1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/module.h>
28#include <linux/debugfs.h>
29#include <linux/seq_file.h>
30#include <linux/sched/signal.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/sco.h>
35
36static bool disable_esco;
37
38static const struct proto_ops sco_sock_ops;
39
40static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42};
43
44
45struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 unsigned int mtu;
52};
53
54#define sco_conn_lock(c) spin_lock(&c->lock);
55#define sco_conn_unlock(c) spin_unlock(&c->lock);
56
57static void sco_sock_close(struct sock *sk);
58static void sco_sock_kill(struct sock *sk);
59
60
61#define sco_pi(sk) ((struct sco_pinfo *) sk)
62
63struct sco_pinfo {
64 struct bt_sock bt;
65 bdaddr_t src;
66 bdaddr_t dst;
67 __u32 flags;
68 __u16 setting;
69 struct sco_conn *conn;
70};
71
72
73#define SCO_CONN_TIMEOUT (HZ * 40)
74#define SCO_DISCONN_TIMEOUT (HZ * 2)
75
76static void sco_sock_timeout(struct timer_list *t)
77{
78 struct sock *sk = from_timer(sk, t, sk_timer);
79
80 BT_DBG("sock %p state %d", sk, sk->sk_state);
81
82 bh_lock_sock(sk);
83 sk->sk_err = ETIMEDOUT;
84 sk->sk_state_change(sk);
85 bh_unlock_sock(sk);
86
87 sco_sock_kill(sk);
88 sock_put(sk);
89}
90
91static void sco_sock_set_timer(struct sock *sk, long timeout)
92{
93 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
94 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
95}
96
97static void sco_sock_clear_timer(struct sock *sk)
98{
99 BT_DBG("sock %p state %d", sk, sk->sk_state);
100 sk_stop_timer(sk, &sk->sk_timer);
101}
102
103
104static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
105{
106 struct hci_dev *hdev = hcon->hdev;
107 struct sco_conn *conn = hcon->sco_data;
108
109 if (conn)
110 return conn;
111
112 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
113 if (!conn)
114 return NULL;
115
116 spin_lock_init(&conn->lock);
117
118 hcon->sco_data = conn;
119 conn->hcon = hcon;
120
121 if (hdev->sco_mtu > 0)
122 conn->mtu = hdev->sco_mtu;
123 else
124 conn->mtu = 60;
125
126 BT_DBG("hcon %p conn %p", hcon, conn);
127
128 return conn;
129}
130
131
132
133static void sco_chan_del(struct sock *sk, int err)
134{
135 struct sco_conn *conn;
136
137 conn = sco_pi(sk)->conn;
138
139 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
140
141 if (conn) {
142 sco_conn_lock(conn);
143 conn->sk = NULL;
144 sco_pi(sk)->conn = NULL;
145 sco_conn_unlock(conn);
146
147 if (conn->hcon)
148 hci_conn_drop(conn->hcon);
149 }
150
151 sk->sk_state = BT_CLOSED;
152 sk->sk_err = err;
153 sk->sk_state_change(sk);
154
155 sock_set_flag(sk, SOCK_ZAPPED);
156}
157
158static void sco_conn_del(struct hci_conn *hcon, int err)
159{
160 struct sco_conn *conn = hcon->sco_data;
161 struct sock *sk;
162
163 if (!conn)
164 return;
165
166 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
167
168
169 sco_conn_lock(conn);
170 sk = conn->sk;
171 sco_conn_unlock(conn);
172
173 if (sk) {
174 sock_hold(sk);
175 bh_lock_sock(sk);
176 sco_sock_clear_timer(sk);
177 sco_chan_del(sk, err);
178 bh_unlock_sock(sk);
179 sco_sock_kill(sk);
180 sock_put(sk);
181 }
182
183 hcon->sco_data = NULL;
184 kfree(conn);
185}
186
187static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
188 struct sock *parent)
189{
190 BT_DBG("conn %p", conn);
191
192 sco_pi(sk)->conn = conn;
193 conn->sk = sk;
194
195 if (parent)
196 bt_accept_enqueue(parent, sk);
197}
198
199static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
200 struct sock *parent)
201{
202 int err = 0;
203
204 sco_conn_lock(conn);
205 if (conn->sk)
206 err = -EBUSY;
207 else
208 __sco_chan_add(conn, sk, parent);
209
210 sco_conn_unlock(conn);
211 return err;
212}
213
214static int sco_connect(struct sock *sk)
215{
216 struct sco_conn *conn;
217 struct hci_conn *hcon;
218 struct hci_dev *hdev;
219 int err, type;
220
221 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
222
223 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
224 if (!hdev)
225 return -EHOSTUNREACH;
226
227 hci_dev_lock(hdev);
228
229 if (lmp_esco_capable(hdev) && !disable_esco)
230 type = ESCO_LINK;
231 else
232 type = SCO_LINK;
233
234 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
235 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
