sk);
443 sco_sock_kill(sk);
444 }
445
sco_sock_init(struct sock * sk,struct sock * parent)446 static void sco_sock_init(struct sock *sk, struct sock *parent)
447 {
448 BT_DBG("sk %p", sk);
449
450 if (parent) {
451 sk->sk_type = parent->sk_type;
452 bt_sk(sk)->flags = bt_sk(parent)->flags;
453 security_sk_clone(parent, sk);
454 }
455 }
456
457 static struct proto sco_proto = {
458 .name = "SCO",
459 .owner = THIS_MODULE,
460 .obj_size = sizeof(struct sco_pinfo)
461 };
462
sco_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio)463 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
464 {
465 struct sock *sk;
466
467 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto);
468 if (!sk)
469 return NULL;
470
471 sock_init_data(sock, sk);
472 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
473
474 sk->sk_destruct = sco_sock_destruct;
475 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
476
477 sock_reset_flag(sk, SOCK_ZAPPED);
478
479 sk->sk_protocol = proto;
480 sk->sk_state = BT_OPEN;
481
482 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
483
484 setup_timer(&sk->sk_timer, sco_sock_timeout, (unsigned long)sk);
485
486 bt_sock_link(&sco_sk_list, sk);
487 return sk;
488 }
489
sco_sock_create(struct net * net,struct socket * sock,int protocol,int kern)490 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
491 int kern)
492 {
493 struct sock *sk;
494
495 BT_DBG("sock %p", sock);
496
497 sock->state = SS_UNCONNECTED;
498
499 if (sock->type != SOCK_SEQPACKET)
500 return -ESOCKTNOSUPPORT;
501
502 sock->ops = &sco_sock_ops;
503
504 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC);
505 if (!sk)
506 return -ENOMEM;
507
508 sco_sock_init(sk, NULL);
509 return 0;
510 }
511
sco_sock_bind(struct socket * sock,struct sockaddr * addr,int addr_len)512 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
513 {
514 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
515 struct sock *sk = sock->sk;
516 int err = 0;
517
518 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
519
520 if (!addr || addr->sa_family != AF_BLUETOOTH)
521 return -EINVAL;
522
523 if (addr_len < sizeof(struct sockaddr_sco))
524 return -EINVAL;
525
526 lock_sock(sk);
527
528 if (sk->sk_state != BT_OPEN) {
529 err = -EBADFD;
530 goto done;
531 }
532
533 if (sk->sk_type != SOCK_SEQPACKET) {
534 err = -EINVAL;
535 goto done;
536 }
537
538 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
539
540 sk->sk_state = BT_BOUND;
541
542 done:
543 release_sock(sk);
544 return err;
545 }
546
sco_sock_connect(struct socket * sock,struct sockaddr * addr,int alen,int flags)547 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
548 {
549 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
550 struct sock *sk = sock->sk;
551 int err;
552
553 BT_DBG("sk %p", sk);
554
555 if (alen < sizeof(struct sockaddr_sco) ||
556 addr->sa_family != AF_BLUETOOTH)
557 return -EINVAL;
558
559 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
560 return -EBADFD;
561
562 if (sk->sk_type != SOCK_SEQPACKET)
563 return -EINVAL;
564
565 lock_sock(sk);
566
567 /* Set destination address and psm */
568 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
569
570 err = sco_connect(sk);
571 if (err)
572 goto done;
573
574 err = bt_sock_wait_state(sk, BT_CONNECTED,
575 sock_sndtimeo(sk, flags & O_NONBLOCK));
576
577 done:
578 release_sock(sk);
579 return err;
580 }
581
sco_sock_listen(struct socket * sock,int backlog)582 static int sco_sock_listen(struct socket *sock, int backlog)
583 {
584 struct sock *sk = sock->sk;
585 bdaddr_t *src = &sco_pi(sk)->src;
586 int err = 0;
587
588 BT_DBG("sk %p backlog %d", sk, backlog);
589
590 lock_sock(sk);
591
592 if (sk->sk_state != BT_BOUND) {
593 err = -EBADFD;
594 goto done;
595 }
596
597 if (sk->sk_type != SOCK_SEQPACKET) {
598 err = -EINVAL;
599 goto done;
600 }
601
602 write_lock(&sco_sk_list.lock);
603
