1// SPDX-License-Identifier: GPL-2.0 2/* 3 * BlueZ - Bluetooth protocol stack for Linux 4 * 5 * Copyright (C) 2022 Intel Corporation 6 * Copyright 2023-2024 NXP 7 */ 8 9#include <linux/module.h> 10#include <linux/debugfs.h> 11#include <linux/seq_file.h> 12#include <linux/sched/signal.h> 13 14#include <net/bluetooth/bluetooth.h> 15#include <net/bluetooth/hci_core.h> 16#include <net/bluetooth/iso.h> 17#include "eir.h" 18 19static const struct proto_ops iso_sock_ops; 20 21static struct bt_sock_list iso_sk_list = { 22 .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock) 23}; 24 25/* ---- ISO connections ---- */ 26struct iso_conn { 27 struct hci_conn *hcon; 28 29 /* @lock: spinlock protecting changes to iso_conn fields */ 30 spinlock_t lock; 31 struct sock *sk; 32 33 struct delayed_work timeout_work; 34 35 struct sk_buff *rx_skb; 36 __u32 rx_len; 37 __u16 tx_sn; 38}; 39 40#define iso_conn_lock(c) spin_lock(&(c)->lock) 41#define iso_conn_unlock(c) spin_unlock(&(c)->lock) 42 43static void iso_sock_close(struct sock *sk); 44static void iso_sock_kill(struct sock *sk); 45 46/* ----- ISO socket info ----- */ 47#define iso_pi(sk) ((struct iso_pinfo *)sk) 48 49#define EIR_SERVICE_DATA_LENGTH 4 50#define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH) 51#define EIR_BAA_SERVICE_UUID 0x1851 52 53/* iso_pinfo flags values */ 54enum { 55 BT_SK_BIG_SYNC, 56 BT_SK_PA_SYNC, 57}; 58 59struct iso_pinfo { 60 struct bt_sock bt; 61 bdaddr_t src; 62 __u8 src_type; 63 bdaddr_t dst; 64 __u8 dst_type; 65 __u8 bc_sid; 66 __u8 bc_num_bis; 67 __u8 bc_bis[ISO_MAX_NUM_BIS]; 68 __u16 sync_handle; 69 unsigned long flags; 70 struct bt_iso_qos qos; 71 bool qos_user_set; 72 __u8 base_len; 73 __u8 base[BASE_MAX_LENGTH]; 74 struct iso_conn *conn; 75}; 76 77static struct bt_iso_qos default_qos; 78 79static bool check_ucast_qos(struct bt_iso_qos *qos); 80static bool check_bcast_qos(struct bt_iso_qos *qos); 81static bool iso_match_sid(struct sock *sk, void *data); 82static bool iso_match_sync_handle(struct sock *sk, void *data); 83static bool iso_match_sync_handle_pa_report(struct sock *sk, void *data); 84static void iso_sock_disconn(struct sock *sk); 85 86typedef bool (*iso_sock_match_t)(struct sock *sk, void *data); 87 88static struct sock *iso_get_sock(bdaddr_t *src, bdaddr_t *dst, 89 enum bt_sock_state state, 90 iso_sock_match_t match, void *data); 91 92/* ---- ISO timers ---- */ 93#define ISO_CONN_TIMEOUT (HZ * 40) 94#define ISO_DISCONN_TIMEOUT (HZ * 2) 95 96static void iso_sock_timeout(struct work_struct *work) 97{ 98 struct iso_conn *conn = container_of(work, struct iso_conn, 99 timeout_work.work); 100 struct sock *sk; 101 102 iso_conn_lock(conn); 103 sk = conn->sk; 104 if (sk) 105 sock_hold(sk); 106 iso_conn_unlock(conn); 107 108 if (!sk) 109 return; 110 111 BT_DBG("sock %p state %d", sk, sk->sk_state); 112 113 lock_sock(sk); 114 sk->sk_err = ETIMEDOUT; 115 sk->sk_state_change(sk); 116 release_sock(sk); 117 sock_put(sk); 118} 119 120static void iso_sock_set_timer(struct sock *sk, long timeout) 121{ 122 if (!iso_pi(sk)->conn) 123 return; 124 125 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 126 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 127 schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout); 128} 129 130static void iso_sock_clear_timer(struct sock *sk) 131{ 132 if (!iso_pi(sk)->conn) 133 return; 134 135 BT_DBG("sock %p state %d", sk, sk->sk_state); 136 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 137} 138 139/* ---- ISO connections ---- */ 140static struct iso_conn *iso_conn_add(struct hci_conn *hcon) 141{ 142 struct iso_conn *conn = hcon->iso_data; 143 144 if (conn) { 145 if (!conn->hcon) 146 conn->hcon = hcon; 147 return conn; 148 } 149 150 conn = kzalloc(sizeof(*conn), GFP_KERNEL); 151 if (!conn) 152 return NULL; 153 154 spin_lock_init(&conn->lock); 155 INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout); 156 157 hcon->iso_data = conn; 158 conn->hcon = hcon; 159 conn->tx_sn = 0; 160 161 BT_DBG("hcon %p conn %p", hcon, conn); 162 163 return conn; 164} 165 166/* Delete channel. Must be called on the locked socket. */ 167static void iso_chan_del(struct sock *sk, int err) 168{ 169 struct iso_conn *conn; 170 struct sock *parent; 171 172 conn = iso_pi(sk)->conn; 173 174 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 175 176 if (conn) { 177 iso_conn_lock(conn); 178 conn->sk = NULL; 179 iso_pi(sk)->conn = NULL; 180 iso_conn_unlock(conn); 181 182 if (conn->hcon) 183 hci_conn_drop(conn->hcon); 184 } 185 186 sk->sk_state = BT_CLOSED; 187 sk->sk_err = err; 188 189 parent = bt_sk(sk)->parent; 190 if (parent) { 191 bt_accept_unlink(sk); 192 parent->sk_data_ready(parent); 193 } else { 194 sk->sk_state_change(sk); 195 } 196 197 sock_set_flag(sk, SOCK_ZAPPED); 198} 199 200static void iso_conn_del(struct hci_conn *hcon, int err) 201{ 202 struct iso_conn *conn = hcon->iso_data; 203 struct sock *sk; 204 205 if (!conn) 206 return; 207 208 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 209 210 /* Kill socket */ 211 iso_conn_lock(conn); 212 sk = conn->sk; 213 if (sk) 214 sock_hold(sk); 215 iso_conn_unlock(conn); 216 217 if (sk) { 218 lock_sock(sk); 219 iso_sock_clear_timer(sk); 220 iso_chan_del(sk, err); 221 release_sock(sk); 222 sock_put(sk); 223 } 224 225 /* Ensure no more work items will run before freeing conn. */ 226 cancel_delayed_work_sync(&conn->timeout_work); 227 228 hcon->iso_data = NULL; 229 kfree(conn); 230} 231 232static int __iso_chan_add(struct iso_conn *conn, struct sock *sk, 233 struct sock *parent) 234{ 235 BT_DBG("conn %p", conn); 236 237 if (iso_pi(sk)->conn == conn && conn->sk == sk) 238 return 0; 239 240 if (conn->sk) { 241 BT_ERR("conn->sk already set"); 242 return -EBUSY; 243 } 244 245 iso_pi(sk)->conn = conn; 246 conn->sk = sk; 247 248 if (parent) 249 bt_accept_enqueue(parent, sk, true); 250 251 return 0; 252} 253 254static int iso_chan_add(struct iso_conn *conn, struct sock *sk, 255 struct sock *parent) 256{ 257 int err; 258 259 iso_conn_lock(conn); 260 err = __iso_chan_add(conn, sk, parent); 261 iso_conn_unlock(conn); 262 263 return err; 264} 265 266static inline u8 le_addr_type(u8 bdaddr_type) 267{ 268 if (bdaddr_type == BDADDR_LE_PUBLIC) 269 return ADDR_LE_DEV_PUBLIC; 270 else 271 return ADDR_LE_DEV_RANDOM; 272} 273 274static int iso_connect_bis(struct sock *sk) 275{ 276 struct iso_conn *conn; 277 struct hci_conn *hcon; 278 struct hci_dev *hdev; 279 int err; 280 281 BT_DBG("%pMR", &iso_pi(sk)->src); 282 283 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 284 iso_pi(sk)->src_type); 285 if (!hdev) 286 return -EHOSTUNREACH; 287 288 hci_dev_lock(hdev); 289 290 if (!bis_capable(hdev)) { 291 err = -EOPNOTSUPP; 292 goto unlock; 293 } 294 295 /* Fail if user set invalid QoS */ 296 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) { 297 iso_pi(sk)->qos = default_qos; 298 err = -EINVAL; 299 goto unlock; 300 } 301 302 /* Fail if out PHYs are marked as disabled */ 303 if (!iso_pi(sk)->qos.bcast.out.phy) { 304 err = -EINVAL; 305 goto unlock; 306 } 