236 err = -EOPNOTSUPP;
237 goto done;
238 }
239
240 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
241 sco_pi(sk)->setting);
242 if (IS_ERR(hcon)) {
243 err = PTR_ERR(hcon);
244 goto done;
245 }
246
247 conn = sco_conn_add(hcon);
248 if (!conn) {
249 hci_conn_drop(hcon);
250 err = -ENOMEM;
251 goto done;
252 }
253
254
255 bacpy(&sco_pi(sk)->src, &hcon->src);
256
257 err = sco_chan_add(conn, sk, NULL);
258 if (err)
259 goto done;
260
261 if (hcon->state == BT_CONNECTED) {
262 sco_sock_clear_timer(sk);
263 sk->sk_state = BT_CONNECTED;
264 } else {
265 sk->sk_state = BT_CONNECT;
266 sco_sock_set_timer(sk, sk->sk_sndtimeo);
267 }
268
269done:
270 hci_dev_unlock(hdev);
271 hci_dev_put(hdev);
272 return err;
273}
274
275static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
276{
277 struct sco_conn *conn = sco_pi(sk)->conn;
278 struct sk_buff *skb;
279 int err;
280
281
282 if (len > conn->mtu)
283 return -EINVAL;
284
285 BT_DBG("sk %p len %d", sk, len);
286
287 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
288 if (!skb)
289 return err;
290
291 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
292 kfree_skb(skb);
293 return -EFAULT;
294 }
295
296 hci_send_sco(conn->hcon, skb);
297
298 return len;
299}
300
301static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
302{
303 struct sock *sk;
304
305 sco_conn_lock(conn);
306 sk = conn->sk;
307 sco_conn_unlock(conn);
308
309 if (!sk)
310 goto drop;
311
312 BT_DBG("sk %p len %d", sk, skb->len);
313
314 if (sk->sk_state != BT_CONNECTED)
315 goto drop;
316
317 if (!sock_queue_rcv_skb(sk, skb))
318 return;
319
320drop:
321 kfree_skb(skb);
322}
323
324
325static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
326{
327 struct sock *sk;
328
329 sk_for_each(sk, &sco_sk_list.head) {
330 if (sk->sk_state != BT_LISTEN)
331 continue;
332
333 if (!bacmp(&sco_pi(sk)->src, ba))
334 return sk;
335 }
336
337 return NULL;
338}
339
340
341
342
343static struct sock *sco_get_sock_listen(bdaddr_t *src)
344{
345 struct sock *sk = NULL, *sk1 = NULL;
346
347 read_lock(&sco_sk_list.lock);
348
349 sk_for_each(sk, &sco_sk_list.head) {
350 if (sk->sk_state != BT_LISTEN)
351 continue;
352
353
354 if (!bacmp(&sco_pi(sk)->src, src))
355 break;
356
357
358 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
359 sk1 = sk;
360 }
361
362 read_unlock(&sco_sk_list.lock);
363
364 return sk ? sk : sk1;
365}
366
367static void sco_sock_destruct(struct sock *sk)
368{
369 BT_DBG("sk %p", sk);
370
371 skb_queue_purge(&sk->sk_receive_queue);
372 skb_queue_purge(&sk->sk_write_queue);
373}
374
375static void sco_sock_cleanup_listen(struct sock *parent)
376{
377 struct sock *sk;
378
379 BT_DBG("parent %p", parent);
380
381
382 while ((sk = bt_accept_dequeue(parent, NULL))) {
383 sco_sock_close(sk);
384 sco_sock_kill(sk);
385 }
386
387 parent->sk_state = BT_CLOSED;
388 sock_set_flag(parent, SOCK_ZAPPED);
389}
390
391
392
393
394static void sco_sock_kill(struct sock *sk)
395{
396 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
397 return;
398
399 BT_DBG("sk %p state %d", sk, sk->sk_state);
400
401
402 bt_sock_unlink(&sco_sk_list, sk);
403 sock_set_flag(sk, SOCK_DEAD);
404 sock_put(sk);
405}
406
407static void __sco_sock_close(struct sock *sk)
408{
409 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
410
411 switch (sk->sk_state) {
412 case BT_LISTEN:
413 sco_sock_cleanup_listen(sk);
414 break;
415
416 case BT_CONNECTED:
417 case BT_CONFIG:
418 if (sco_pi(sk)->conn->hcon) {
419 sk->sk_state = BT_DISCONN;
420 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
421 sco_conn_lock(sco_pi(sk)->conn);
422 hci_conn_drop(sco_pi(sk)->conn->hcon);
423 sco_pi(sk)->conn->hcon = NULL;
424 sco_conn_unlock(sco_pi(sk)->conn);
425 } else
426 sco_chan_del(sk, ECONNRESET);
427 break;
428
429 case BT_CONNECT2:
430 case BT_CONNECT:
431 case BT_DISCONN:
432 sco_chan_del(sk, ECONNRESET);
433 break;
434
435 default:
436 sock_set_flag(sk, SOCK_ZAPPED);
437 break;
438 }
439}
440
441
442static void sco_sock_close(struct sock *sk)
443{
444 sco_sock_clear_timer(sk);
445 lock_sock(sk);
446 __sco_sock_close(sk);
447 release_sock(sk);
448 sco_sock_kill(sk);
449}
450
451static void sco_sock_init(struct sock *sk, struct sock *parent)
452{
453 BT_DBG("sk %p", sk);
454
