1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23*/ 24 25/* Bluetooth SCO sockets. */ 26 27#include <linux/module.h> 28#include <linux/debugfs.h> 29#include <linux/seq_file.h> 30#include <linux/sched/signal.h> 31 32#include <net/bluetooth/bluetooth.h> 33#include <net/bluetooth/hci_core.h> 34#include <net/bluetooth/sco.h> 35 36static bool disable_esco; 37 38static const struct proto_ops sco_sock_ops; 39 40static struct bt_sock_list sco_sk_list = { 41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 42}; 43 44/* ---- SCO connections ---- */ 45struct sco_conn { 46 struct hci_conn *hcon; 47 48 spinlock_t lock; 49 struct sock *sk; 50 51 struct delayed_work timeout_work; 52 53 unsigned int mtu; 54}; 55 56#define sco_conn_lock(c) spin_lock(&c->lock) 57#define sco_conn_unlock(c) spin_unlock(&c->lock) 58 59static void sco_sock_close(struct sock *sk); 60static void sco_sock_kill(struct sock *sk); 61 62/* ----- SCO socket info ----- */ 63#define sco_pi(sk) ((struct sco_pinfo *) sk) 64 65struct sco_pinfo { 66 struct bt_sock bt; 67 bdaddr_t src; 68 bdaddr_t dst; 69 __u32 flags; 70 __u16 setting; 71 struct bt_codec codec; 72 struct sco_conn *conn; 73}; 74 75/* ---- SCO timers ---- */ 76#define SCO_CONN_TIMEOUT (HZ * 40) 77#define SCO_DISCONN_TIMEOUT (HZ * 2) 78 79static void sco_sock_timeout(struct work_struct *work) 80{ 81 struct sco_conn *conn = container_of(work, struct sco_conn, 82 timeout_work.work); 83 struct sock *sk; 84 85 sco_conn_lock(conn); 86 if (!conn->hcon) { 87 sco_conn_unlock(conn); 88 return; 89 } 90 sk = conn->sk; 91 if (sk) 92 sock_hold(sk); 93 sco_conn_unlock(conn); 94 95 if (!sk) 96 return; 97 98 BT_DBG("sock %p state %d", sk, sk->sk_state); 99 100 lock_sock(sk); 101 sk->sk_err = ETIMEDOUT; 102 sk->sk_state_change(sk); 103 release_sock(sk); 104 sock_put(sk); 105} 106 107static void sco_sock_set_timer(struct sock *sk, long timeout) 108{ 109 if (!sco_pi(sk)->conn) 110 return; 111 112 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 113 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 114 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout); 115} 116 117static void sco_sock_clear_timer(struct sock *sk) 118{ 119 if (!sco_pi(sk)->conn) 120 return; 121 122 BT_DBG("sock %p state %d", sk, sk->sk_state); 123 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 124} 125 126/* ---- SCO connections ---- */ 127static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 128{ 129 struct sco_conn *conn = hcon->sco_data; 130 131 if (conn) { 132 if (!conn->hcon) 133 conn->hcon = hcon; 134 return conn; 135 } 136 137 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); 138 if (!conn) 139 return NULL; 140 141 spin_lock_init(&conn->lock); 142 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout); 143 144 hcon->sco_data = conn; 145 conn->hcon = hcon; 146 conn->mtu = hcon->mtu; 147 148 if (hcon->mtu > 0) 149 conn->mtu = hcon->mtu; 150 else 151 conn->mtu = 60; 152 153 BT_DBG("hcon %p conn %p", hcon, conn); 154 155 return conn; 156} 157 158/* Delete channel. 159 * Must be called on the locked socket. */ 160static void sco_chan_del(struct sock *sk, int err) 161{ 162 struct sco_conn *conn; 163 164 conn = sco_pi(sk)->conn; 165 166 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 167 168 if (conn) { 169 sco_conn_lock(conn); 170 conn->sk = NULL; 171 sco_pi(sk)->conn = NULL; 172 sco_conn_unlock(conn); 173 174 if (conn->hcon) 175 hci_conn_drop(conn->hcon); 176 } 177 178 sk->sk_state = BT_CLOSED; 179 sk->sk_err = err; 180 sk->sk_state_change(sk); 181 182 sock_set_flag(sk, SOCK_ZAPPED); 183} 184 185static void sco_conn_del(struct hci_conn *hcon, int err) 186{ 187 struct sco_conn *conn = hcon->sco_data; 188 struct sock *sk; 189 190 if (!conn) 191 return; 192 193 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 194 195 /* Kill socket */ 196 sco_conn_lock(conn); 197 sk = conn->sk; 198 if (sk) 199 sock_hold(sk); 200 sco_conn_unlock(conn); 201 202 if (sk) { 203 lock_sock(sk); 204 sco_sock_clear_timer(sk); 205 sco_chan_del(sk, err); 206 release_sock(sk); 207 sock_put(sk); 208 } 209 210 /* Ensure no more work items