307 308 /* Just bind if DEFER_SETUP has been set */ 309 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 310 hcon = hci_bind_bis(hdev, &iso_pi(sk)->dst, 311 &iso_pi(sk)->qos, iso_pi(sk)->base_len, 312 iso_pi(sk)->base); 313 if (IS_ERR(hcon)) { 314 err = PTR_ERR(hcon); 315 goto unlock; 316 } 317 } else { 318 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst, 319 le_addr_type(iso_pi(sk)->dst_type), 320 &iso_pi(sk)->qos, iso_pi(sk)->base_len, 321 iso_pi(sk)->base); 322 if (IS_ERR(hcon)) { 323 err = PTR_ERR(hcon); 324 goto unlock; 325 } 326 } 327 328 conn = iso_conn_add(hcon); 329 if (!conn) { 330 hci_conn_drop(hcon); 331 err = -ENOMEM; 332 goto unlock; 333 } 334 335 lock_sock(sk); 336 337 err = iso_chan_add(conn, sk, NULL); 338 if (err) { 339 release_sock(sk); 340 goto unlock; 341 } 342 343 /* Update source addr of the socket */ 344 bacpy(&iso_pi(sk)->src, &hcon->src); 345 346 if (hcon->state == BT_CONNECTED) { 347 iso_sock_clear_timer(sk); 348 sk->sk_state = BT_CONNECTED; 349 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 350 iso_sock_clear_timer(sk); 351 sk->sk_state = BT_CONNECT; 352 } else { 353 sk->sk_state = BT_CONNECT; 354 iso_sock_set_timer(sk, sk->sk_sndtimeo); 355 } 356 357 release_sock(sk); 358 359unlock: 360 hci_dev_unlock(hdev); 361 hci_dev_put(hdev); 362 return err; 363} 364 365static int iso_connect_cis(struct sock *sk) 366{ 367 struct iso_conn *conn; 368 struct hci_conn *hcon; 369 struct hci_dev *hdev; 370 int err; 371 372 BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst); 373 374 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 375 iso_pi(sk)->src_type); 376 if (!hdev) 377 return -EHOSTUNREACH; 378 379 hci_dev_lock(hdev); 380 381 if (!cis_central_capable(hdev)) { 382 err = -EOPNOTSUPP; 383 goto unlock; 384 } 385 386 /* Fail if user set invalid QoS */ 387 if (iso_pi(sk)->qos_user_set && !check_ucast_qos(&iso_pi(sk)->qos)) { 388 iso_pi(sk)->qos = default_qos; 389 err = -EINVAL; 390 goto unlock; 391 } 392 393 /* Fail if either PHYs are marked as disabled */ 394 if (!iso_pi(sk)->qos.ucast.in.phy && !iso_pi(sk)->qos.ucast.out.phy) { 395 err = -EINVAL; 396 goto unlock; 397 } 398 399 /* Just bind if DEFER_SETUP has been set */ 400 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 401 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst, 402 le_addr_type(iso_pi(sk)->dst_type), 403 &iso_pi(sk)->qos); 404 if (IS_ERR(hcon)) { 405 err = PTR_ERR(hcon); 406 goto unlock; 407 } 408 } else { 409 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst, 410 le_addr_type(iso_pi(sk)->dst_type), 411 &iso_pi(sk)->qos); 412 if (IS_ERR(hcon)) { 413 err = PTR_ERR(hcon); 414 goto unlock; 415 } 416 } 417 418 conn = iso_conn_add(hcon); 419 if (!conn) { 420 hci_conn_drop(hcon); 421 err = -ENOMEM; 422 goto unlock; 423 } 424 425 lock_sock(sk); 426 427 err = iso_chan_add(conn, sk, NULL); 428 if (err) { 429 release_sock(sk); 430 goto unlock; 431 } 432 433 /* Update source addr of the socket */ 434 bacpy(&iso_pi(sk)->src, &hcon->src); 435 436 if (hcon->state == BT_CONNECTED) { 437 iso_sock_clear_timer(sk); 438 sk->sk_state = BT_CONNECTED; 439 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 440 iso_sock_clear_timer(sk); 441 sk->sk_state = BT_CONNECT; 442 } else { 443 sk->sk_state = BT_CONNECT; 444 iso_sock_set_timer(sk, sk->sk_sndtimeo); 445 } 446 447 release_sock(sk); 448 449unlock: 450 hci_dev_unlock(hdev); 451 hci_dev_put(hdev); 452 return err; 453} 454 455static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk) 456{ 457 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2) 458 return &iso_pi(sk)->conn->hcon->iso_qos; 459 460 return &iso_pi(sk)->qos; 461} 462 463static int iso_send_frame(struct sock *sk, struct sk_buff *skb) 464{ 465 struct iso_conn *conn = iso_pi(sk)->conn; 466 struct bt_iso_qos *qos = iso_sock_get_qos(sk); 467 struct hci_iso_data_hdr *hdr; 468 int len = 0; 469 470 BT_DBG("sk %p len %d", sk, skb->len); 471 472 if (skb->len > qos->ucast.out.sdu) 473 return -EMSGSIZE; 474 475 len = skb->len; 476 477 /* Push ISO data header */ 478 hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE); 479 hdr->sn = cpu_to_le16(conn->tx_sn++); 480 hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len, 481 HCI_ISO_STATUS_VALID)); 482 483 if (sk->sk_state == BT_CONNECTED) 484 hci_send_iso(conn->hcon, skb); 485 else 486 len = -ENOTCONN; 487 488 return len; 489} 490 491static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb) 492{ 493 struct sock *sk; 494 495 iso_conn_lock(conn); 496 sk = conn->sk; 497 iso_conn_unlock(conn); 498 499 if (!sk) 500 goto drop; 501 502 BT_DBG("sk %p len %d", sk, skb->len); 503 504 if (sk->sk_state != BT_CONNECTED) 505 goto drop; 506 507 if (!sock_queue_rcv_skb(sk, skb)) 508 return; 509 510drop: 511 kfree_skb(skb); 512} 513 514/* -------- Socket interface ---------- */ 515static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *src, bdaddr_t *dst) 516{ 517 struct sock *sk; 518 519 sk_for_each(sk, &iso_sk_list.head) { 520 if (sk->sk_state != BT_LISTEN) 521 continue; 522 523 if (bacmp(&iso_pi(sk)->dst, dst)) 524 continue; 525 526 if (!bacmp(&iso_pi(sk)->src, src)) 527 return sk; 528 } 529 530 return NULL; 531} 532 533static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc, 534 __u8 sid) 535{ 536 struct sock *sk; 537 538 sk_for_each(sk, &iso_sk_list.head) { 539 if (sk->sk_state != BT_LISTEN) 540 continue; 541 542 if (bacmp(&iso_pi(sk)->src, ba)) 543 continue; 544 545 if (bacmp(&iso_pi(sk)->dst, bc)) 546 continue; 547 548 if (iso_pi(sk)->bc_sid == sid) 549 return sk; 550 } 551 552 return NULL; 553} 554 555/* Find socket in given state: 556 * source bdaddr (Unicast) 557 * destination bdaddr (Broadcast only) 558 * match func - pass NULL to ignore 559 * match func data - pass -1 to ignore 560 * Returns closest match. 561 */ 562static struct sock *iso_get_sock(bdaddr_t *src, bdaddr_t *dst, 563 enum bt_sock_state state, 564 iso_sock_match_t match, void *data) 565{ 566 struct sock *sk = NULL, *sk1 = NULL; 567 568 read_lock(&iso_sk_list.lock); 569 570 sk_for_each(sk, &iso_sk_list.head) { 571 if (sk->sk_state != state) 572 continue; 573 574 /* Match Broadcast destination */ 575 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst)) 576 continue; 577 578 /* Use Match function if provided */ 579 if (match && !match(sk, data)) 580 continue; 581 582 /* Exact match. */ 583 if (!bacmp(&iso_pi(sk)->src, src)) { 584 sock_hold(sk); 585 break; 586 } 587 588 /* Closest match */ 589 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) { 590 if (sk1) 591 sock_put(sk1); 592 593 sk1 = sk; 594 sock_hold(sk1); 595 } 596 } 597 598 if (sk && sk1) 599 sock_put(sk1); 600 601 read_unlock(&iso_sk_list.lock); 602 603 return sk ? sk : sk1; 604} 605 606static struct sock *iso_get_sock_big(struct sock *match_sk, bdaddr_t *src, 607 bdaddr_t *dst, uint8_t big) 608{ 609 struct sock *sk = NULL; 610 611 read_lock(&iso_sk_list.lock); 612 613 sk_for_each(sk, &iso_sk_list.head) { 614 if (match_sk == sk) 615 continue; 616 617 /* Look for sockets that have already