1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23*/ 24 25/* Bluetooth SCO sockets. */ 26 27#include <linux/module.h> 28#include <linux/debugfs.h> 29#include <linux/seq_file.h> 30 31#include <net/bluetooth/bluetooth.h> 32#include <net/bluetooth/hci_core.h> 33#include <net/bluetooth/sco.h> 34 35static bool disable_esco; 36 37static const struct proto_ops sco_sock_ops; 38 39static struct bt_sock_list sco_sk_list = { 40 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 41}; 42 43/* ---- SCO connections ---- */ 44struct sco_conn { 45 struct hci_conn *hcon; 46 47 spinlock_t lock; 48 struct sock *sk; 49 50 unsigned int mtu; 51}; 52 53#define sco_conn_lock(c) spin_lock(&c->lock); 54#define sco_conn_unlock(c) spin_unlock(&c->lock); 55 56static void sco_sock_close(struct sock *sk); 57static void sco_sock_kill(struct sock *sk); 58 59/* ----- SCO socket info ----- */ 60#define sco_pi(sk) ((struct sco_pinfo *) sk) 61 62struct sco_pinfo { 63 struct bt_sock bt; 64 bdaddr_t src; 65 bdaddr_t dst; 66 __u32 flags; 67 __u16 setting; 68 struct sco_conn *conn; 69}; 70 71/* ---- SCO timers ---- */ 72#define SCO_CONN_TIMEOUT (HZ * 40) 73#define SCO_DISCONN_TIMEOUT (HZ * 2) 74 75static void sco_sock_timeout(unsigned long arg) 76{ 77 struct sock *sk = (struct sock *) arg; 78 79 BT_DBG("sock %p state %d", sk, sk->sk_state); 80 81 bh_lock_sock(sk); 82 sk->sk_err = ETIMEDOUT; 83 sk->sk_state_change(sk); 84 bh_unlock_sock(sk); 85 86 sco_sock_kill(sk); 87 sock_put(sk); 88} 89 90static void sco_sock_set_timer(struct sock *sk, long timeout) 91{ 92 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 93 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout); 94} 95 96static void sco_sock_clear_timer(struct sock *sk) 97{ 98 BT_DBG("sock %p state %d", sk, sk->sk_state); 99 sk_stop_timer(sk, &sk->sk_timer); 100} 101 102/* ---- SCO connections ---- */ 103static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 104{ 105 struct hci_dev *hdev = hcon->hdev; 106 struct sco_conn *conn = hcon->sco_data; 107 108 if (conn) 109 return conn; 110 111 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); 112 if (!conn) 113 return NULL; 114 115 spin_lock_init(&conn->lock); 116 117 hcon->sco_data = conn; 118 conn->hcon = hcon; 119 120 if (hdev->sco_mtu > 0) 121 conn->mtu = hdev->sco_mtu; 122 else 123 conn->mtu = 60; 124 125 BT_DBG("hcon %p conn %p", hcon, conn); 126 127 return conn; 128} 129 130/* Delete channel. 131 * Must be called on the locked socket. */ 132static void sco_chan_del(struct sock *sk, int err) 133{ 134 struct sco_conn *conn; 135 136 conn = sco_pi(sk)->conn; 137 138 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 139 140 if (conn) { 141 sco_conn_lock(conn); 142 conn->sk = NULL; 143 sco_pi(sk)->conn = NULL; 144 sco_conn_unlock(conn); 145 146 if (conn->hcon) 147 hci_conn_drop(conn->hcon); 148 } 149 150 sk->sk_state = BT_CLOSED; 151 sk->sk_err = err; 152 sk->sk_state_change(sk); 153 154 sock_set_flag(sk, SOCK_ZAPPED); 155} 156 157static int sco_conn_del(struct hci_conn *hcon, int err) 158{ 159 struct sco_conn *conn = hcon->sco_data; 160 struct sock *sk; 161 162 if (!conn) 163 return 0; 164 165 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 166 167 /* Kill socket */ 168 sco_conn_lock(conn); 169 sk = conn->sk; 170 sco_conn_unlock(conn); 171 172 if (sk) { 173 bh_lock_sock(sk); 174 sco_sock_clear_timer(sk); 175 