will run before freeing conn. */ 211 cancel_delayed_work_sync(&conn->timeout_work); 212 213 hcon->sco_data = NULL; 214 kfree(conn); 215} 216 217static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, 218 struct sock *parent) 219{ 220 BT_DBG("conn %p", conn); 221 222 sco_pi(sk)->conn = conn; 223 conn->sk = sk; 224 225 if (parent) 226 bt_accept_enqueue(parent, sk, true); 227} 228 229static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 230 struct sock *parent) 231{ 232 int err = 0; 233 234 sco_conn_lock(conn); 235 if (conn->sk) 236 err = -EBUSY; 237 else 238 __sco_chan_add(conn, sk, parent); 239 240 sco_conn_unlock(conn); 241 return err; 242} 243 244static int sco_connect(struct sock *sk) 245{ 246 struct sco_conn *conn; 247 struct hci_conn *hcon; 248 struct hci_dev *hdev; 249 int err, type; 250 251 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 252 253 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 254 if (!hdev) 255 return -EHOSTUNREACH; 256 257 hci_dev_lock(hdev); 258 259 if (lmp_esco_capable(hdev) && !disable_esco) 260 type = ESCO_LINK; 261 else 262 type = SCO_LINK; 263 264 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT && 265 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) { 266 err = -EOPNOTSUPP; 267 goto unlock; 268 } 269 270 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, 271 sco_pi(sk)->setting, &sco_pi(sk)->codec, 272 sk->sk_sndtimeo); 273 if (IS_ERR(hcon)) { 274 err = PTR_ERR(hcon); 275 goto unlock; 276 } 277 278 conn = sco_conn_add(hcon); 279 if (!conn) { 280 hci_conn_drop(hcon); 281 err = -ENOMEM; 282 goto unlock; 283 } 284 285 lock_sock(sk); 286 287 err = sco_chan_add(conn, sk, NULL); 288 if (err) { 289 release_sock(sk); 290 goto unlock; 291 } 292 293 /* Update source addr of the socket */ 294 bacpy(&sco_pi(sk)->src, &hcon->src); 295 296 if (hcon->state == BT_CONNECTED) { 297 sco_sock_clear_timer(sk); 298 sk->sk_state = BT_CONNECTED; 299 } else { 300 sk->sk_state = BT_CONNECT; 301 sco_sock_set_timer(sk, sk->sk_sndtimeo); 302 } 303 304 release_sock(sk); 305 306unlock: 307 hci_dev_unlock(hdev); 308 hci_dev_put(hdev); 309 return err; 310} 311 312static int sco_send_frame(struct sock *sk, struct sk_buff *skb) 313{ 314 struct sco_conn *conn = sco_pi(sk)->conn; 315 int len = skb->len; 316 317 /* Check outgoing MTU */ 318 if (len > conn->mtu) 319 return -EINVAL; 320 321 BT_DBG("sk %p len %d", sk, len); 322 323 hci_send_sco(conn->hcon, skb); 324 325 return len; 326} 327 328static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 329{ 330 struct sock *sk; 331 332 sco_conn_lock(conn); 333 sk = conn->sk; 334 sco_conn_unlock(conn); 335 336 if (!sk) 337 goto drop; 338 339 BT_DBG("sk %p len %u", sk, skb->len); 340 341 if (sk->sk_state != BT_CONNECTED) 342 goto drop; 343 344 if (!sock_queue_rcv_skb(sk, skb)) 345 return; 346 347drop: 348 kfree_skb(skb); 349} 350 351/* -------- Socket interface ---------- */ 352static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 353{ 354 struct sock *sk; 355 356 sk_for_each(sk, &sco_sk_list.head) { 357 if (sk->sk_state != BT_LISTEN) 358 continue; 359 360 if (!bacmp(&sco_pi(sk)->src, ba)) 361 return sk; 362 } 363 364 return NULL; 365} 366 367/* Find socket listening on source bdaddr. 368 * Returns closest match. 369 */ 370static struct sock *sco_get_sock_listen(bdaddr_t *src) 371{ 372 struct sock *sk = NULL, *sk1 = NULL; 373 374 read_lock(&sco_sk_list.lock); 375 376 sk_for_each(sk, &sco_sk_list.head) { 377 if (sk->sk_state != BT_LISTEN) 378 continue; 379 380 /* Exact match. */ 381 if (!bacmp(&sco_pi(sk)->src, src)) 382 break; 383 384 /* Closest match */ 385 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 386 sk1 = sk; 387 } 388 389 read_unlock(&sco_sk_list.lock); 390 391 return sk ? sk : sk1; 392} 393 394static void sco_sock_destruct(struct sock *sk) 395{ 396 BT_DBG("sk %p", sk); 397 398 skb_queue_purge(&sk->sk_receive_queue); 399 skb_queue_purge(&sk->sk_write_queue); 400} 401 402static void sco_sock_cleanup_listen(struct sock *parent) 403{ 404 struct sock *sk; 405 406 BT_DBG("parent %p", parent); 407 408 /* Close not yet accepted channels */ 409 while ((sk = bt_accept_dequeue(parent, NULL))) { 410 sco_sock_close(sk); 411 sco_sock_kill(sk); 412 } 413 414 parent->sk_state = BT_CLOSED; 415 sock_set_flag(parent, SOCK_ZAPPED); 416} 417 418/* Kill socket (only if zapped and orphan) 419 * Must be called on unlocked socket. 