been 618 * connected to the BIG 619 */ 620 if (sk->sk_state != BT_CONNECTED && 621 sk->sk_state != BT_CONNECT) 622 continue; 623 624 /* Match Broadcast destination */ 625 if (bacmp(&iso_pi(sk)->dst, dst)) 626 continue; 627 628 /* Match BIG handle */ 629 if (iso_pi(sk)->qos.bcast.big != big) 630 continue; 631 632 /* Match source address */ 633 if (bacmp(&iso_pi(sk)->src, src)) 634 continue; 635 636 sock_hold(sk); 637 break; 638 } 639 640 read_unlock(&iso_sk_list.lock); 641 642 return sk; 643} 644 645static void iso_sock_destruct(struct sock *sk) 646{ 647 BT_DBG("sk %p", sk); 648 649 skb_queue_purge(&sk->sk_receive_queue); 650 skb_queue_purge(&sk->sk_write_queue); 651} 652 653static void iso_sock_cleanup_listen(struct sock *parent) 654{ 655 struct sock *sk; 656 657 BT_DBG("parent %p", parent); 658 659 /* Close not yet accepted channels */ 660 while ((sk = bt_accept_dequeue(parent, NULL))) { 661 iso_sock_close(sk); 662 iso_sock_kill(sk); 663 } 664 665 /* If listening socket has a hcon, properly disconnect it */ 666 if (iso_pi(parent)->conn && iso_pi(parent)->conn->hcon) { 667 iso_sock_disconn(parent); 668 return; 669 } 670 671 parent->sk_state = BT_CLOSED; 672 sock_set_flag(parent, SOCK_ZAPPED); 673} 674 675/* Kill socket (only if zapped and orphan) 676 * Must be called on unlocked socket. 677 */ 678static void iso_sock_kill(struct sock *sk) 679{ 680 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket || 681 sock_flag(sk, SOCK_DEAD)) 682 return; 683 684 BT_DBG("sk %p state %d", sk, sk->sk_state); 685 686 /* Kill poor orphan */ 687 bt_sock_unlink(&iso_sk_list, sk); 688 sock_set_flag(sk, SOCK_DEAD); 689 sock_put(sk); 690} 691 692static void iso_sock_disconn(struct sock *sk) 693{ 694 struct sock *bis_sk; 695 struct hci_conn *hcon = iso_pi(sk)->conn->hcon; 696 697 if (test_bit(HCI_CONN_BIG_CREATED, &hcon->flags)) { 698 bis_sk = iso_get_sock_big(sk, &iso_pi(sk)->src, 699 &iso_pi(sk)->dst, 700 iso_pi(sk)->qos.bcast.big); 701 702 /* If there are any other connected sockets for the 703 * same BIG, just delete the sk and leave the bis 704 * hcon active, in case later rebinding is needed. 705 */ 706 if (bis_sk) { 707 hcon->state = BT_OPEN; 708 iso_pi(sk)->conn->hcon = NULL; 709 iso_sock_clear_timer(sk); 710 iso_chan_del(sk, bt_to_errno(hcon->abort_reason)); 711 sock_put(bis_sk); 712 return; 713 } 714 } 715 716 sk->sk_state = BT_DISCONN; 717 iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT); 718 iso_conn_lock(iso_pi(sk)->conn); 719 hci_conn_drop(iso_pi(sk)->conn->hcon); 720 iso_pi(sk)->conn->hcon = NULL; 721 iso_conn_unlock(iso_pi(sk)->conn); 722} 723 724static void __iso_sock_close(struct sock *sk) 725{ 726 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 727 728 switch (sk->sk_state) { 729 case BT_LISTEN: 730 iso_sock_cleanup_listen(sk); 731 break; 732 733 case BT_CONNECT: 734 case BT_CONNECTED: 735 case BT_CONFIG: 736 if (iso_pi(sk)->conn->hcon) 737 iso_sock_disconn(sk); 738 else 739 iso_chan_del(sk, ECONNRESET); 740 break; 741 742 case BT_CONNECT2: 743 if (iso_pi(sk)->conn->hcon && 744 (test_bit(HCI_CONN_PA_SYNC, &iso_pi(sk)->conn->hcon->flags) || 745 test_bit(HCI_CONN_PA_SYNC_FAILED, &iso_pi(sk)->conn->hcon->flags))) 746 iso_sock_disconn(sk); 747 else 748 iso_chan_del(sk, ECONNRESET); 749 break; 750 case BT_DISCONN: 751 iso_chan_del(sk, ECONNRESET); 752 break; 753 754 default: 755 sock_set_flag(sk, SOCK_ZAPPED); 756 break; 757 } 758} 759 760/* Must be called on unlocked socket. */ 761static void iso_sock_close(struct sock *sk) 762{ 763 iso_sock_clear_timer(sk); 764 lock_sock(sk); 765 __iso_sock_close(sk); 766 release_sock(sk); 767 iso_sock_kill(sk); 768} 769 770static void iso_sock_init(struct sock *sk, struct sock *parent) 771{ 772 BT_DBG("sk %p", sk); 773 774 if (parent) { 775 sk->sk_type = parent->sk_type; 776 bt_sk(sk)->flags = bt_sk(parent)->flags; 777 security_sk_clone(parent, sk); 778 } 779} 780 781static struct proto iso_proto = { 782 .name = "ISO", 783 .owner = THIS_MODULE, 784 .obj_size = sizeof(struct iso_pinfo) 785}; 786 787#define DEFAULT_IO_QOS \ 788{ \ 789 .interval = 10000u, \ 790 .latency = 10u, \ 791 .sdu = 40u, \ 792 .phy = BT_ISO_PHY_2M, \ 793 .rtn = 2u, \ 794} 795 796static struct bt_iso_qos default_qos = { 797 .bcast = { 798 .big = BT_ISO_QOS_BIG_UNSET, 799 .bis = BT_ISO_QOS_BIS_UNSET, 800 .sync_factor = 0x01, 801 .packing = 0x00, 802 .framing = 0x00, 803 .in = DEFAULT_IO_QOS, 804 .out = DEFAULT_IO_QOS, 805 .encryption = 0x00, 806 .bcode = {0x00}, 807 .options = 0x00, 808 .skip = 0x0000, 809 .sync_timeout = BT_ISO_SYNC_TIMEOUT, 810 .sync_cte_type = 0x00, 811 .mse = 0x00, 812 .timeout = BT_ISO_SYNC_TIMEOUT, 813 }, 814}; 815 816static struct sock *iso_sock_alloc(struct net *net, struct socket *sock, 817 int proto, gfp_t prio, int kern) 818{ 819 struct sock *sk; 820 821 sk = bt_sock_alloc(net, sock, &iso_proto, proto, prio, kern); 822 if (!sk) 823 return NULL; 824 825 sk->sk_destruct = iso_sock_destruct; 826 sk->sk_sndtimeo = ISO_CONN_TIMEOUT; 827 828 /* Set address type as public as default src address is BDADDR_ANY */ 829 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC; 830 831 iso_pi(sk)->qos = default_qos; 832 iso_pi(sk)->sync_handle = -1; 833 834 bt_sock_link(&iso_sk_list, sk); 835 return sk; 836} 837 838static int iso_sock_create(struct net *net, struct socket *sock, int protocol, 839 int kern) 840{ 841 struct sock *sk; 842 843 BT_DBG("sock %p", sock); 844 845 sock->state = SS_UNCONNECTED; 846 847 if (sock->type != SOCK_SEQPACKET) 848 return -ESOCKTNOSUPPORT; 849 850 sock->ops = &iso_sock_ops; 851 852 sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 853 if (!sk) 854 return -ENOMEM; 855 856 iso_sock_init(sk, NULL); 857 return 0; 858} 859 860static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr, 861 int addr_len) 862{ 863 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 864 struct sock *sk = sock->sk; 865 int i; 866 867 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid, 868 sa->iso_bc->bc_num_bis); 869 870 if (addr_len != sizeof(*sa) + sizeof(*sa->iso_bc)) 871 return -EINVAL; 872 873 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr); 874 875 /* Check if the address type is of LE type */ 876 if (!bdaddr_type_is_le(sa->iso_bc->bc_bdaddr_type)) 877 return -EINVAL; 878 879 iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type; 880 881 if (sa->iso_bc->bc_sid > 0x0f) 882 return -EINVAL; 883 884 iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid; 885 886 if (sa->iso_bc->bc_num_bis > ISO_MAX_NUM_BIS) 887 return -EINVAL; 888 889 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis; 890 891 for (i = 0; i < iso_pi(sk)->bc_num_bis; i++) 892 if (sa->iso_bc->bc_bis[i] < 0x01 || 893 sa->iso_bc->bc_bis[i] > 0x1f) 894 return -EINVAL; 895 896 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis, 897 iso_pi(sk)->bc_num_bis); 898 899 return 0; 900} 901 902static int iso_sock_bind_pa_sk(struct sock *sk, struct sockaddr_iso *sa, 903 int addr_len) 904{ 905 int err = 0; 906 907 if (sk->sk_type != SOCK_SEQPACKET) { 908 err = -EINVAL; 909 goto done; 910 } 911 912 if (addr_len != sizeof(*sa) + sizeof(*sa->iso_bc)) { 913 err = -EINVAL; 914 goto done; 915 } 916 917 if (sa->iso_bc->bc_num_bis > ISO_MAX_NUM_BIS) { 918 err = -EINVAL; 919 goto done; 920 } 921 922 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis; 923 924 for (int i = 0; i < iso_pi(sk)->bc_num_bis; i++) 925 if (sa->iso_bc->bc_bis[i] < 0x01 || 926 sa->iso_bc->bc_bis[i] > 0x1f) { 927 err = -EINVAL; 928 goto done; 929 } 930 931 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis, 932 iso_pi(sk)->bc_num_bis); 933 934done: 935 return err; 936} 937 938static int iso_sock_bind(struct socket *sock, struct sockaddr *addr, 939 int addr_len) 940{ 941 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 942 struct sock *sk = sock->sk; 943 int err = 0; 944 945 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type); 946 947 if (!addr || addr_len < sizeof(struct sockaddr_iso) || 948 addr->sa_family != AF_BLUETOOTH) 949 return -EINVAL; 950 951 lock_sock(sk); 952 953 /* Allow the user to bind a PA sync socket to a number 954 * of BISes to sync to. 955 */ 956 if ((sk->sk_state == BT_CONNECT2 || 957 sk->sk_state == BT_CONNECTED) && 958 test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) { 959 err = iso_sock_bind_pa_sk(sk, sa, addr_len); 960 goto done; 961 } 962 963 if (sk->sk_state != BT_OPEN) { 964 err = -EBADFD; 965 goto done; 966 } 967 968 if (sk->sk_type != SOCK_SEQPACKET) { 969 err = -EINVAL; 970 goto done; 971 } 972 973 /* Check if the address type is of LE type */ 974 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) { 975 err = -EINVAL; 976 goto done; 977 } 978 979 bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr); 980 iso_pi(sk)->src_type = sa->iso_bdaddr_type; 981 982 /* Check for Broadcast address */ 983 if (addr_len > sizeof(*sa)) { 984 err = iso_sock_bind_bc(sock, addr, addr_len); 985 if (err) 986 goto done; 987 } 988 989 sk->sk_state = BT_BOUND; 990 991done: 992 release_sock(sk); 993 return err; 994} 995 996static int iso_sock_connect(struct socket *sock, struct sockaddr *addr, 997 int alen, int flags) 998{ 999 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 1000 struct sock *sk = sock->sk; 1001 int err; 1002 1003 BT_DBG("sk %p", sk); 1004 1005 if (alen < sizeof(struct sockaddr_iso) || 1006 addr->sa_family != AF_BLUETOOTH) 1007 return -EINVAL; 1008 1009 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 1010 return -EBADFD; 1011 1012 if (sk->sk_type != SOCK_SEQPACKET) 1013 return -EINVAL; 1014 1015 /* Check if the address type is of LE type */ 1016 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) 1017 return -EINVAL; 1018 1019 lock_sock(sk); 1020 1021 bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr); 1022 iso_pi(sk)->dst_type = sa->iso_bdaddr_type; 1023 1024 release_sock(sk); 1025 1026 if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 1027 err = iso_connect_cis(sk); 1028 else 1029 err = iso_connect_bis(sk); 1030 1031 if (err) 1032 return err; 1033 1034 lock_sock(sk); 1035 1036 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1037 err = bt_sock_wait_state(sk, BT_CONNECTED, 1038 sock_sndtimeo(sk, flags & O_NONBLOCK)); 1039 } 1040 1041 release_sock(sk); 1042 return err; 1043} 1044 1045static int iso_listen_bis(struct sock *sk) 1046{ 1047 struct hci_dev *hdev; 1048 int err = 0; 1049 struct iso_conn *conn; 1050 struct hci_conn *hcon; 1051 1052 BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src, 1053 &iso_pi(sk)->dst, iso_pi(sk)->bc_sid); 1054 1055 write_lock(&iso_sk_list.lock); 1056 1057 if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst, 1058 iso_pi(sk)->bc_sid)) 1059 err = -EADDRINUSE; 1060 1061 write_unlock(&iso_sk_list.lock); 1062 1063 if (err) 1064 return err; 1065 1066 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 1067 iso_pi(sk)->src_type); 1068 if (!hdev) 1069 return -EHOSTUNREACH; 1070 1071 hci_dev_lock(hdev); 1072 1073 /* Fail if user set invalid QoS */ 1074 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) { 1075 iso_pi(sk)->qos = default_qos; 1076 err = -EINVAL; 1077 goto unlock; 1078 } 1079 1080 hcon = hci_pa_create_sync(hdev, &iso_pi(sk)->dst, 1081 le_addr_type(iso_pi(sk)->dst_type), 1082 iso_pi(sk)->bc_sid, &iso_pi(sk)->qos); 1083 if (IS_ERR(hcon)) { 1084 err = PTR_ERR(hcon); 1085 goto unlock; 1086 } 1087 1088 conn = iso_conn_add(hcon); 1089 if (!conn) { 1090 hci_conn_drop(hcon); 1091 err = -ENOMEM; 1092 goto unlock; 1093 } 1094 1095 err = iso_chan_add(conn, sk, NULL); 1096 if (err) { 1097 hci_conn_drop(hcon); 1098 goto unlock; 1099 } 1100 1101 hci_dev_put(hdev); 1102 1103unlock: 1104 hci_dev_unlock(hdev); 1105 return err; 1106} 1107 1108static int iso_listen_cis(struct sock *sk) 1109{ 1110 int err = 0; 1111 1112 BT_DBG("%pMR", &iso_pi(sk)->src); 1113 1114 write_lock(&iso_sk_list.lock); 1115 1116 if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src, &iso_pi(sk)->dst)) 1117 err = -EADDRINUSE; 1118 1119 write_unlock(&iso_sk_list.lock); 1120 1121 return err; 1122} 1123 1124static int iso_sock_listen(struct socket *sock, int backlog) 1125{ 1126 struct sock *sk = sock->sk; 1127 int err = 0; 1128 1129 BT_DBG("sk %p backlog %d", sk, backlog); 1130 1131 lock_sock(sk); 1132 1133 if (sk->sk_state != BT_BOUND) { 1134 err = -EBADFD; 1135 goto done; 1136 } 1137 1138 if (sk->sk_type != SOCK_SEQPACKET) { 1139 err = -EINVAL; 1140 goto done; 1141 } 1142 1143 if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 1144 err = iso_listen_cis(sk); 1145 else 1146 err = iso_listen_bis(sk); 1147 1148 if (err) 1149 goto done; 1150 1151 sk->sk_max_ack_backlog = backlog; 1152 sk->sk_ack_backlog = 0; 1153 1154 sk->sk_state = BT_LISTEN; 1155 1156done: 1157 release_sock(sk); 1158 return err; 1159} 1160 1161static int iso_sock_accept(struct socket *sock, struct socket *newsock, 1162 struct proto_accept_arg *arg) 1163{ 1164 DEFINE_WAIT_FUNC(wait, woken_wake_function); 1165 struct sock *sk = sock->sk, *ch; 1166 long timeo; 1167 int err = 0; 1168 1169 lock_sock(sk); 1170 1171 timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK); 1172 1173 BT_DBG("sk %p timeo %ld", sk, timeo); 1174 1175 /* Wait for an incoming connection. (wake-one). */ 1176 add_wait_queue_exclusive(sk_sleep(sk), &wait); 1177 while (1) { 1178 if (sk->sk_state != BT_LISTEN) { 1179 err = -EBADFD; 1180 break; 1181 } 1182 1183 ch = bt_accept_dequeue(sk, newsock); 1184 if (ch) 1185 break; 1186 1187 if (!timeo) { 1188 err = -EAGAIN; 1189 break; 1190 } 1191 1192 if (signal_pending(current)) { 1193 err = sock_intr_errno(timeo); 1194 break; 1195 } 1196 1197 release_sock(sk); 1198 1199 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 1200 lock_sock(sk); 1201 } 1202 remove_wait_queue(sk_sleep(sk), &wait); 1203 1204 if (err) 1205 goto done; 1206 1207 newsock->state = SS_CONNECTED; 1208 1209 BT_DBG("new socket %p", ch); 1210 1211done: 1212 release_sock(sk); 1213 return err; 1214} 1215 1216static int iso_sock_getname(struct socket *sock, struct sockaddr *addr, 1217 int peer) 1218{ 1219 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 