sco_chan_del(sk, err); 176 bh_unlock_sock(sk); 177 sco_sock_kill(sk); 178 } 179 180 hcon->sco_data = NULL; 181 kfree(conn); 182 return 0; 183} 184 185static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent) 186{ 187 BT_DBG("conn %p", conn); 188 189 sco_pi(sk)->conn = conn; 190 conn->sk = sk; 191 192 if (parent) 193 bt_accept_enqueue(parent, sk); 194} 195 196static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 197 struct sock *parent) 198{ 199 int err = 0; 200 201 sco_conn_lock(conn); 202 if (conn->sk) 203 err = -EBUSY; 204 else 205 __sco_chan_add(conn, sk, parent); 206 207 sco_conn_unlock(conn); 208 return err; 209} 210 211static int sco_connect(struct sock *sk) 212{ 213 struct sco_conn *conn; 214 struct hci_conn *hcon; 215 struct hci_dev *hdev; 216 int err, type; 217 218 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 219 220 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src); 221 if (!hdev) 222 return -EHOSTUNREACH; 223 224 hci_dev_lock(hdev); 225 226 if (lmp_esco_capable(hdev) && !disable_esco) 227 type = ESCO_LINK; 228 else 229 type = SCO_LINK; 230 231 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT && 232 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) { 233 err = -EOPNOTSUPP; 234 goto done; 235 } 236 237 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, 238 sco_pi(sk)->setting); 239 if (IS_ERR(hcon)) { 240 err = PTR_ERR(hcon); 241 goto done; 242 } 243 244 conn = sco_conn_add(hcon); 245 if (!conn) { 246 hci_conn_drop(hcon); 247 err = -ENOMEM; 248 goto done; 249 } 250 251 /* Update source addr of the socket */ 252 bacpy(&sco_pi(sk)->src, &hcon->src); 253 254 err = sco_chan_add(conn, sk, NULL); 255 if (err) 256 goto done; 257 258 if (hcon->state == BT_CONNECTED) { 259 sco_sock_clear_timer(sk); 260 sk->sk_state = BT_CONNECTED; 261 } else { 262 sk->sk_state = BT_CONNECT; 263 sco_sock_set_timer(sk, sk->sk_sndtimeo); 264 } 265 266done: 267 hci_dev_unlock(hdev); 268 hci_dev_put(hdev); 269 return err; 270} 271 272static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len) 273{ 274 struct sco_conn *conn = sco_pi(sk)->conn; 275 struct sk_buff *skb; 276 int err; 277 278 /* Check outgoing MTU */ 279 if (len > conn->mtu) 280 return -EINVAL; 281 282 BT_DBG("sk %p len %d", sk, len); 283 284 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err); 285 if (!skb) 286 return err; 287 288 if (memcpy_from_msg(skb_put(skb, len), msg, len)) { 289 kfree_skb(skb); 290 return -EFAULT; 291 } 292 293 hci_send_sco(conn->hcon, skb); 294 295 return len; 296} 297 298static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 299{ 300 struct sock *sk; 301 302 sco_conn_lock(conn); 303 sk = conn->sk; 304 sco_conn_unlock(conn); 305 306 if (!sk) 307 goto drop; 308 309 BT_DBG("sk %p len %d", sk, skb->len); 310 311 if (sk->sk_state != BT_CONNECTED) 312 goto drop; 313 314 if (!sock_queue_rcv_skb(sk, skb)) 315 return; 316 317drop: 318 kfree_skb(skb); 319} 320 321/* -------- Socket interface ---------- */ 322static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 323{ 324 struct sock *sk; 325 326 sk_for_each(sk, &sco_sk_list.head) { 327 if (sk->sk_state != BT_LISTEN) 328 continue; 329 330 if (!bacmp(&sco_pi(sk)->src, ba)) 331 return sk; 332 } 333 334 return NULL; 335} 336 337/* Find socket listening on source bdaddr. 338 * Returns closest match. 