420 */ 421static void sco_sock_kill(struct sock *sk) 422{ 423 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 424 return; 425 426 BT_DBG("sk %p state %d", sk, sk->sk_state); 427 428 /* Kill poor orphan */ 429 bt_sock_unlink(&sco_sk_list, sk); 430 sock_set_flag(sk, SOCK_DEAD); 431 sock_put(sk); 432} 433 434static void __sco_sock_close(struct sock *sk) 435{ 436 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 437 438 switch (sk->sk_state) { 439 case BT_LISTEN: 440 sco_sock_cleanup_listen(sk); 441 break; 442 443 case BT_CONNECTED: 444 case BT_CONFIG: 445 if (sco_pi(sk)->conn->hcon) { 446 sk->sk_state = BT_DISCONN; 447 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 448 sco_conn_lock(sco_pi(sk)->conn); 449 hci_conn_drop(sco_pi(sk)->conn->hcon); 450 sco_pi(sk)->conn->hcon = NULL; 451 sco_conn_unlock(sco_pi(sk)->conn); 452 } else 453 sco_chan_del(sk, ECONNRESET); 454 break; 455 456 case BT_CONNECT2: 457 case BT_CONNECT: 458 case BT_DISCONN: 459 sco_chan_del(sk, ECONNRESET); 460 break; 461 462 default: 463 sock_set_flag(sk, SOCK_ZAPPED); 464 break; 465 } 466 467} 468 469/* Must be called on unlocked socket. */ 470static void sco_sock_close(struct sock *sk) 471{ 472 lock_sock(sk); 473 sco_sock_clear_timer(sk); 474 __sco_sock_close(sk); 475 release_sock(sk); 476} 477 478static void sco_sock_init(struct sock *sk, struct sock *parent) 479{ 480 BT_DBG("sk %p", sk); 481 482 if (parent) { 483 sk->sk_type = parent->sk_type; 484 bt_sk(sk)->flags = bt_sk(parent)->flags; 485 security_sk_clone(parent, sk); 486 } 487} 488 489static struct proto sco_proto = { 490 .name = "SCO", 491 .owner = THIS_MODULE, 492 .obj_size = sizeof(struct sco_pinfo) 493}; 494 495static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, 496 int proto, gfp_t prio, int kern) 497{ 498 struct sock *sk; 499 500 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern); 501 if (!sk) 502 return NULL; 503 504 sk->sk_destruct = sco_sock_destruct; 505 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 506 507 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 508 sco_pi(sk)->codec.id = BT_CODEC_CVSD; 509 sco_pi(sk)->codec.cid = 0xffff; 510 sco_pi(sk)->codec.vid = 0xffff; 511 sco_pi(sk)->codec.data_path = 0x00; 512 513 bt_sock_link(&sco_sk_list, sk); 514 return sk; 515} 516 517static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 518 int kern) 519{ 520 struct sock *sk; 521 522 BT_DBG("sock %p", sock); 523 524 sock->state = SS_UNCONNECTED; 525 526 if (sock->type != SOCK_SEQPACKET) 527 return -ESOCKTNOSUPPORT; 528 529 sock->ops = &sco_sock_ops; 530 531 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 532 if (!sk) 533 return -ENOMEM; 534 535 sco_sock_init(sk, NULL); 536 return 0; 537} 538 539static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, 540 int addr_len) 541{ 542 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 543 struct sock *sk = sock->sk; 544 int err = 0; 545 546 if (!addr || addr_len < sizeof(struct sockaddr_sco) || 547 addr->sa_family != AF_BLUETOOTH) 548 return -EINVAL; 549 550 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 551 552 lock_sock(sk); 553 554 if (sk->sk_state != BT_OPEN) { 555 err = -EBADFD; 556 goto done; 557 } 558 559 if (sk->sk_type != SOCK_SEQPACKET) { 560 err = -EINVAL; 561 goto done; 562 } 563 564 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 565 566 sk->sk_state = BT_BOUND; 567 568done: 569 release_sock(sk); 570 return err; 571} 572 573static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 574{ 575 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 576 struct sock *sk = sock->sk; 577 int err; 578 579 BT_DBG("sk %p", sk); 580 581 if (alen < sizeof(struct sockaddr_sco) || 582 addr->sa_family != AF_BLUETOOTH) 583 return -EINVAL; 584 585 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 