1220 struct sock *sk = sock->sk; 1221 1222 BT_DBG("sock %p, sk %p", sock, sk); 1223 1224 addr->sa_family = AF_BLUETOOTH; 1225 1226 if (peer) { 1227 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst); 1228 sa->iso_bdaddr_type = iso_pi(sk)->dst_type; 1229 } else { 1230 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src); 1231 sa->iso_bdaddr_type = iso_pi(sk)->src_type; 1232 } 1233 1234 return sizeof(struct sockaddr_iso); 1235} 1236 1237static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg, 1238 size_t len) 1239{ 1240 struct sock *sk = sock->sk; 1241 struct sk_buff *skb, **frag; 1242 size_t mtu; 1243 int err; 1244 1245 BT_DBG("sock %p, sk %p", sock, sk); 1246 1247 err = sock_error(sk); 1248 if (err) 1249 return err; 1250 1251 if (msg->msg_flags & MSG_OOB) 1252 return -EOPNOTSUPP; 1253 1254 lock_sock(sk); 1255 1256 if (sk->sk_state != BT_CONNECTED) { 1257 release_sock(sk); 1258 return -ENOTCONN; 1259 } 1260 1261 mtu = iso_pi(sk)->conn->hcon->mtu; 1262 1263 release_sock(sk); 1264 1265 skb = bt_skb_sendmsg(sk, msg, len, mtu, HCI_ISO_DATA_HDR_SIZE, 0); 1266 if (IS_ERR(skb)) 1267 return PTR_ERR(skb); 1268 1269 len -= skb->len; 1270 1271 BT_DBG("skb %p len %d", sk, skb->len); 1272 1273 /* Continuation fragments */ 1274 frag = &skb_shinfo(skb)->frag_list; 1275 while (len) { 1276 struct sk_buff *tmp; 1277 1278 tmp = bt_skb_sendmsg(sk, msg, len, mtu, 0, 0); 1279 if (IS_ERR(tmp)) { 1280 kfree_skb(skb); 1281 return PTR_ERR(tmp); 1282 } 1283 1284 *frag = tmp; 1285 1286 len -= tmp->len; 1287 1288 skb->len += tmp->len; 1289 skb->data_len += tmp->len; 1290 1291 BT_DBG("frag %p len %d", *frag, tmp->len); 1292 1293 frag = &(*frag)->next; 1294 } 1295 1296 lock_sock(sk); 1297 1298 if (sk->sk_state == BT_CONNECTED) 1299 err = iso_send_frame(sk, skb); 1300 else 1301 err = -ENOTCONN; 1302 1303 release_sock(sk); 1304 1305 if (err < 0) 1306 kfree_skb(skb); 1307 return err; 1308} 1309 1310static void iso_conn_defer_accept(struct hci_conn *conn) 1311{ 1312 struct hci_cp_le_accept_cis cp; 1313 struct hci_dev *hdev = conn->hdev; 1314 1315 BT_DBG("conn %p", conn); 1316 1317 conn->state = BT_CONFIG; 1318 1319 cp.handle = cpu_to_le16(conn->handle); 1320 1321 hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp); 1322} 1323 1324static void iso_conn_big_sync(struct sock *sk) 1325{ 1326 int err; 1327 struct hci_dev *hdev; 1328 1329 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 1330 iso_pi(sk)->src_type); 1331 1332 if (!hdev) 1333 return; 1334 1335 if (!test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) { 1336 err = hci_le_big_create_sync(hdev, iso_pi(sk)->conn->hcon, 1337 &iso_pi(sk)->qos, 1338 iso_pi(sk)->sync_handle, 1339 iso_pi(sk)->bc_num_bis, 1340 iso_pi(sk)->bc_bis); 1341 if (err) 1342 bt_dev_err(hdev, "hci_le_big_create_sync: %d", 1343 err); 1344 } 1345} 1346 1347static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1348 size_t len, int flags) 1349{ 1350 struct sock *sk = sock->sk; 1351 struct iso_pinfo *pi = iso_pi(sk); 1352 1353 BT_DBG("sk %p", sk); 1354 1355 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1356 lock_sock(sk); 1357 switch (sk->sk_state) { 1358 case BT_CONNECT2: 1359 if (pi->conn->hcon && 1360 test_bit(HCI_CONN_PA_SYNC, &pi->conn->hcon->flags)) { 1361 iso_conn_big_sync(sk); 1362 sk->sk_state = BT_LISTEN; 1363 } else { 1364 iso_conn_defer_accept(pi->conn->hcon); 1365 sk->sk_state = BT_CONFIG; 1366 } 1367 release_sock(sk); 1368 return 0; 1369 case BT_CONNECTED: 1370 if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) { 1371 iso_conn_big_sync(sk); 1372 sk->sk_state = BT_LISTEN; 1373 release_sock(sk); 1374 return 0; 1375 } 1376 1377 release_sock(sk); 1378 break; 1379 case BT_CONNECT: 1380 release_sock(sk); 1381 return iso_connect_cis(sk); 1382 default: 1383 release_sock(sk); 1384 break; 1385 } 1386 } 1387 1388 return bt_sock_recvmsg(sock, msg, len, flags); 1389} 1390 1391static bool check_io_qos(struct bt_iso_io_qos *qos) 1392{ 1393 /* If no PHY is enable SDU must be 0 */ 1394 if (!qos->phy && qos->sdu) 1395 return false; 1396 1397 if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff)) 1398 return false; 1399 1400 if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0)) 1401 return false; 1402 1403 if (qos->phy > BT_ISO_PHY_ANY) 1404 return false; 1405 1406 return true; 1407} 1408 1409static bool check_ucast_qos(struct bt_iso_qos *qos) 1410{ 1411 if (qos->ucast.cig > 0xef && qos->ucast.cig != BT_ISO_QOS_CIG_UNSET) 1412 return false; 1413 1414 if (qos->ucast.cis > 0xef && qos->ucast.cis != BT_ISO_QOS_CIS_UNSET) 1415 return false; 1416 1417 if (qos->ucast.sca > 0x07) 1418 return false; 1419 1420 if (qos->ucast.packing > 0x01) 1421 return false; 1422 1423 if (qos->ucast.framing > 0x01) 1424 return false; 1425 1426 if (!check_io_qos(&qos->ucast.in)) 1427 return false; 1428 1429 if (!check_io_qos(&qos->ucast.out)) 1430 return false; 1431 1432 return true; 1433} 1434 1435static bool check_bcast_qos(struct bt_iso_qos *qos) 1436{ 1437 if (!qos->bcast.sync_factor) 1438 qos->bcast.sync_factor = 0x01; 1439 1440 if (qos->bcast.packing > 0x01) 1441 return false; 1442 1443 if (qos->bcast.framing > 0x01) 1444 return false; 1445 1446 if (!check_io_qos(&qos->bcast.in)) 1447 return false; 1448 1449 if (!check_io_qos(&qos->bcast.out)) 1450 return false; 1451 1452 if (qos->bcast.encryption > 0x01) 1453 return false; 1454 1455 if (qos->bcast.options > 0x07) 1456 return false; 1457 1458 if (qos->bcast.skip > 0x01f3) 1459 return false; 1460 1461 if (!qos->bcast.sync_timeout) 1462 qos->bcast.sync_timeout = BT_ISO_SYNC_TIMEOUT; 1463 1464 if (qos->bcast.sync_timeout < 0x000a || qos->bcast.sync_timeout > 0x4000) 1465 return false; 1466 1467 if (qos->bcast.sync_cte_type > 0x1f) 1468 return false; 1469 1470 if (qos->bcast.mse > 0x1f) 1471 return false; 1472 1473 if (!qos->bcast.timeout) 1474 qos->bcast.sync_timeout = BT_ISO_SYNC_TIMEOUT; 1475 1476 if (qos->bcast.timeout < 0x000a || qos->bcast.timeout > 0x4000) 1477 return false; 1478 1479 return true; 1480} 1481 1482static int iso_sock_setsockopt(struct socket *sock, int level, int optname, 1483 sockptr_t optval, unsigned int optlen) 1484{ 1485 struct sock *sk = sock->sk; 1486 int err = 0; 1487 struct bt_iso_qos qos = default_qos; 1488 u32 opt; 1489 1490 BT_DBG("sk %p", sk); 1491 1492 lock_sock(sk); 1493 1494 switch (optname) { 1495 case BT_DEFER_SETUP: 1496 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1497 err = -EINVAL; 1498 break; 1499 } 1500 1501 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen); 1502 if (err) 1503 break; 1504 1505 if (opt) 1506 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1507 else 1508 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1509 break; 1510 1511 case BT_PKT_STATUS: 1512 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen); 1513 if (err) 1514 break; 1515 1516 if (opt) 1517 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 1518 else 1519 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 1520 break; 1521 1522 case BT_ISO_QOS: 1523 