339 */ 340static struct sock *sco_get_sock_listen(bdaddr_t *src) 341{ 342 struct sock *sk = NULL, *sk1 = NULL; 343 344 read_lock(&sco_sk_list.lock); 345 346 sk_for_each(sk, &sco_sk_list.head) { 347 if (sk->sk_state != BT_LISTEN) 348 continue; 349 350 /* Exact match. */ 351 if (!bacmp(&sco_pi(sk)->src, src)) 352 break; 353 354 /* Closest match */ 355 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 356 sk1 = sk; 357 } 358 359 read_unlock(&sco_sk_list.lock); 360 361 return sk ? sk : sk1; 362} 363 364static void sco_sock_destruct(struct sock *sk) 365{ 366 BT_DBG("sk %p", sk); 367 368 skb_queue_purge(&sk->sk_receive_queue); 369 skb_queue_purge(&sk->sk_write_queue); 370} 371 372static void sco_sock_cleanup_listen(struct sock *parent) 373{ 374 struct sock *sk; 375 376 BT_DBG("parent %p", parent); 377 378 /* Close not yet accepted channels */ 379 while ((sk = bt_accept_dequeue(parent, NULL))) { 380 sco_sock_close(sk); 381 sco_sock_kill(sk); 382 } 383 384 parent->sk_state = BT_CLOSED; 385 sock_set_flag(parent, SOCK_ZAPPED); 386} 387 388/* Kill socket (only if zapped and orphan) 389 * Must be called on unlocked socket. 390 */ 391static void sco_sock_kill(struct sock *sk) 392{ 393 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 394 return; 395 396 BT_DBG("sk %p state %d", sk, sk->sk_state); 397 398 /* Kill poor orphan */ 399 bt_sock_unlink(&sco_sk_list, sk); 400 sock_set_flag(sk, SOCK_DEAD); 401 sock_put(sk); 402} 403 404static void __sco_sock_close(struct sock *sk) 405{ 406 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 407 408 switch (sk->sk_state) { 409 case BT_LISTEN: 410 sco_sock_cleanup_listen(sk); 411 break; 412 413 case BT_CONNECTED: 414 case BT_CONFIG: 415 if (sco_pi(sk)->conn->hcon) { 416 sk->sk_state = BT_DISCONN; 417 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 418 hci_conn_drop(sco_pi(sk)->conn->hcon); 419 sco_pi(sk)->conn->hcon = NULL; 420 } else 421 sco_chan_del(sk, ECONNRESET); 422 break; 423 424 case BT_CONNECT2: 425 case BT_CONNECT: 426 case BT_DISCONN: 427 sco_chan_del(sk, ECONNRESET); 428 break; 429 430 default: 431 sock_set_flag(sk, SOCK_ZAPPED); 432 break; 433 } 434} 435 436/* Must be called on unlocked socket. */ 437static void sco_sock_close(struct sock *sk) 438{ 439 sco_sock_clear_timer(sk); 440 lock_sock(sk); 441 __sco_sock_close(sk); 442 release_sock(sk); 443 sco_sock_kill(sk); 444} 445 446static void sco_sock_init(struct sock *sk, struct sock *parent) 447{ 448 BT_DBG("sk %p", sk); 449 450 if (parent) { 451 sk->sk_type = parent->sk_type; 452 bt_sk(sk)->flags = bt_sk(parent)->flags; 453 security_sk_clone(parent, sk); 454 } 455} 456 457static struct proto sco_proto = { 458 .name = "SCO", 459 .owner = THIS_MODULE, 460 .obj_size = sizeof(struct sco_pinfo) 461}; 462 463static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 464{ 465 struct sock *sk; 466 467 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto); 468 if (!sk) 469 return NULL; 470 471 sock_init_data(sock, sk); 472 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 473 474 sk->sk_destruct = sco_sock_destruct; 475 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 476 477 sock_reset_flag(sk, SOCK_ZAPPED); 478 479 sk->sk_protocol = proto; 480 sk->sk_state = BT_OPEN; 481 482 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 483 484 setup_timer(&sk->sk_timer, sco_sock_timeout, (unsigned long)sk); 485 486 bt_sock_link(&sco_sk_list, sk); 487 return sk; 