604 if (__sco_get_sock_listen_by_addr(src)) {
605 err = -EADDRINUSE;
606 goto unlock;
607 }
608
609 sk->sk_max_ack_backlog = backlog;
610 sk->sk_ack_backlog = 0;
611
612 sk->sk_state = BT_LISTEN;
613
614 unlock:
615 write_unlock(&sco_sk_list.lock);
616
617 done:
618 release_sock(sk);
619 return err;
620 }
621
sco_sock_accept(struct socket * sock,struct socket * newsock,int flags)622 static int sco_sock_accept(struct socket *sock, struct socket *newsock, int flags)
623 {
624 DEFINE_WAIT_FUNC(wait, woken_wake_function);
625 struct sock *sk = sock->sk, *ch;
626 long timeo;
627 int err = 0;
628
629 lock_sock(sk);
630
631 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
632
633 BT_DBG("sk %p timeo %ld", sk, timeo);
634
635 /* Wait for an incoming connection. (wake-one). */
636 add_wait_queue_exclusive(sk_sleep(sk), &wait);
637 while (1) {
638 if (sk->sk_state != BT_LISTEN) {
639 err = -EBADFD;
640 break;
641 }
642
643 ch = bt_accept_dequeue(sk, newsock);
644 if (ch)
645 break;
646
647 if (!timeo) {
648 err = -EAGAIN;
649 break;
650 }
651
652 if (signal_pending(current)) {
653 err = sock_intr_errno(timeo);
654 break;
655 }
656
657 release_sock(sk);
658
659 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
660 lock_sock(sk);
661 }
662 remove_wait_queue(sk_sleep(sk), &wait);
663
664 if (err)
665 goto done;
666
667 newsock->state = SS_CONNECTED;
668
669 BT_DBG("new socket %p", ch);
670
671 done:
672 release_sock(sk);
673 return err;
674 }
675
sco_sock_getname(struct socket * sock,struct sockaddr * addr,int * len,int peer)676 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
677 {
678 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
679 struct sock *sk = sock->sk;
680
681 BT_DBG("sock %p, sk %p", sock, sk);
682
683 addr->sa_family = AF_BLUETOOTH;
684 *len = sizeof(struct sockaddr_sco);
685
686 if (peer)
687 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
688 else
689 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
690
691 return 0;
692 }
693
sco_sock_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)694 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
695 size_t len)
696 {
697 struct sock *sk = sock->sk;
698 int err;
699
700 BT_DBG("sock %p, sk %p", sock, sk);
701
702 err = sock_error(sk);
703 if (err)
704 return err;
705
706 if (msg->msg_flags & MSG_OOB)
707 return -EOPNOTSUPP;
708
709 lock_sock(sk);
710
711 if (sk->sk_state == BT_CONNECTED)
712 err = sco_send_frame(sk, msg, len);
713 else
714 err = -ENOTCONN;
715
716 release_sock(sk);
717 return err;
718 }
719
sco_conn_defer_accept(struct hci_conn * conn,u16 setting)720 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
721 {
722 struct hci_dev *hdev = conn->hdev;
723
724 BT_DBG("conn %p", conn);
725
726 conn->state = BT_CONFIG;
727
728 if (!lmp_esco_capable(hdev)) {
729 struct hci_cp_accept_conn_req cp;
730
731 bacpy(&cp.bdaddr, &conn->dst);
732 cp.role = 0x00; /* Ignored */
733
734 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
735 } else {
736 struct hci_cp_accept_sync_conn_req cp;
737
738 bacpy(&cp.bdaddr, &conn->dst);
739 cp.pkt_type = cpu_to_le16(conn->pkt_type);
740
741 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
742 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
743 cp.content_format = cpu_to_le16(setting);
744
745 switch (setting & SCO_AIRMODE_MASK) {
746 case SCO_AIRMODE_TRANSP:
747 if (conn->pkt_type & ESCO_2EV3)
748 cp.max_latency = cpu_to_le16(0x0008);
749 else
750 cp.max_latency = cpu_to_le16(0x000D);
751 cp.retrans_effort = 0x02;
752 break;
753 case SCO_AIRMODE_CVSD:
754 cp.max_latency = cpu_to_le16(0xffff);
755 cp.retrans_effort = 0xff;
756 break;
757 }
758
759 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
760 sizeof(cp), &cp);
761 }
762 }
763
sco_sock_recvmsg(struct socket * sock,struct msghdr * msg,size_t len,int flags)764 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
765 size_t len, int flags)