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1524 sk->sk_state != BT_CONNECT2 && 1525 (!test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags) || 1526 sk->sk_state != BT_CONNECTED)) { 1527 err = -EINVAL; 1528 break; 1529 } 1530 1531 err = bt_copy_from_sockptr(&qos, sizeof(qos), optval, optlen); 1532 if (err) 1533 break; 1534 1535 iso_pi(sk)->qos = qos; 1536 iso_pi(sk)->qos_user_set = true; 1537 1538 break; 1539 1540 case BT_ISO_BASE: 1541 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1542 sk->sk_state != BT_CONNECT2) { 1543 err = -EINVAL; 1544 break; 1545 } 1546 1547 if (optlen > sizeof(iso_pi(sk)->base)) { 1548 err = -EINVAL; 1549 break; 1550 } 1551 1552 err = bt_copy_from_sockptr(iso_pi(sk)->base, optlen, optval, 1553 optlen); 1554 if (err) 1555 break; 1556 1557 iso_pi(sk)->base_len = optlen; 1558 1559 break; 1560 1561 default: 1562 err = -ENOPROTOOPT; 1563 break; 1564 } 1565 1566 release_sock(sk); 1567 return err; 1568} 1569 1570static int iso_sock_getsockopt(struct socket *sock, int level, int optname, 1571 char __user *optval, int __user *optlen) 1572{ 1573 struct sock *sk = sock->sk; 1574 int len, err = 0; 1575 struct bt_iso_qos *qos; 1576 u8 base_len; 1577 u8 *base; 1578 1579 BT_DBG("sk %p", sk); 1580 1581 if (get_user(len, optlen)) 1582 return -EFAULT; 1583 1584 lock_sock(sk); 1585 1586 switch (optname) { 1587 case BT_DEFER_SETUP: 1588 if (sk->sk_state == BT_CONNECTED) { 1589 err = -EINVAL; 1590 break; 1591 } 1592 1593 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1594 (u32 __user *)optval)) 1595 err = -EFAULT; 1596 1597 break; 1598 1599 case BT_PKT_STATUS: 1600 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags), 1601 (int __user *)optval)) 1602 err = -EFAULT; 1603 break; 1604 1605 case BT_ISO_QOS: 1606 qos = iso_sock_get_qos(sk); 1607 1608 len = min_t(unsigned int, len, sizeof(*qos)); 1609 if (copy_to_user(optval, qos, len)) 1610 err = -EFAULT; 1611 1612 break; 1613 1614 case BT_ISO_BASE: 1615 if (sk->sk_state == BT_CONNECTED && 1616 !bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) { 1617 base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len; 1618 base = iso_pi(sk)->conn->hcon->le_per_adv_data; 1619 } else { 1620 base_len = iso_pi(sk)->base_len; 1621 base = iso_pi(sk)->base; 1622 } 1623 1624 len = min_t(unsigned int, len, base_len); 1625 if (copy_to_user(optval, base, len)) 1626 err = -EFAULT; 1627 if (put_user(len, optlen)) 1628 err = -EFAULT; 1629 1630 break; 1631 1632 default: 1633 err = -ENOPROTOOPT; 1634 break; 1635 } 1636 1637 release_sock(sk); 1638 return err; 1639} 1640 1641static int iso_sock_shutdown(struct socket *sock, int how) 1642{ 1643 struct sock *sk = sock->sk; 1644 int err = 0; 1645 1646 BT_DBG("sock %p, sk %p, how %d", sock, sk, how); 1647 1648 if (!sk) 1649 return 0; 1650 1651 sock_hold(sk); 1652 lock_sock(sk); 1653 1654 switch (how) { 1655 case SHUT_RD: 1656 if (sk->sk_shutdown & RCV_SHUTDOWN) 1657 goto unlock; 1658 sk->sk_shutdown |= RCV_SHUTDOWN; 1659 break; 1660 case SHUT_WR: 1661 if (sk->sk_shutdown & SEND_SHUTDOWN) 1662 goto unlock; 1663 sk->sk_shutdown |= SEND_SHUTDOWN; 1664 break; 1665 case SHUT_RDWR: 1666 if (sk->sk_shutdown & SHUTDOWN_MASK) 1667 goto unlock; 1668 sk->sk_shutdown |= SHUTDOWN_MASK; 1669 break; 1670 } 1671 1672 iso_sock_clear_timer(sk); 1673 __iso_sock_close(sk); 1674 1675 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1676 !(current->flags & PF_EXITING)) 1677 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1678 1679unlock: 1680 release_sock(sk); 1681 sock_put(sk); 1682 1683 return err; 1684} 1685 1686static int iso_sock_release(struct socket *sock) 1687{ 1688 struct sock *sk = sock->sk; 1689 int err = 0; 1690 1691 BT_DBG("sock %p, sk %p", sock, sk); 1692 1693 if (!sk) 1694 return 0; 1695 1696 iso_sock_close(sk); 1697 1698 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) && 1699 !(current->flags & PF_EXITING)) { 1700 lock_sock(sk); 1701 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1702 release_sock(sk); 1703 } 1704 1705 sock_orphan(sk); 1706 iso_sock_kill(sk); 1707 return err; 1708} 1709 1710static void iso_sock_ready(struct sock *sk) 1711{ 1712 BT_DBG("sk %p", sk); 1713 1714 if (!sk) 1715 return; 1716 1717 lock_sock(sk); 1718 iso_sock_clear_timer(sk); 1719 sk->sk_state = BT_CONNECTED; 1720 sk->sk_state_change(sk); 1721 release_sock(sk); 1722} 1723 1724struct iso_list_data { 1725 struct hci_conn *hcon; 1726 int count; 1727}; 1728 1729static bool iso_match_big(struct sock *sk, void *data) 1730{ 1731 struct hci_evt_le_big_sync_estabilished *ev = data; 1732 1733 return ev->handle == iso_pi(sk)->qos.bcast.big; 1734} 1735 1736static bool iso_match_pa_sync_flag(struct sock *sk, void *data) 1737{ 1738 return test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags); 1739} 1740 1741static void iso_conn_ready(struct iso_conn *conn) 1742{ 1743 struct sock *parent = NULL; 1744 struct sock *sk = conn->sk; 1745 struct hci_ev_le_big_sync_estabilished *ev = NULL; 1746 struct hci_ev_le_pa_sync_established *ev2 = NULL; 1747 struct hci_ev_le_per_adv_report *ev3 = NULL; 1748 struct hci_conn *hcon; 1749 1750 BT_DBG("conn %p", conn); 1751 1752 if (sk) { 1753 iso_sock_ready(conn->sk); 1754 } else { 1755 hcon = conn->hcon; 1756 if (!hcon) 1757 return; 1758 1759 if (test_bit(HCI_CONN_BIG_SYNC, &hcon->flags) || 1760 test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags)) { 1761 ev = hci_recv_event_data(hcon->hdev, 1762 HCI_EVT_LE_BIG_SYNC_ESTABILISHED); 1763 1764 /* Get reference to PA sync parent socket, if it exists */ 1765 parent = iso_get_sock(&hcon->src, &hcon->dst, 1766 BT_LISTEN, 1767 iso_match_pa_sync_flag, 1768 NULL); 1769 if (!parent && ev) 1770 parent = iso_get_sock(&hcon->src, 1771 &hcon->dst, 1772 BT_LISTEN, 1773 iso_match_big, ev); 1774 } else if (test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) { 1775 ev2 = hci_recv_event_data(hcon->hdev, 1776 HCI_EV_LE_PA_SYNC_ESTABLISHED); 1777 if (ev2) 1778 parent = iso_get_sock(&hcon->src, 1779 &hcon->dst, 1780 BT_LISTEN, 1781 iso_match_sid, ev2); 1782 } else if (test_bit(HCI_CONN_PA_SYNC, &hcon->flags)) { 1783 ev3 = hci_recv_event_data(hcon->hdev, 1784 HCI_EV_LE_PER_ADV_REPORT); 1785 if (ev3) 1786 parent = iso_get_sock(&hcon->src, 1787 &hcon->dst, 1788 BT_LISTEN, 1789 iso_match_sync_handle_pa_report, 1790 ev3); 1791 } 1792 1793 if (!parent) 1794 parent = iso_get_sock(&hcon->src, BDADDR_ANY, 1795 BT_LISTEN, NULL, NULL); 1796 1797 if (!parent) 1798 return; 1799 1800 lock_sock(parent); 1801 1802 sk = iso_sock_alloc(sock_net(parent), NULL, 1803 BTPROTO_ISO, GFP_ATOMIC, 0); 1804 if (!sk) { 1805 release_sock(parent); 1806 return; 1807 } 1808 1809 iso_sock_init(sk, parent); 1810 1811 bacpy(&iso_pi(sk)->src, &hcon->src); 1812 1813 /* Convert from HCI to three-value type */ 1814 if (hcon->src_type == ADDR_LE_DEV_PUBLIC) 1815 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC; 1816 else 1817 iso_pi(sk)->src_type = BDADDR_LE_RANDOM; 1818 1819 /* If hcon has no destination address (BDADDR_ANY) it means it 1820 * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED or 1821 * HCI_EV_LE_PA_SYNC_ESTABLISHED so we need to initialize using 1822 * the parent socket destination address. 