488} 489 490static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 491 int kern) 492{ 493 struct sock *sk; 494 495 BT_DBG("sock %p", sock); 496 497 sock->state = SS_UNCONNECTED; 498 499 if (sock->type != SOCK_SEQPACKET) 500 return -ESOCKTNOSUPPORT; 501 502 sock->ops = &sco_sock_ops; 503 504 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC); 505 if (!sk) 506 return -ENOMEM; 507 508 sco_sock_init(sk, NULL); 509 return 0; 510} 511 512static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 513{ 514 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 515 struct sock *sk = sock->sk; 516 int err = 0; 517 518 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 519 520 if (!addr || addr->sa_family != AF_BLUETOOTH) 521 return -EINVAL; 522 523 if (addr_len < sizeof(struct sockaddr_sco)) 524 return -EINVAL; 525 526 lock_sock(sk); 527 528 if (sk->sk_state != BT_OPEN) { 529 err = -EBADFD; 530 goto done; 531 } 532 533 if (sk->sk_type != SOCK_SEQPACKET) { 534 err = -EINVAL; 535 goto done; 536 } 537 538 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 539 540 sk->sk_state = BT_BOUND; 541 542done: 543 release_sock(sk); 544 return err; 545} 546 547static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 548{ 549 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 550 struct sock *sk = sock->sk; 551 int err; 552 553 BT_DBG("sk %p", sk); 554 555 if (alen < sizeof(struct sockaddr_sco) || 556 addr->sa_family != AF_BLUETOOTH) 557 return -EINVAL; 558 559 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 560 return -EBADFD; 561 562 if (sk->sk_type != SOCK_SEQPACKET) 563 return -EINVAL; 564 565 lock_sock(sk); 566 567 /* Set destination address and psm */ 568 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 569 570 err = sco_connect(sk); 571 if (err) 572 goto done; 573 574 err = bt_sock_wait_state(sk, BT_CONNECTED, 575 sock_sndtimeo(sk, flags & O_NONBLOCK)); 576 577done: 578 release_sock(sk); 579 return err; 580} 581 582static int sco_sock_listen(struct socket *sock, int backlog) 583{ 584 struct sock *sk = sock->sk; 585 bdaddr_t *src = &sco_pi(sk)->src; 586 int err = 0; 587 588 BT_DBG("sk %p backlog %d", sk, backlog); 589 590 lock_sock(sk); 591 592 if (sk->sk_state != BT_BOUND) { 593 err = -EBADFD; 594 goto done; 595 } 596 597 if (sk->sk_type != SOCK_SEQPACKET) { 598 err = -EINVAL; 599 goto done; 600 } 601 602 write_lock(&sco_sk_list.lock); 603 604 if (__sco_get_sock_listen_by_addr(src)) { 605 err = -EADDRINUSE; 606 goto unlock; 607 } 608 609 sk->sk_max_ack_backlog = backlog; 610 sk->sk_ack_backlog = 0; 611 612 sk->sk_state = BT_LISTEN; 613 614unlock: 615 write_unlock(&sco_sk_list.lock); 616 617done: 618 release_sock(sk); 619 return err; 620} 621 622static int sco_sock_accept(struct socket *sock, struct socket *newsock, int flags) 623{ 624 DEFINE_WAIT_FUNC(wait, woken_wake_function); 625 struct sock *sk = sock->sk, *ch; 626 long timeo; 627 int err = 0; 628 629 lock_sock(sk); 630 631 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 632 633 BT_DBG("sk %p timeo %ld", sk, timeo); 634 635 /* Wait for an incoming connection. (wake-one). */ 636 add_wait_queue_exclusive(sk_sleep(sk), &wait); 637 while (1) { 638 if (sk->sk_state != BT_LISTEN) { 639 err = -EBADFD; 640 break; 641 } 642 643 ch = bt_accept_dequeue(sk, newsock); 644 if (ch) 645 break; 646 647 if (!timeo) { 648 err = -EAGAIN; 649 break; 650 } 