586 return -EBADFD; 587 588 if (sk->sk_type != SOCK_SEQPACKET) 589 err = -EINVAL; 590 591 lock_sock(sk); 592 /* Set destination address and psm */ 593 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 594 release_sock(sk); 595 596 err = sco_connect(sk); 597 if (err) 598 return err; 599 600 lock_sock(sk); 601 602 err = bt_sock_wait_state(sk, BT_CONNECTED, 603 sock_sndtimeo(sk, flags & O_NONBLOCK)); 604 605 release_sock(sk); 606 return err; 607} 608 609static int sco_sock_listen(struct socket *sock, int backlog) 610{ 611 struct sock *sk = sock->sk; 612 bdaddr_t *src = &sco_pi(sk)->src; 613 int err = 0; 614 615 BT_DBG("sk %p backlog %d", sk, backlog); 616 617 lock_sock(sk); 618 619 if (sk->sk_state != BT_BOUND) { 620 err = -EBADFD; 621 goto done; 622 } 623 624 if (sk->sk_type != SOCK_SEQPACKET) { 625 err = -EINVAL; 626 goto done; 627 } 628 629 write_lock(&sco_sk_list.lock); 630 631 if (__sco_get_sock_listen_by_addr(src)) { 632 err = -EADDRINUSE; 633 goto unlock; 634 } 635 636 sk->sk_max_ack_backlog = backlog; 637 sk->sk_ack_backlog = 0; 638 639 sk->sk_state = BT_LISTEN; 640 641unlock: 642 write_unlock(&sco_sk_list.lock); 643 644done: 645 release_sock(sk); 646 return err; 647} 648 649static int sco_sock_accept(struct socket *sock, struct socket *newsock, 650 struct proto_accept_arg *arg) 651{ 652 DEFINE_WAIT_FUNC(wait, woken_wake_function); 653 struct sock *sk = sock->sk, *ch; 654 long timeo; 655 int err = 0; 656 657 lock_sock(sk); 658 659 timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK); 660 661 BT_DBG("sk %p timeo %ld", sk, timeo); 662 663 /* Wait for an incoming connection. (wake-one). */ 664 add_wait_queue_exclusive(sk_sleep(sk), &wait); 665 while (1) { 666 if (sk->sk_state != BT_LISTEN) { 667 err = -EBADFD; 668 break; 669 } 670 671 ch = bt_accept_dequeue(sk, newsock); 672 if (ch) 673 break; 674 675 if (!timeo) { 676 err = -EAGAIN; 677 break; 678 } 679 680 if (signal_pending(current)) { 681 err = sock_intr_errno(timeo); 682 break; 683 } 684 685 release_sock(sk); 686 687 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 688 lock_sock(sk); 689 } 690 remove_wait_queue(sk_sleep(sk), &wait); 691 692 if (err) 693 goto done; 694 695 newsock->state = SS_CONNECTED; 696 697 BT_DBG("new socket %p", ch); 698 699done: 700 release_sock(sk); 701 return err; 702} 703 704static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, 705 int peer) 706{ 707 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 708 struct sock *sk = sock->sk; 709 710 BT_DBG("sock %p, sk %p", sock, sk); 711 712 addr->sa_family = AF_BLUETOOTH; 713 714 if (peer) 715 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 716 else 717 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 718 719 return sizeof(struct sockaddr_sco); 720} 721 722static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, 723 size_t len) 724{ 725 struct sock *sk = sock->sk; 726 struct sk_buff *skb; 727 int err; 728 729 BT_DBG("sock %p, sk %p", sock, sk); 730 731 err = sock_error(sk); 732 if (err) 733 return err; 734 735 if (msg->msg_flags & MSG_OOB) 736 return -EOPNOTSUPP; 737 738 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0); 739 if (IS_ERR(skb)) 740 return PTR_ERR(skb); 741 742 lock_sock(sk); 743 744 if (sk->sk_state == BT_CONNECTED) 745 err = sco_send_frame(sk, skb); 746 else 747 err = -ENOTCONN; 748 749 release_sock(sk); 750 751 if (err < 0) 752 kfree_skb(skb); 753 return err; 754} 755 756static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 757{ 758 struct hci_dev *hdev = conn->hdev; 759 760 BT_DBG("conn %p", conn); 761 762 conn->state = BT_CONFIG; 763 764 if (!lmp_esco_capable(hdev)) { 765 struct hci_cp_accept_conn_req cp; 766 767 bacpy(&cp.bdaddr, &conn->dst); 768 cp.role = 0x00; /* Ignored */ 769 770 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 771 } else { 772 struct hci_cp_accept_sync_conn_req cp; 773 774 bacpy(&cp.bdaddr, &conn->dst); 775 cp.pkt_type = cpu_to_le16(conn->pkt_type); 776 777 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 778 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 779 cp.content_format = cpu_to_le16(setting); 