766 {
767 struct sock *sk = sock->sk;
768 struct sco_pinfo *pi = sco_pi(sk);
769
770 lock_sock(sk);
771
772 if (sk->sk_state == BT_CONNECT2 &&
773 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
774 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
775 sk->sk_state = BT_CONFIG;
776
777 release_sock(sk);
778 return 0;
779 }
780
781 release_sock(sk);
782
783 return bt_sock_recvmsg(sock, msg, len, flags);
784 }
785
sco_sock_setsockopt(struct socket * sock,int level,int optname,char __user * optval,unsigned int optlen)786 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
787 {
788 struct sock *sk = sock->sk;
789 int len, err = 0;
790 struct bt_voice voice;
791 u32 opt;
792
793 BT_DBG("sk %p", sk);
794
795 lock_sock(sk);
796
797 switch (optname) {
798
799 case BT_DEFER_SETUP:
800 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
801 err = -EINVAL;
802 break;
803 }
804
805 if (get_user(opt, (u32 __user *) optval)) {
806 err = -EFAULT;
807 break;
808 }
809
810 if (opt)
811 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
812 else
813 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
814 break;
815
816 case BT_VOICE:
817 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
818 sk->sk_state != BT_CONNECT2) {
819 err = -EINVAL;
820 break;
821 }
822
823 voice.setting = sco_pi(sk)->setting;
824
825 len = min_t(unsigned int, sizeof(voice), optlen);
826 if (copy_from_user((char *) &voice, optval, len)) {
827 err = -EFAULT;
828 break;
829 }
830
831 /* Explicitly check for these values */
832 if (voice.setting != BT_VOICE_TRANSPARENT &&
833 voice.setting != BT_VOICE_CVSD_16BIT) {
834 err = -EINVAL;
835 break;
836 }
837
838 sco_pi(sk)->setting = voice.setting;
839 break;
840
841 default:
842 err = -ENOPROTOOPT;
843 break;
844 }
845
846 release_sock(sk);
847 return err;
848 }
849
sco_sock_getsockopt_old(struct socket * sock,int optname,char __user * optval,int __user * optlen)850 static int sco_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
851 {
852 struct sock *sk = sock->sk;
853 struct sco_options opts;
854 struct sco_conninfo cinfo;
855 int len, err = 0;
856
857 BT_DBG("sk %p", sk);
858
859 if (get_user(len, optlen))
860 return -EFAULT;
861
862 lock_sock(sk);
863
864 switch (optname) {
865 case SCO_OPTIONS:
866 if (sk->sk_state != BT_CONNECTED &&
867 !(sk->sk_state == BT_CONNECT2 &&
868 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
869 err = -ENOTCONN;
870 break;
871 }
872
873 opts.mtu = sco_pi(sk)->conn->mtu;
874
875 BT_DBG("mtu %d", opts.mtu);
876
877 len = min_t(unsigned int, len, sizeof(opts));
878 if (copy_to_user(optval, (char *)&opts, len))
879 err = -EFAULT;
880
881 break;
882
883 case SCO_CONNINFO:
884 if (sk->sk_state != BT_CONNECTED &&
885 !(sk->sk_state == BT_CONNECT2 &&
886 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
887 err = -ENOTCONN;
888 break;
889 }
890
891 memset(&cinfo, 0, sizeof(cinfo));
892 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
893 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
894
895 len = min_t(unsigned int, len, sizeof(cinfo));
896 if (copy_to_user(optval, (char *)&cinfo, len))
897 err = -EFAULT;
898
899 break;
900
901 default:
902 err = -ENOPROTOOPT;
903 break;
904 }
905
906 release_sock(sk);
907 return err;
908 }
909
sco_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)910 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
911 {
912 struct sock *sk = sock->sk;
913 int len, err = 0;
914 struct bt_voice voice;
915
916 BT_DBG("sk %p", sk);
917
918 if (level == SOL_SCO)
919 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
920
921 if (get_user(len, optlen))
922 return -EFAULT;
923
924 lock_sock(sk);
925
926 switch (optname) {
927
928 case BT_DEFER_SETUP:
929 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
930 err = -EINVAL;
931 break;
932 }
933
934 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