651 652 if (signal_pending(current)) { 653 err = sock_intr_errno(timeo); 654 break; 655 } 656 657 release_sock(sk); 658 659 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 660 lock_sock(sk); 661 } 662 remove_wait_queue(sk_sleep(sk), &wait); 663 664 if (err) 665 goto done; 666 667 newsock->state = SS_CONNECTED; 668 669 BT_DBG("new socket %p", ch); 670 671done: 672 release_sock(sk); 673 return err; 674} 675 676static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 677{ 678 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 679 struct sock *sk = sock->sk; 680 681 BT_DBG("sock %p, sk %p", sock, sk); 682 683 addr->sa_family = AF_BLUETOOTH; 684 *len = sizeof(struct sockaddr_sco); 685 686 if (peer) 687 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 688 else 689 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 690 691 return 0; 692} 693 694static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, 695 size_t len) 696{ 697 struct sock *sk = sock->sk; 698 int err; 699 700 BT_DBG("sock %p, sk %p", sock, sk); 701 702 err = sock_error(sk); 703 if (err) 704 return err; 705 706 if (msg->msg_flags & MSG_OOB) 707 return -EOPNOTSUPP; 708 709 lock_sock(sk); 710 711 if (sk->sk_state == BT_CONNECTED) 712 err = sco_send_frame(sk, msg, len); 713 else 714 err = -ENOTCONN; 715 716 release_sock(sk); 717 return err; 718} 719 720static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 721{ 722 struct hci_dev *hdev = conn->hdev; 723 724 BT_DBG("conn %p", conn); 725 726 conn->state = BT_CONFIG; 727 728 if (!lmp_esco_capable(hdev)) { 729 struct hci_cp_accept_conn_req cp; 730 731 bacpy(&cp.bdaddr, &conn->dst); 732 cp.role = 0x00; /* Ignored */ 733 734 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 735 } else { 736 struct hci_cp_accept_sync_conn_req cp; 737 738 bacpy(&cp.bdaddr, &conn->dst); 739 cp.pkt_type = cpu_to_le16(conn->pkt_type); 740 741 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 742 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 743 cp.content_format = cpu_to_le16(setting); 744 745 switch (setting & SCO_AIRMODE_MASK) { 746 case SCO_AIRMODE_TRANSP: 747 if (conn->pkt_type & ESCO_2EV3) 748 cp.max_latency = cpu_to_le16(0x0008); 749 else 750 cp.max_latency = cpu_to_le16(0x000D); 751 cp.retrans_effort = 0x02; 752 break; 753 case SCO_AIRMODE_CVSD: 754 cp.max_latency = cpu_to_le16(0xffff); 755 cp.retrans_effort = 0xff; 756 break; 757 } 758 759 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 760 sizeof(cp), &cp); 761 } 762} 763 764static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, 765 size_t len, int flags) 766{ 767 struct sock *sk = sock->sk; 768 struct sco_pinfo *pi = sco_pi(sk); 769 770 lock_sock(sk); 771 772 if (sk->sk_state == BT_CONNECT2 && 773 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 774 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 775 sk->sk_state = BT_CONFIG; 776 777 release_sock(sk); 778 return 0; 779 } 780 781 release_sock(sk); 782 783 return bt_sock_recvmsg(sock, msg, len, flags); 784} 785 786static int sco_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 787{ 788 struct sock *sk = sock->sk; 789 int len, err = 0; 790 struct bt_voice voice; 791 u32 opt; 792 793 BT_DBG("sk %p", sk); 794 795 lock_sock(sk); 796 797 switch (optname) { 798 799 case BT_DEFER_SETUP: 800 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 801 err = -EINVAL; 