780 781 switch (setting & SCO_AIRMODE_MASK) { 782 case SCO_AIRMODE_TRANSP: 783 if (conn->pkt_type & ESCO_2EV3) 784 cp.max_latency = cpu_to_le16(0x0008); 785 else 786 cp.max_latency = cpu_to_le16(0x000D); 787 cp.retrans_effort = 0x02; 788 break; 789 case SCO_AIRMODE_CVSD: 790 cp.max_latency = cpu_to_le16(0xffff); 791 cp.retrans_effort = 0xff; 792 break; 793 default: 794 /* use CVSD settings as fallback */ 795 cp.max_latency = cpu_to_le16(0xffff); 796 cp.retrans_effort = 0xff; 797 break; 798 } 799 800 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 801 sizeof(cp), &cp); 802 } 803} 804 805static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, 806 size_t len, int flags) 807{ 808 struct sock *sk = sock->sk; 809 struct sco_pinfo *pi = sco_pi(sk); 810 811 lock_sock(sk); 812 813 if (sk->sk_state == BT_CONNECT2 && 814 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 815 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 816 sk->sk_state = BT_CONFIG; 817 818 release_sock(sk); 819 return 0; 820 } 821 822 release_sock(sk); 823 824 return bt_sock_recvmsg(sock, msg, len, flags); 825} 826 827static int sco_sock_setsockopt(struct socket *sock, int level, int optname, 828 sockptr_t optval, unsigned int optlen) 829{ 830 struct sock *sk = sock->sk; 831 int err = 0; 832 struct bt_voice voice; 833 u32 opt; 834 struct bt_codecs *codecs; 835 struct hci_dev *hdev; 836 __u8 buffer[255]; 837 838 BT_DBG("sk %p", sk); 839 840 lock_sock(sk); 841 842 switch (optname) { 843 844 case BT_DEFER_SETUP: 845 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 846 err = -EINVAL; 847 break; 848 } 849 850 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen); 851 if (err) 852 break; 853 854 if (opt) 855 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 856 else 857 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 858 break; 859 860 case BT_VOICE: 861 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 862 sk->sk_state != BT_CONNECT2) { 863 err = -EINVAL; 864 break; 865 } 866 867 voice.setting = sco_pi(sk)->setting; 868 869 err = bt_copy_from_sockptr(&voice, sizeof(voice), optval, 870 optlen); 871 if (err) 872 break; 873 874 /* Explicitly check for these values */ 875 if (voice.setting != BT_VOICE_TRANSPARENT && 876 voice.setting != BT_VOICE_CVSD_16BIT) { 877 err = -EINVAL; 878 break; 879 } 880 881 sco_pi(sk)->setting = voice.setting; 882 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 883 BDADDR_BREDR); 884 if (!hdev) { 885 err = -EBADFD; 886 break; 887 } 888 if (enhanced_sync_conn_capable(hdev) && 889 voice.setting == BT_VOICE_TRANSPARENT) 890 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT; 891 hci_dev_put(hdev); 892 break; 893 894 case BT_PKT_STATUS: 895 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen); 896 if (err) 897 break; 898 899 if (opt) 900 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 901 else 902 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 903 break; 904 905 case BT_CODEC: 906 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 907 sk->sk_state != BT_CONNECT2) { 908 err = -EINVAL; 909 break; 910 } 911 912 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 913 BDADDR_BREDR); 914 if (!hdev) { 915 err = -EBADFD; 916 break; 917 } 918 919 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 920 hci_dev_put(hdev); 921 err = -EOPNOTSUPP; 922 break; 923 } 924 925 if (!hdev->get_data_path_id) { 926 hci_dev_put(hdev); 927 err = -EOPNOTSUPP; 928 break; 929 } 930 931 if (optlen < sizeof(struct bt_codecs) || 932 optlen > sizeof(buffer)) { 933 hci_dev_put(hdev); 934 err = -EINVAL; 935 break; 936 } 937 938 err = bt_copy_from_sockptr(buffer, optlen, optval, optlen); 939 if (err) { 940 hci_dev_put(hdev); 941 break; 942 } 943 944 codecs = (void *)buffer; 945 946 if (codecs->num_codecs > 1) { 947 hci_dev_put(hdev); 948 err = -EINVAL; 949 break; 950 } 951 952 sco_pi(sk)->codec = codecs->codecs[0]; 953 hci_dev_put(hdev); 954 break; 955 956 default: 957 err = -ENOPROTOOPT; 958 break; 959 } 960 961 release_sock(sk); 962 return err; 963} 964 965static int sco_sock_getsockopt_old(struct socket *sock, int optname, 966 char __user *optval, int __user *optlen) 967{ 968 struct sock *sk = sock->sk; 969 struct sco_options opts; 970 struct sco_conninfo cinfo; 971 int err = 0; 972 size_t len; 973 974 BT_DBG("sk %p", sk); 975 976 if (get_user(len, optlen)) 977 return -EFAULT; 978 979 lock_sock(sk); 980 981 switch (optname) { 982 case SCO_OPTIONS: 983 if (sk->sk_state != BT_CONNECTED && 984 !