935 (u32 __user *) optval))
936 err = -EFAULT;
937
938 break;
939
940 case BT_VOICE:
941 voice.setting = sco_pi(sk)->setting;
942
943 len = min_t(unsigned int, len, sizeof(voice));
944 if (copy_to_user(optval, (char *)&voice, len))
945 err = -EFAULT;
946
947 break;
948
949 default:
950 err = -ENOPROTOOPT;
951 break;
952 }
953
954 release_sock(sk);
955 return err;
956 }
957
sco_sock_shutdown(struct socket * sock,int how)958 static int sco_sock_shutdown(struct socket *sock, int how)
959 {
960 struct sock *sk = sock->sk;
961 int err = 0;
962
963 BT_DBG("sock %p, sk %p", sock, sk);
964
965 if (!sk)
966 return 0;
967
968 lock_sock(sk);
969 if (!sk->sk_shutdown) {
970 sk->sk_shutdown = SHUTDOWN_MASK;
971 sco_sock_clear_timer(sk);
972 __sco_sock_close(sk);
973
974 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
975 !(current->flags & PF_EXITING))
976 err = bt_sock_wait_state(sk, BT_CLOSED,
977 sk->sk_lingertime);
978 }
979 release_sock(sk);
980 return err;
981 }
982
sco_sock_release(struct socket * sock)983 static int sco_sock_release(struct socket *sock)
984 {
985 struct sock *sk = sock->sk;
986 int err = 0;
987
988 BT_DBG("sock %p, sk %p", sock, sk);
989
990 if (!sk)
991 return 0;
992
993 sco_sock_close(sk);
994
995 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
996 !(current->flags & PF_EXITING)) {
997 lock_sock(sk);
998 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
999 release_sock(sk);
1000 }
1001
1002 sock_orphan(sk);
1003 sco_sock_kill(sk);
1004 return err;
1005 }
1006
sco_conn_ready(struct sco_conn * conn)1007 static void sco_conn_ready(struct sco_conn *conn)
1008 {
1009 struct sock *parent;
1010 struct sock *sk = conn->sk;
1011
1012 BT_DBG("conn %p", conn);
1013
1014 if (sk) {
1015 sco_sock_clear_timer(sk);
1016 bh_lock_sock(sk);
1017 sk->sk_state = BT_CONNECTED;
1018 sk->sk_state_change(sk);
1019 bh_unlock_sock(sk);
1020 } else {
1021 sco_conn_lock(conn);
1022
1023 parent = sco_get_sock_listen(&conn->hcon->src);
1024 if (!parent) {
1025 sco_conn_unlock(conn);
1026 return;
1027 }
1028
1029 bh_lock_sock(parent);
1030
1031 sk = sco_sock_alloc(sock_net(parent), NULL,
1032 BTPROTO_SCO, GFP_ATOMIC);
1033 if (!sk) {
1034 bh_unlock_sock(parent);
1035 sco_conn_unlock(conn);
1036 return;
1037 }
1038
1039 sco_sock_init(sk, parent);
1040
1041 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1042 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1043
1044 hci_conn_hold(conn->hcon);
1045 __sco_chan_add(conn, sk, parent);
1046
1047 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1048 sk->sk_state = BT_CONNECT2;
1049 else
1050 sk->sk_state = BT_CONNECTED;
1051
1052 /* Wake up parent */
1053 parent->sk_data_ready(parent);
1054
1055 bh_unlock_sock(parent);
1056
1057 sco_conn_unlock(conn);
1058 }
1059 }
1060
1061 /* ----- SCO interface with lower layer (HCI) ----- */
sco_connect_ind(struct hci_dev * hdev,bdaddr_t * bdaddr,__u8 * flags)1062 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1063 {
1064 struct sock *sk;
1065 int lm = 0;
1066
1067 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1068
1069 /* Find listening sockets */
1070 read_lock(&sco_sk_list.lock);
1071 sk_for_each(sk, &sco_sk_list.head) {
1072 if (sk->sk_state != BT_LISTEN)
1073 continue;
1074
1075 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1076 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1077 lm |= HCI_LM_ACCEPT;
1078
1079 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1080 *flags |= HCI_PROTO_DEFER;
1081 break;
1082 }
1083 }
1084 read_unlock(&sco_sk_list.lock);
1085
1086 return lm;
1087 }
1088
sco_connect_cfm(struct hci_conn * hcon,__u8 status)1089 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1090 {
1091 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1092 return;
1093
1094 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1095
1096 if (!status) {
1097 struct sco_conn *conn;
1098