802 break; 803 } 804 805 if (get_user(opt, (u32 __user *) optval)) { 806 err = -EFAULT; 807 break; 808 } 809 810 if (opt) 811 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 812 else 813 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 814 break; 815 816 case BT_VOICE: 817 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 818 sk->sk_state != BT_CONNECT2) { 819 err = -EINVAL; 820 break; 821 } 822 823 voice.setting = sco_pi(sk)->setting; 824 825 len = min_t(unsigned int, sizeof(voice), optlen); 826 if (copy_from_user((char *) &voice, optval, len)) { 827 err = -EFAULT; 828 break; 829 } 830 831 /* Explicitly check for these values */ 832 if (voice.setting != BT_VOICE_TRANSPARENT && 833 voice.setting != BT_VOICE_CVSD_16BIT) { 834 err = -EINVAL; 835 break; 836 } 837 838 sco_pi(sk)->setting = voice.setting; 839 break; 840 841 default: 842 err = -ENOPROTOOPT; 843 break; 844 } 845 846 release_sock(sk); 847 return err; 848} 849 850static int sco_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 851{ 852 struct sock *sk = sock->sk; 853 struct sco_options opts; 854 struct sco_conninfo cinfo; 855 int len, err = 0; 856 857 BT_DBG("sk %p", sk); 858 859 if (get_user(len, optlen)) 860 return -EFAULT; 861 862 lock_sock(sk); 863 864 switch (optname) { 865 case SCO_OPTIONS: 866 if (sk->sk_state != BT_CONNECTED && 867 !(sk->sk_state == BT_CONNECT2 && 868 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 869 err = -ENOTCONN; 870 break; 871 } 872 873 opts.mtu = sco_pi(sk)->conn->mtu; 874 875 BT_DBG("mtu %d", opts.mtu); 876 877 len = min_t(unsigned int, len, sizeof(opts)); 878 if (copy_to_user(optval, (char *)&opts, len)) 879 err = -EFAULT; 880 881 break; 882 883 case SCO_CONNINFO: 884 if (sk->sk_state != BT_CONNECTED && 885 !(sk->sk_state == BT_CONNECT2 && 886 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 887 err = -ENOTCONN; 888 break; 889 } 890 891 memset(&cinfo, 0, sizeof(cinfo)); 892 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 893 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 894 895 len = min_t(unsigned int, len, sizeof(cinfo)); 896 if (copy_to_user(optval, (char *)&cinfo, len)) 897 err = -EFAULT; 898 899 break; 900 901 default: 902 err = -ENOPROTOOPT; 903 break; 904 } 905 906 release_sock(sk); 907 return err; 908} 909 910static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 911{ 912 struct sock *sk = sock->sk; 913 int len, err = 0; 914 struct bt_voice voice; 915 916 BT_DBG("sk %p", sk); 917 918 if (level == SOL_SCO) 919 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 920 921 if (get_user(len, optlen)) 922 return -EFAULT; 923 924 lock_sock(sk); 925 926 switch (optname) { 927 928 case BT_DEFER_SETUP: 929 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 930 err = -EINVAL; 931 break; 932 } 933 934 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 935 (u32 __user *) optval)) 936 err = -EFAULT; 937 938 break; 939 940 case BT_VOICE: 941 voice.setting = sco_pi(sk)->setting; 942 943 len = min_t(unsigned int, len, sizeof(voice)); 944 if (copy_to_user(optval, (char *)&voice, len)) 945 err = -EFAULT; 946 947 break; 948 949 default: 950 err = -ENOPROTOOPT; 951 break; 952 } 953 954 release_sock(sk); 955 return err; 956} 957 958static int sco_sock_shutdown(struct socket *sock, int how) 959{ 960 struct sock *sk = sock->sk; 961 int err = 0; 962 963 BT_DBG("sock %p, sk %p", sock, sk); 964 965 if (!sk) 966 return 0; 967 968 lock_sock(sk); 969 if (!sk->sk_shutdown) { 970 sk->sk_shutdown = SHUTDOWN_MASK; 971 sco_sock_clear_timer(sk); 972 __sco_sock_close(sk); 973 974 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 975 !