(sk->sk_state == BT_CONNECT2 && 985 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 986 err = -ENOTCONN; 987 break; 988 } 989 990 opts.mtu = sco_pi(sk)->conn->mtu; 991 992 BT_DBG("mtu %u", opts.mtu); 993 994 len = min(len, sizeof(opts)); 995 if (copy_to_user(optval, (char *)&opts, len)) 996 err = -EFAULT; 997 998 break; 999 1000 case SCO_CONNINFO: 1001 if (sk->sk_state != BT_CONNECTED && 1002 !(sk->sk_state == BT_CONNECT2 && 1003 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1004 err = -ENOTCONN; 1005 break; 1006 } 1007 1008 memset(&cinfo, 0, sizeof(cinfo)); 1009 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 1010 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 1011 1012 len = min(len, sizeof(cinfo)); 1013 if (copy_to_user(optval, (char *)&cinfo, len)) 1014 err = -EFAULT; 1015 1016 break; 1017 1018 default: 1019 err = -ENOPROTOOPT; 1020 break; 1021 } 1022 1023 release_sock(sk); 1024 return err; 1025} 1026 1027static int sco_sock_getsockopt(struct socket *sock, int level, int optname, 1028 char __user *optval, int __user *optlen) 1029{ 1030 struct sock *sk = sock->sk; 1031 int len, err = 0; 1032 struct bt_voice voice; 1033 u32 phys; 1034 int buf_len; 1035 struct codec_list *c; 1036 u8 num_codecs, i, __user *ptr; 1037 struct hci_dev *hdev; 1038 struct hci_codec_caps *caps; 1039 struct bt_codec codec; 1040 1041 BT_DBG("sk %p", sk); 1042 1043 if (level == SOL_SCO) 1044 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 1045 1046 if (get_user(len, optlen)) 1047 return -EFAULT; 1048 1049 lock_sock(sk); 1050 1051 switch (optname) { 1052 1053 case BT_DEFER_SETUP: 1054 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1055 err = -EINVAL; 1056 break; 1057 } 1058 1059 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1060 (u32 __user *)optval)) 1061 err = -EFAULT; 1062 1063 break; 1064 1065 case BT_VOICE: 1066 voice.setting = sco_pi(sk)->setting; 1067 1068 len = min_t(unsigned int, len, sizeof(voice)); 1069 if (copy_to_user(optval, (char *)&voice, len)) 1070 err = -EFAULT; 1071 1072 break; 1073 1074 case BT_PHY: 1075 if (sk->sk_state != BT_CONNECTED) { 1076 err = -ENOTCONN; 1077 break; 1078 } 1079 1080 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon); 1081 1082 if (put_user(phys, (u32 __user *) optval)) 1083 err = -EFAULT; 1084 break; 1085 1086 case BT_PKT_STATUS: 1087 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags), 1088 (int __user *)optval)) 1089 err = -EFAULT; 1090 break; 1091 1092 case BT_SNDMTU: 1093 case BT_RCVMTU: 1094 if (sk->sk_state != BT_CONNECTED) { 1095 err = -ENOTCONN; 1096 break; 1097 } 1098 1099 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval)) 1100 err = -EFAULT; 1101 break; 1102 1103 case BT_CODEC: 1104 num_codecs = 0; 1105 buf_len = 0; 1106 1107 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 1108 if (!hdev) { 1109 err = -EBADFD; 1110 break; 1111 } 1112 1113 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 1114 hci_dev_put(hdev); 1115 err = -EOPNOTSUPP; 1116 break; 1117 } 1118 1119 if (!hdev->get_data_path_id) { 1120 hci_dev_put(hdev); 1121 err = -EOPNOTSUPP; 1122 break; 1123 } 1124 1125 release_sock(sk); 1126 1127 /* find total buffer size required to copy codec + caps */ 1128 hci_dev_lock(hdev); 1129 list_for_each_entry(c, &hdev->local_codecs, list) { 1130 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1131 continue; 1132 num_codecs++; 1133 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1134 buf_len += 1 + caps->len; 1135 caps = (void *)&caps->data[caps->len]; 1136 } 1137 buf_len += sizeof(struct bt_codec); 1138 } 1139 hci_dev_unlock(hdev); 1140 1141 buf_len += sizeof(struct bt_codecs); 1142 if (buf_len > len) { 1143 hci_dev_put(hdev); 