1099 conn = sco_conn_add(hcon);
1100 if (conn)
1101 sco_conn_ready(conn);
1102 } else
1103 sco_conn_del(hcon, bt_to_errno(status));
1104 }
1105
sco_disconn_cfm(struct hci_conn * hcon,__u8 reason)1106 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1107 {
1108 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1109 return;
1110
1111 BT_DBG("hcon %p reason %d", hcon, reason);
1112
1113 sco_conn_del(hcon, bt_to_errno(reason));
1114 }
1115
sco_recv_scodata(struct hci_conn * hcon,struct sk_buff * skb)1116 int sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1117 {
1118 struct sco_conn *conn = hcon->sco_data;
1119
1120 if (!conn)
1121 goto drop;
1122
1123 BT_DBG("conn %p len %d", conn, skb->len);
1124
1125 if (skb->len) {
1126 sco_recv_frame(conn, skb);
1127 return 0;
1128 }
1129
1130 drop:
1131 kfree_skb(skb);
1132 return 0;
1133 }
1134
1135 static struct hci_cb sco_cb = {
1136 .name = "SCO",
1137 .connect_cfm = sco_connect_cfm,
1138 .disconn_cfm = sco_disconn_cfm,
1139 };
1140
sco_debugfs_show(struct seq_file * f,void * p)1141 static int sco_debugfs_show(struct seq_file *f, void *p)
1142 {
1143 struct sock *sk;
1144
1145 read_lock(&sco_sk_list.lock);
1146
1147 sk_for_each(sk, &sco_sk_list.head) {
1148 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1149 &sco_pi(sk)->dst, sk->sk_state);
1150 }
1151
1152 read_unlock(&sco_sk_list.lock);
1153
1154 return 0;
1155 }
1156
sco_debugfs_open(struct inode * inode,struct file * file)1157 static int sco_debugfs_open(struct inode *inode, struct file *file)
1158 {
1159 return single_open(file, sco_debugfs_show, inode->i_private);
1160 }
1161
1162 static const struct file_operations sco_debugfs_fops = {
1163 .open = sco_debugfs_open,
1164 .read = seq_read,
1165 .llseek = seq_lseek,
1166 .release = single_release,
1167 };
1168
1169 static struct dentry *sco_debugfs;
1170
1171 static const struct proto_ops sco_sock_ops = {
1172 .family = PF_BLUETOOTH,
1173 .owner = THIS_MODULE,
1174 .release = sco_sock_release,
1175 .bind = sco_sock_bind,
1176 .connect = sco_sock_connect,
1177 .listen = sco_sock_listen,
1178 .accept = sco_sock_accept,
1179 .getname = sco_sock_getname,
1180 .sendmsg = sco_sock_sendmsg,
1181 .recvmsg = sco_sock_recvmsg,
1182 .poll = bt_sock_poll,
1183 .ioctl = bt_sock_ioctl,
1184 .mmap = sock_no_mmap,
1185 .socketpair = sock_no_socketpair,
1186 .shutdown = sco_sock_shutdown,
1187 .setsockopt = sco_sock_setsockopt,
1188 .getsockopt = sco_sock_getsockopt
1189 };
1190
1191 static const struct net_proto_family sco_sock_family_ops = {
1192 .family = PF_BLUETOOTH,
1193 .owner = THIS_MODULE,
1194 .create = sco_sock_create,
1195 };
1196
sco_init(void)1197 int __init sco_init(void)
1198 {
1199 int err;
1200
1201 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1202
1203 err = proto_register(&sco_proto, 0);
1204 if (err < 0)
1205 return err;
1206
1207 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1208 if (err < 0) {
1209 BT_ERR("SCO socket registration failed");
1210 goto error;
1211 }
1212
1213 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1214 if (err < 0) {
1215 BT_ERR("Failed to create SCO proc file");
1216 bt_sock_unregister(BTPROTO_SCO);
1217 goto error;
1218 }
1219
1220 BT_INFO("SCO socket layer initialized");
1221
1222 hci_register_cb(&sco_cb);
1223
1224 if (IS_ERR_OR_NULL(bt_debugfs))
1225 return 0;
1226
1227 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1228 NULL, &sco_debugfs_fops);
1229
1230 return 0;
1231
1232 error:
1233 proto_unregister(&sco_proto);
1234 return err;
1235 }
1236
sco_exit(void)1237 void sco_exit(void)
1238 {
1239 bt_procfs_cleanup(&init_net, "sco");
1240
1241 debugfs_remove(sco_debugfs);
1242
1243 hci_unregister_cb(&sco_cb);
1244
1245 bt_sock_unregister(BTPROTO_SCO);
1246
1247 proto_unregister(&sco_proto);
1248 }
1249
1250 module_param(disable_esco, bool, 0644);
1251 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1252