(current->flags & PF_EXITING)) 976 err = bt_sock_wait_state(sk, BT_CLOSED, 977 sk->sk_lingertime); 978 } 979 release_sock(sk); 980 return err; 981} 982 983static int sco_sock_release(struct socket *sock) 984{ 985 struct sock *sk = sock->sk; 986 int err = 0; 987 988 BT_DBG("sock %p, sk %p", sock, sk); 989 990 if (!sk) 991 return 0; 992 993 sco_sock_close(sk); 994 995 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 996 !(current->flags & PF_EXITING)) { 997 lock_sock(sk); 998 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 999 release_sock(sk); 1000 } 1001 1002 sock_orphan(sk); 1003 sco_sock_kill(sk); 1004 return err; 1005} 1006 1007static void sco_conn_ready(struct sco_conn *conn) 1008{ 1009 struct sock *parent; 1010 struct sock *sk = conn->sk; 1011 1012 BT_DBG("conn %p", conn); 1013 1014 if (sk) { 1015 sco_sock_clear_timer(sk); 1016 bh_lock_sock(sk); 1017 sk->sk_state = BT_CONNECTED; 1018 sk->sk_state_change(sk); 1019 bh_unlock_sock(sk); 1020 } else { 1021 sco_conn_lock(conn); 1022 1023 parent = sco_get_sock_listen(&conn->hcon->src); 1024 if (!parent) { 1025 sco_conn_unlock(conn); 1026 return; 1027 } 1028 1029 bh_lock_sock(parent); 1030 1031 sk = sco_sock_alloc(sock_net(parent), NULL, 1032 BTPROTO_SCO, GFP_ATOMIC); 1033 if (!sk) { 1034 bh_unlock_sock(parent); 1035 sco_conn_unlock(conn); 1036 return; 1037 } 1038 1039 sco_sock_init(sk, parent); 1040 1041 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1042 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1043 1044 hci_conn_hold(conn->hcon); 1045 __sco_chan_add(conn, sk, parent); 1046 1047 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1048 sk->sk_state = BT_CONNECT2; 1049 else 1050 sk->sk_state = BT_CONNECTED; 1051 1052 /* Wake up parent */ 1053 parent->sk_data_ready(parent); 1054 1055 bh_unlock_sock(parent); 1056 1057 sco_conn_unlock(conn); 1058 } 1059} 1060 1061/* ----- SCO interface with lower layer (HCI) ----- */ 1062int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1063{ 1064 struct sock *sk; 1065 int lm = 0; 1066 1067 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1068 1069 /* Find listening sockets */ 1070 read_lock(&sco_sk_list.lock); 1071 sk_for_each(sk, &sco_sk_list.head) { 1072 if (sk->sk_state != BT_LISTEN) 1073 continue; 1074 1075 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1076 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1077 lm |= HCI_LM_ACCEPT; 1078 1079 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1080 *flags |= HCI_PROTO_DEFER; 1081 break; 1082 } 1083 } 1084 read_unlock(&sco_sk_list.lock); 1085 1086 return lm; 1087} 1088 1089static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1090{ 1091 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1092 return; 1093 1094 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 1095 1096 if (!status) { 1097 struct sco_conn *conn; 1098 1099 conn = sco_conn_add(hcon); 1100 if (conn) 1101 sco_conn_ready(conn); 1102 } else 1103 sco_conn_del(hcon, bt_to_errno(status)); 1104} 1105 1106static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1107{ 1108 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1109 