1144 return -ENOBUFS; 1145 } 1146 ptr = optval; 1147 1148 if (put_user(num_codecs, ptr)) { 1149 hci_dev_put(hdev); 1150 return -EFAULT; 1151 } 1152 ptr += sizeof(num_codecs); 1153 1154 /* Iterate all the codecs supported over SCO and populate 1155 * codec data 1156 */ 1157 hci_dev_lock(hdev); 1158 list_for_each_entry(c, &hdev->local_codecs, list) { 1159 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1160 continue; 1161 1162 codec.id = c->id; 1163 codec.cid = c->cid; 1164 codec.vid = c->vid; 1165 err = hdev->get_data_path_id(hdev, &codec.data_path); 1166 if (err < 0) 1167 break; 1168 codec.num_caps = c->num_caps; 1169 if (copy_to_user(ptr, &codec, sizeof(codec))) { 1170 err = -EFAULT; 1171 break; 1172 } 1173 ptr += sizeof(codec); 1174 1175 /* find codec capabilities data length */ 1176 len = 0; 1177 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1178 len += 1 + caps->len; 1179 caps = (void *)&caps->data[caps->len]; 1180 } 1181 1182 /* copy codec capabilities data */ 1183 if (len && copy_to_user(ptr, c->caps, len)) { 1184 err = -EFAULT; 1185 break; 1186 } 1187 ptr += len; 1188 } 1189 1190 hci_dev_unlock(hdev); 1191 hci_dev_put(hdev); 1192 1193 lock_sock(sk); 1194 1195 if (!err && put_user(buf_len, optlen)) 1196 err = -EFAULT; 1197 1198 break; 1199 1200 default: 1201 err = -ENOPROTOOPT; 1202 break; 1203 } 1204 1205 release_sock(sk); 1206 return err; 1207} 1208 1209static int sco_sock_shutdown(struct socket *sock, int how) 1210{ 1211 struct sock *sk = sock->sk; 1212 int err = 0; 1213 1214 BT_DBG("sock %p, sk %p", sock, sk); 1215 1216 if (!sk) 1217 return 0; 1218 1219 sock_hold(sk); 1220 lock_sock(sk); 1221 1222 if (!sk->sk_shutdown) { 1223 sk->sk_shutdown = SHUTDOWN_MASK; 1224 sco_sock_clear_timer(sk); 1225 __sco_sock_close(sk); 1226 1227 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1228 !(current->flags & PF_EXITING)) 1229 err = bt_sock_wait_state(sk, BT_CLOSED, 1230 sk->sk_lingertime); 1231 } 1232 1233 release_sock(sk); 1234 sock_put(sk); 1235 1236 return err; 1237} 1238 1239static int sco_sock_release(struct socket *sock) 1240{ 1241 struct sock *sk = sock->sk; 1242 int err = 0; 1243 1244 BT_DBG("sock %p, sk %p", sock, sk); 1245 1246 if (!sk) 1247 return 0; 1248 1249 sco_sock_close(sk); 1250 1251 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) && 1252 !(current->flags & PF_EXITING)) { 1253 lock_sock(sk); 1254 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1255 release_sock(sk); 1256 } 1257 1258 sock_orphan(sk); 1259 sco_sock_kill(sk); 1260 return err; 1261} 1262 1263static void sco_conn_ready(struct sco_conn *conn) 1264{ 1265 struct sock *parent; 1266 struct sock *sk = conn->sk; 1267 1268 BT_DBG("conn %p", conn); 1269 1270 if (sk) { 1271 lock_sock(sk); 1272 sco_sock_clear_timer(sk); 1273 sk->sk_state = BT_CONNECTED; 1274 sk->sk_state_change(sk); 1275 release_sock(sk); 1276 } else { 1277 sco_conn_lock(conn); 1278 1279 if (!conn->hcon) { 1280 sco_conn_unlock(conn); 1281 return; 1282 } 1283 1284 parent = sco_get_sock_listen(&conn->hcon->src); 1285 if (!parent) { 1286 sco_conn_unlock(conn); 1287 return; 1288 } 1289 1290 lock_sock(parent); 1291 1292 sk = sco_sock_alloc(sock_net(parent), NULL, 1293 BTPROTO_SCO, GFP_ATOMIC, 0); 1294 if (!sk) { 1295 release_sock(parent); 1296 sco_conn_unlock(conn); 1297 return; 1298 } 1299 1300 sco_sock_init(sk, parent); 1301 1302 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1303 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1304 1305 hci_conn_hold(conn->hcon); 1306 __sco_chan_add(conn, sk, parent); 1307 1308 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1309 sk->sk_state = BT_CONNECT2; 1310 else 1311 sk->sk_state = BT_CONNECTED; 1312 1313 /* Wake up parent */ 1314 parent->sk_data_ready(parent); 1315 1316 release_sock(parent); 1317 1318 sco_conn_unlock(conn); 1319 } 1320} 1321 1322/* ----- SCO interface with lower layer (HCI) ----- */ 1323int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1324{ 1325 struct sock *sk; 1326 int lm = 0; 1327 1328 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1329 1330 /* Find listening sockets */ 