1823 */ 1824 if (!bacmp(&hcon->dst, BDADDR_ANY)) { 1825 bacpy(&hcon->dst, &iso_pi(parent)->dst); 1826 hcon->dst_type = iso_pi(parent)->dst_type; 1827 hcon->sync_handle = iso_pi(parent)->sync_handle; 1828 } 1829 1830 if (ev3) { 1831 iso_pi(sk)->qos = iso_pi(parent)->qos; 1832 hcon->iso_qos = iso_pi(sk)->qos; 1833 iso_pi(sk)->bc_num_bis = iso_pi(parent)->bc_num_bis; 1834 memcpy(iso_pi(sk)->bc_bis, iso_pi(parent)->bc_bis, ISO_MAX_NUM_BIS); 1835 set_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags); 1836 } 1837 1838 bacpy(&iso_pi(sk)->dst, &hcon->dst); 1839 iso_pi(sk)->dst_type = hcon->dst_type; 1840 iso_pi(sk)->sync_handle = iso_pi(parent)->sync_handle; 1841 memcpy(iso_pi(sk)->base, iso_pi(parent)->base, iso_pi(parent)->base_len); 1842 iso_pi(sk)->base_len = iso_pi(parent)->base_len; 1843 1844 hci_conn_hold(hcon); 1845 iso_chan_add(conn, sk, parent); 1846 1847 if ((ev && ((struct hci_evt_le_big_sync_estabilished *)ev)->status) || 1848 (ev2 && ev2->status)) { 1849 /* Trigger error signal on child socket */ 1850 sk->sk_err = ECONNREFUSED; 1851 sk->sk_error_report(sk); 1852 } 1853 1854 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1855 sk->sk_state = BT_CONNECT2; 1856 else 1857 sk->sk_state = BT_CONNECTED; 1858 1859 /* Wake up parent */ 1860 parent->sk_data_ready(parent); 1861 1862 release_sock(parent); 1863 sock_put(parent); 1864 } 1865} 1866 1867static bool iso_match_sid(struct sock *sk, void *data) 1868{ 1869 struct hci_ev_le_pa_sync_established *ev = data; 1870 1871 return ev->sid == iso_pi(sk)->bc_sid; 1872} 1873 1874static bool iso_match_sync_handle(struct sock *sk, void *data) 1875{ 1876 struct hci_evt_le_big_info_adv_report *ev = data; 1877 1878 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle; 1879} 1880 1881static bool iso_match_sync_handle_pa_report(struct sock *sk, void *data) 1882{ 1883 struct hci_ev_le_per_adv_report *ev = data; 1884 1885 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle; 1886} 1887 1888/* ----- ISO interface with lower layer (HCI) ----- */ 1889 1890int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1891{ 1892 struct hci_ev_le_pa_sync_established *ev1; 1893 struct hci_evt_le_big_info_adv_report *ev2; 1894 struct hci_ev_le_per_adv_report *ev3; 1895 struct sock *sk; 1896 1897 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 1898 1899 /* Broadcast receiver requires handling of some events before it can 1900 * proceed to establishing a BIG sync: 1901 * 1902 * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific 1903 * SID to listen to and once sync is estabilished its handle needs to 1904 * be stored in iso_pi(sk)->sync_handle so it can be matched once 1905 * receiving the BIG Info. 1906 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a 1907 * a BIG Info it attempts to check if there any listening socket with 1908 * the same sync_handle and if it does then attempt to create a sync. 1909 * 3. HCI_EV_LE_PER_ADV_REPORT: When a PA report is received, it is stored 1910 * in iso_pi(sk)->base so it can be passed up to user, in the case of a 1911 * broadcast sink. 1912 */ 1913 ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED); 1914 if (ev1) { 1915 sk = iso_get_sock(&hdev->bdaddr, bdaddr, BT_LISTEN, 1916 iso_match_sid, ev1); 1917 if (sk && !ev1->status) 1918 iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle); 1919 1920 goto done; 1921 } 1922 1923 ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT); 1924 if (ev2) { 1925 /* Check if BIGInfo report has already been handled */ 1926 sk = iso_get_sock(&hdev->bdaddr, bdaddr, BT_CONNECTED, 1927 iso_match_sync_handle, ev2); 1928 if (sk) { 1929 sock_put(sk); 1930 sk = NULL; 1931 goto done; 1932 } 1933 1934 /* Try to get PA sync socket, if it exists */ 1935 sk = iso_get_sock(&hdev->bdaddr, bdaddr, BT_CONNECT2, 1936 iso_match_sync_handle, ev2); 1937 if (!sk) 1938 sk = iso_get_sock(&hdev->bdaddr, bdaddr, 1939 BT_LISTEN, 1940 iso_match_sync_handle, 1941 ev2); 1942 1943 if (sk) { 1944 int err; 1945 1946 iso_pi(sk)->qos.bcast.encryption = ev2->encryption; 1947 1948 if (ev2->num_bis < iso_pi(sk)->bc_num_bis) 1949 iso_pi(sk)->bc_num_bis = ev2->num_bis; 1950 1951 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) && 1952 !test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) { 1953 err = hci_le_big_create_sync(hdev, NULL, 1954 &iso_pi(sk)->qos, 1955 iso_pi(sk)->sync_handle, 1956 iso_pi(sk)->bc_num_bis, 1957 iso_pi(sk)->bc_bis); 1958 if (err) { 1959 bt_dev_err(hdev, "hci_le_big_create_sync: %d", 1960 err); 1961 sock_put(sk); 1962 sk = NULL; 1963 } 1964 } 1965 } 1966 1967 goto done; 1968 } 1969 1970 ev3 = hci_recv_event_data(hdev, HCI_EV_LE_PER_ADV_REPORT); 1971 if (ev3) { 1972 size_t base_len = 0; 1973 u8 *base; 1974 struct hci_conn *hcon; 1975 1976 sk = iso_get_sock(&hdev->bdaddr, bdaddr, BT_LISTEN, 1977 iso_match_sync_handle_pa_report, ev3); 1978 if (!sk) 1979 goto done; 1980 1981 hcon = iso_pi(sk)->conn->hcon; 1982 if (!hcon) 1983 goto done; 1984 1985 if (ev3->data_status == LE_PA_DATA_TRUNCATED) { 1986 /* The controller was unable to retrieve PA data. */ 1987 memset(hcon->le_per_adv_data, 0, 1988 HCI_MAX_PER_AD_TOT_LEN); 1989 hcon->le_per_adv_data_len = 0; 1990 hcon->le_per_adv_data_offset = 0; 1991 goto done; 1992 } 1993 1994 if (hcon->le_per_adv_data_offset + ev3->length > 1995 HCI_MAX_PER_AD_TOT_LEN) 1996 goto done; 1997 1998 memcpy(hcon->le_per_adv_data + hcon->le_per_adv_data_offset, 1999 ev3->data, ev3->length); 2000 hcon->le_per_adv_data_offset += ev3->length; 2001 2002 if (ev3->data_status == LE_PA_DATA_COMPLETE) { 2003 /* All PA data has been received. */ 2004 hcon->le_per_adv_data_len = 2005 hcon->le_per_adv_data_offset; 2006 hcon->le_per_adv_data_offset = 0; 2007 2008 /* Extract BASE */ 2009 base = eir_get_service_data(hcon->le_per_adv_data, 2010 hcon->le_per_adv_data_len, 2011 EIR_BAA_SERVICE_UUID, 2012 &base_len); 2013 2014 if (!base || base_len > BASE_MAX_LENGTH) 2015 goto done; 2016 2017 memcpy(iso_pi(sk)->base, base, base_len); 2018 iso_pi(sk)->base_len = base_len; 2019 } else { 2020 /* This is a PA data fragment. Keep pa_data_len set to 0 2021 * until all data has been reassembled. 2022 */ 2023 hcon->le_per_adv_data_len = 0; 2024 } 2025 } else { 2026 sk = iso_get_sock(&hdev->bdaddr, BDADDR_ANY, 2027 BT_LISTEN, NULL, NULL); 2028 } 2029 2030done: 2031 if (!sk) 2032 return 0; 2033 2034 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 2035 *flags |= HCI_PROTO_DEFER; 2036 2037 sock_put(sk); 2038 2039 return HCI_LM_ACCEPT; 2040} 2041 2042static void iso_connect_cfm(struct hci_conn *hcon, __u8 status) 2043{ 2044 if (hcon->type != ISO_LINK) { 2045 if (hcon->type != LE_LINK) 2046 return; 2047 2048 /* Check if LE link has failed */ 2049 if (status) { 2050 struct hci_link *link, *t; 2051 2052 list_for_each_entry_safe(link, t, &hcon->link_list, 2053 list) 2054 iso_conn_del(link->conn, bt_to_errno(status)); 2055 2056 return; 2057 } 2058 2059 /* Create CIS if pending */ 2060 hci_le_create_cis_pending(hcon->hdev); 2061 return; 2062 } 2063 2064 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 2065 2066 /* Similar to the success case, if HCI_CONN_BIG_SYNC_FAILED or 2067 * HCI_CONN_PA_SYNC_FAILED is set, queue the failed connection 2068 * into the accept queue of the listening socket and wake up 2069 * userspace, to inform the user about the event. 