return; 1110 1111 BT_DBG("hcon %p reason %d", hcon, reason); 1112 1113 sco_conn_del(hcon, bt_to_errno(reason)); 1114} 1115 1116int sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 1117{ 1118 struct sco_conn *conn = hcon->sco_data; 1119 1120 if (!conn) 1121 goto drop; 1122 1123 BT_DBG("conn %p len %d", conn, skb->len); 1124 1125 if (skb->len) { 1126 sco_recv_frame(conn, skb); 1127 return 0; 1128 } 1129 1130drop: 1131 kfree_skb(skb); 1132 return 0; 1133} 1134 1135static struct hci_cb sco_cb = { 1136 .name = "SCO", 1137 .connect_cfm = sco_connect_cfm, 1138 .disconn_cfm = sco_disconn_cfm, 1139}; 1140 1141static int sco_debugfs_show(struct seq_file *f, void *p) 1142{ 1143 struct sock *sk; 1144 1145 read_lock(&sco_sk_list.lock); 1146 1147 sk_for_each(sk, &sco_sk_list.head) { 1148 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1149 &sco_pi(sk)->dst, sk->sk_state); 1150 } 1151 1152 read_unlock(&sco_sk_list.lock); 1153 1154 return 0; 1155} 1156 1157static int sco_debugfs_open(struct inode *inode, struct file *file) 1158{ 1159 return single_open(file, sco_debugfs_show, inode->i_private); 1160} 1161 1162static const struct file_operations sco_debugfs_fops = { 1163 .open = sco_debugfs_open, 1164 .read = seq_read, 1165 .llseek = seq_lseek, 1166 .release = single_release, 1167}; 1168 1169static struct dentry *sco_debugfs; 1170 1171static const struct proto_ops sco_sock_ops = { 1172 .family = PF_BLUETOOTH, 1173 .owner = THIS_MODULE, 1174 .release = sco_sock_release, 1175 .bind = sco_sock_bind, 1176 .connect = sco_sock_connect, 1177 .listen = sco_sock_listen, 1178 .accept = sco_sock_accept, 1179 .getname = sco_sock_getname, 1180 .sendmsg = sco_sock_sendmsg, 1181 .recvmsg = sco_sock_recvmsg, 1182 .poll = bt_sock_poll, 1183 .ioctl = bt_sock_ioctl, 1184 .mmap = sock_no_mmap, 1185 .socketpair = sock_no_socketpair, 1186 .shutdown = sco_sock_shutdown, 1187 .setsockopt = sco_sock_setsockopt, 1188 .getsockopt = sco_sock_getsockopt 1189}; 1190 1191static const struct net_proto_family sco_sock_family_ops = { 1192 .family = PF_BLUETOOTH, 1193 .owner = THIS_MODULE, 1194 .create = sco_sock_create, 1195}; 1196 1197int __init sco_init(void) 1198{ 1199 int err; 1200 1201 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1202 1203 err = proto_register(&sco_proto, 0); 1204 if (err < 0) 1205 return err; 1206 1207 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1208 if (err < 0) { 1209 BT_ERR("SCO socket registration failed"); 1210 goto error; 1211 } 1212 1213 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1214 if (err < 0) { 1215 BT_ERR("Failed to create SCO proc file"); 1216 bt_sock_unregister(BTPROTO_SCO); 1217 goto error; 1218 } 1219 1220 BT_INFO("SCO socket layer initialized"); 1221 1222 hci_register_cb(&sco_cb); 1223 1224 if (IS_ERR_OR_NULL(bt_debugfs)) 1225 return 0; 1226 1227 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1228 NULL, &sco_debugfs_fops); 1229 1230 return 0; 1231 1232error: 1233 proto_unregister(&sco_proto); 1234 return err; 1235} 1236 1237void sco_exit(void) 1238{ 1239 bt_procfs_cleanup(&init_net, "sco"); 1240 1241 debugfs_remove(sco_debugfs); 1242 1243 hci_unregister_cb(&sco_cb); 1244 1245 bt_sock_unregister(BTPROTO_SCO); 1246 1247 proto_unregister(&sco_proto); 1248} 1249 1250module_param(disable_esco, bool, 0644); 1251MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1252