1331 read_lock(&sco_sk_list.lock); 1332 sk_for_each(sk, &sco_sk_list.head) { 1333 if (sk->sk_state != BT_LISTEN) 1334 continue; 1335 1336 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1337 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1338 lm |= HCI_LM_ACCEPT; 1339 1340 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1341 *flags |= HCI_PROTO_DEFER; 1342 break; 1343 } 1344 } 1345 read_unlock(&sco_sk_list.lock); 1346 1347 return lm; 1348} 1349 1350static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1351{ 1352 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1353 return; 1354 1355 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status); 1356 1357 if (!status) { 1358 struct sco_conn *conn; 1359 1360 conn = sco_conn_add(hcon); 1361 if (conn) 1362 sco_conn_ready(conn); 1363 } else 1364 sco_conn_del(hcon, bt_to_errno(status)); 1365} 1366 1367static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1368{ 1369 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1370 return; 1371 1372 BT_DBG("hcon %p reason %d", hcon, reason); 1373 1374 sco_conn_del(hcon, bt_to_errno(reason)); 1375} 1376 1377void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 1378{ 1379 struct sco_conn *conn = hcon->sco_data; 1380 1381 if (!conn) 1382 goto drop; 1383 1384 BT_DBG("conn %p len %u", conn, skb->len); 1385 1386 if (skb->len) { 1387 sco_recv_frame(conn, skb); 1388 return; 1389 } 1390 1391drop: 1392 kfree_skb(skb); 1393} 1394 1395static struct hci_cb sco_cb = { 1396 .name = "SCO", 1397 .connect_cfm = sco_connect_cfm, 1398 .disconn_cfm = sco_disconn_cfm, 1399}; 1400 1401static int sco_debugfs_show(struct seq_file *f, void *p) 1402{ 1403 struct sock *sk; 1404 1405 read_lock(&sco_sk_list.lock); 1406 1407 sk_for_each(sk, &sco_sk_list.head) { 1408 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1409 &sco_pi(sk)->dst, sk->sk_state); 1410 } 1411 1412 read_unlock(&sco_sk_list.lock); 1413 1414 return 0; 1415} 1416 1417DEFINE_SHOW_ATTRIBUTE(sco_debugfs); 1418 1419static struct dentry *sco_debugfs; 1420 1421static const struct proto_ops sco_sock_ops = { 1422 .family = PF_BLUETOOTH, 1423 .owner = THIS_MODULE, 1424 .release = sco_sock_release, 1425 .bind = sco_sock_bind, 1426 .connect = sco_sock_connect, 1427 .listen = sco_sock_listen, 1428 .accept = sco_sock_accept, 1429 .getname = sco_sock_getname, 1430 .sendmsg = sco_sock_sendmsg, 1431 .recvmsg = sco_sock_recvmsg, 1432 .poll = bt_sock_poll, 1433 .ioctl = bt_sock_ioctl, 1434 .gettstamp = sock_gettstamp, 1435 .mmap = sock_no_mmap, 1436 .socketpair = sock_no_socketpair, 1437 .shutdown = sco_sock_shutdown, 1438 .setsockopt = sco_sock_setsockopt, 1439 .getsockopt = sco_sock_getsockopt 1440}; 1441 1442static const struct net_proto_family sco_sock_family_ops = { 1443 .family = PF_BLUETOOTH, 1444 .owner = THIS_MODULE, 1445 .create = sco_sock_create, 1446}; 1447 1448int __init sco_init(void) 1449{ 1450 int err; 1451 1452 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1453 1454 err = proto_register(&sco_proto, 0); 1455 if (err < 0) 1456 return err; 1457 1458 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1459 if (err < 0) { 1460 BT_ERR("SCO socket registration failed"); 1461 goto error; 1462 } 1463 1464 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1465 if (err < 0) { 1466 BT_ERR("Failed to create SCO proc file"); 1467 bt_sock_unregister(BTPROTO_SCO); 1468 goto error; 1469 } 1470 1471 BT_INFO("SCO socket layer initialized"); 1472 1473 hci_register_cb(&sco_cb); 1474 1475 if (IS_ERR_OR_NULL(bt_debugfs)) 1476 return 0; 1477 1478 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1479 NULL, &sco_debugfs_fops); 1480 1481 return 0; 1482 1483error: 1484 proto_unregister(&sco_proto); 1485 return err; 1486} 1487 1488void sco_exit(void) 1489{ 1490 bt_procfs_cleanup(&init_net, "sco"); 1491 1492 debugfs_remove(sco_debugfs); 1493 1494 hci_unregister_cb(&sco_cb); 1495 1496 bt_sock_unregister(BTPROTO_SCO); 1497 1498 proto_unregister(&sco_proto); 1499} 1500 1501module_param(disable_esco, bool, 0644); 1502MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation"); 1503