2070 */ 2071 if (!status || test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags) || 2072 test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) { 2073 struct iso_conn *conn; 2074 2075 conn = iso_conn_add(hcon); 2076 if (conn) 2077 iso_conn_ready(conn); 2078 } else { 2079 iso_conn_del(hcon, bt_to_errno(status)); 2080 } 2081} 2082 2083static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason) 2084{ 2085 if (hcon->type != ISO_LINK) 2086 return; 2087 2088 BT_DBG("hcon %p reason %d", hcon, reason); 2089 2090 iso_conn_del(hcon, bt_to_errno(reason)); 2091} 2092 2093void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) 2094{ 2095 struct iso_conn *conn = hcon->iso_data; 2096 __u16 pb, ts, len; 2097 2098 if (!conn) 2099 goto drop; 2100 2101 pb = hci_iso_flags_pb(flags); 2102 ts = hci_iso_flags_ts(flags); 2103 2104 BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts); 2105 2106 switch (pb) { 2107 case ISO_START: 2108 case ISO_SINGLE: 2109 if (conn->rx_len) { 2110 BT_ERR("Unexpected start frame (len %d)", skb->len); 2111 kfree_skb(conn->rx_skb); 2112 conn->rx_skb = NULL; 2113 conn->rx_len = 0; 2114 } 2115 2116 if (ts) { 2117 struct hci_iso_ts_data_hdr *hdr; 2118 2119 /* TODO: add timestamp to the packet? */ 2120 hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE); 2121 if (!hdr) { 2122 BT_ERR("Frame is too short (len %d)", skb->len); 2123 goto drop; 2124 } 2125 2126 len = __le16_to_cpu(hdr->slen); 2127 } else { 2128 struct hci_iso_data_hdr *hdr; 2129 2130 hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE); 2131 if (!hdr) { 2132 BT_ERR("Frame is too short (len %d)", skb->len); 2133 goto drop; 2134 } 2135 2136 len = __le16_to_cpu(hdr->slen); 2137 } 2138 2139 flags = hci_iso_data_flags(len); 2140 len = hci_iso_data_len(len); 2141 2142 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len, 2143 skb->len, flags); 2144 2145 if (len == skb->len) { 2146 /* Complete frame received */ 2147 hci_skb_pkt_status(skb) = flags & 0x03; 2148 iso_recv_frame(conn, skb); 2149 return; 2150 } 2151 2152 if (pb == ISO_SINGLE) { 2153 BT_ERR("Frame malformed (len %d, expected len %d)", 2154 skb->len, len); 2155 goto drop; 2156 } 2157 2158 if (skb->len > len) { 2159 BT_ERR("Frame is too long (len %d, expected len %d)", 2160 skb->len, len); 2161 goto drop; 2162 } 2163 2164 /* Allocate skb for the complete frame (with header) */ 2165 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL); 2166 if (!conn->rx_skb) 2167 goto drop; 2168 2169 hci_skb_pkt_status(conn->rx_skb) = flags & 0x03; 2170 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 2171 skb->len); 2172 conn->rx_len = len - skb->len; 2173 break; 2174 2175 case ISO_CONT: 2176 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, 2177 conn->rx_len); 2178 2179 if (!conn->rx_len) { 2180 BT_ERR("Unexpected continuation frame (len %d)", 2181 skb->len); 2182 goto drop; 2183 } 2184 2185 if (skb->len > conn->rx_len) { 2186 BT_ERR("Fragment is too long (len %d, expected %d)", 2187 skb->len, conn->rx_len); 2188 kfree_skb(conn->rx_skb); 2189 conn->rx_skb = NULL; 2190 conn->rx_len = 0; 2191 goto drop; 2192 } 2193 2194 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 2195 skb->len); 2196 conn->rx_len -= skb->len; 2197 return; 2198 2199 case ISO_END: 2200 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 2201 skb->len); 2202 conn->rx_len -= skb->len; 2203 2204 if (!conn->rx_len) { 2205 struct sk_buff *rx_skb = conn->rx_skb; 2206 2207 /* Complete frame received. iso_recv_frame 2208 * takes ownership of the skb so set the global 2209 * rx_skb pointer to NULL first. 2210 */ 2211 conn->rx_skb = NULL; 2212 iso_recv_frame(conn, rx_skb); 2213 } 2214 break; 2215 } 2216 2217drop: 2218 kfree_skb(skb); 2219} 2220 2221static struct hci_cb iso_cb = { 2222 .name = "ISO", 2223 .connect_cfm = iso_connect_cfm, 2224 .disconn_cfm = iso_disconn_cfm, 2225}; 2226 2227static int iso_debugfs_show(struct seq_file *f, void *p) 2228{ 2229 struct sock *sk; 2230 2231 read_lock(&iso_sk_list.lock); 2232 2233 sk_for_each(sk, &iso_sk_list.head) { 2234 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src, 2235 &iso_pi(sk)->dst, sk->sk_state); 2236 } 2237 2238 read_unlock(&iso_sk_list.lock); 2239 2240 return 0; 2241} 2242 2243DEFINE_SHOW_ATTRIBUTE(iso_debugfs); 2244 2245static struct dentry *iso_debugfs; 2246 2247static const struct proto_ops iso_sock_ops = { 2248 .family = PF_BLUETOOTH, 2249 .owner = THIS_MODULE, 2250 .release = iso_sock_release, 2251 .bind = iso_sock_bind, 2252 .connect = iso_sock_connect, 2253 .listen = iso_sock_listen, 2254 .accept = iso_sock_accept, 2255 .getname = iso_sock_getname, 2256 .sendmsg = iso_sock_sendmsg, 2257 .recvmsg = iso_sock_recvmsg, 2258 .poll = bt_sock_poll, 2259 .ioctl = bt_sock_ioctl, 2260 .mmap = sock_no_mmap, 2261 .socketpair = sock_no_socketpair, 2262 .shutdown = iso_sock_shutdown, 2263 .setsockopt = iso_sock_setsockopt, 2264 .getsockopt = iso_sock_getsockopt 2265}; 2266 2267static const struct net_proto_family iso_sock_family_ops = { 2268 .family = PF_BLUETOOTH, 2269 .owner = THIS_MODULE, 2270 .create = iso_sock_create, 2271}; 2272 2273static bool iso_inited; 2274 2275bool iso_enabled(void) 2276{ 2277 return iso_inited; 2278} 2279 2280int iso_init(void) 2281{ 2282 int err; 2283 2284 BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr)); 2285 2286 if (iso_inited) 2287 return -EALREADY; 2288 2289 err = proto_register(&iso_proto, 0); 2290 if (err < 0) 2291 return err; 2292 2293 err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops); 2294 if (err < 0) { 2295 BT_ERR("ISO socket registration failed"); 2296 goto error; 2297 } 2298 2299 err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL); 2300 if (err < 0) { 2301 BT_ERR("Failed to create ISO proc file"); 2302 bt_sock_unregister(BTPROTO_ISO); 2303 goto error; 2304 } 2305 2306 BT_INFO("ISO socket layer initialized"); 2307 2308 hci_register_cb(&iso_cb); 2309 2310 if (IS_ERR_OR_NULL(bt_debugfs)) 2311 return 0; 2312 2313 if (!iso_debugfs) { 2314 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs, 2315 NULL, &iso_debugfs_fops); 2316 } 2317 2318 iso_inited = true; 2319 2320 return 0; 2321 2322error: 2323 proto_unregister(&iso_proto); 2324 return err; 2325} 2326 2327int iso_exit(void) 2328{ 2329 if (!iso_inited) 2330 return -EALREADY; 2331 2332 bt_procfs_cleanup(&init_net, "iso"); 2333 2334 debugfs_remove(iso_debugfs); 2335 iso_debugfs = NULL; 2336 2337 hci_unregister_cb(&iso_cb); 2338 2339 bt_sock_unregister(BTPROTO_ISO); 2340 2341 proto_unregister(&iso_proto); 2342 2343 iso_inited = false; 2344 2345 return 0; 2346} 2347