455 if (parent) {
456 sk->sk_type = parent->sk_type;
457 bt_sk(sk)->flags = bt_sk(parent)->flags;
458 security_sk_clone(parent, sk);
459 }
460}
461
462static struct proto sco_proto = {
463 .name = "SCO",
464 .owner = THIS_MODULE,
465 .obj_size = sizeof(struct sco_pinfo)
466};
467
468static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
469 int proto, gfp_t prio, int kern)
470{
471 struct sock *sk;
472
473 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
474 if (!sk)
475 return NULL;
476
477 sock_init_data(sock, sk);
478 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
479
480 sk->sk_destruct = sco_sock_destruct;
481 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
482
483 sock_reset_flag(sk, SOCK_ZAPPED);
484
485 sk->sk_protocol = proto;
486 sk->sk_state = BT_OPEN;
487
488 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
489
490 timer_setup(&sk->sk_timer, sco_sock_timeout, 0);
491
492 bt_sock_link(&sco_sk_list, sk);
493 return sk;
494}
495
496static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
497 int kern)
498{
499 struct sock *sk;
500
501 BT_DBG("sock %p", sock);
502
503 sock->state = SS_UNCONNECTED;
504
505 if (sock->type != SOCK_SEQPACKET)
506 return -ESOCKTNOSUPPORT;
507
508 sock->ops = &sco_sock_ops;
509
510 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
511 if (!sk)
512 return -ENOMEM;
513
514 sco_sock_init(sk, NULL);
515 return 0;
516}
517
518static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
519 int addr_len)
520{
521 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
522 struct sock *sk = sock->sk;
523 int err = 0;
524
525 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
526
527 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
528 addr->sa_family != AF_BLUETOOTH)
529 return -EINVAL;
530
531 lock_sock(sk);
532
533 if (sk->sk_state != BT_OPEN) {
534 err = -EBADFD;
535 goto done;
536 }
537
538 if (sk->sk_type != SOCK_SEQPACKET) {
539 err = -EINVAL;
540 goto done;
541 }
542
543 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
544
545 sk->sk_state = BT_BOUND;
546
547done:
548 release_sock(sk);
549 return err;
550}
551
552static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
553{
554 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
555 struct sock *sk = sock->sk;
556 int err;
557
558 BT_DBG("sk %p", sk);
559
560 if (alen < sizeof(struct sockaddr_sco) ||
561 addr->sa_family != AF_BLUETOOTH)
562 return -EINVAL;
563
564 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
565 return -EBADFD;
566
567 if (sk->sk_type != SOCK_SEQPACKET)
568 return -EINVAL;
569
570 lock_sock(sk);
571
572
573 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
574
575 err = sco_connect(sk);
576 if (err)
577 goto done;
578
579 err = bt_sock_wait_state(sk, BT_CONNECTED,
580 sock_sndtimeo(sk, flags & O_NONBLOCK));
581
582done:
583 release_sock(sk);
584 return err;
585}
586
587static int sco_sock_listen(struct socket *sock, int backlog)
588{
589 struct sock *sk = sock->sk;
590 bdaddr_t *src = &sco_pi(sk)->src;
591 int err = 0;
592
593 BT_DBG("sk %p backlog %d", sk, backlog);
594
595 lock_sock(sk);
596
597 if (sk->sk_state != BT_BOUND) {
598 err = -EBADFD;
599 goto done;
600 }
601
602 if (sk->sk_type != SOCK_SEQPACKET) {
603 err = -EINVAL;
604 goto done;
605 }
606
607 write_lock(&sco_sk_list.lock);
608
609 if (__sco_get_sock_listen_by_addr(src)) {
610 err = -EADDRINUSE;
611 goto unlock;
612 }
613
614 sk->sk_max_ack_backlog = backlog;
615 sk->sk_ack_backlog = 0;
616
617 sk->sk_state = BT_LISTEN;
618
619unlock:
620 write_unlock(&sco_sk_list.lock);
621
622done:
623 release_sock(sk);
624 return err;
625}
626
627static int sco_sock_accept(struct socket *sock, struct socket *newsock,
628 int flags, bool kern)
629{
630 DEFINE_WAIT_FUNC(wait, woken_wake_function);
631 struct sock *sk = sock->sk, *ch;
632 long timeo;
633 int err = 0;
634
635 lock_sock(sk);
636
637 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
638
639 BT_DBG("sk %p timeo %ld", sk, timeo);
640
641
642 add_wait_queue_exclusive(sk_sleep(sk), &wait);
643 while (1) {
644 if (sk->sk_state != BT_LISTEN) {
645 err = -EBADFD;
646 break;
647 }
648
649 ch = bt_accept_dequeue(sk, newsock);
650 if (ch)
651 break;
652
653 if (!timeo) {
654 err = -EAGAIN;
655 break;
656 }
657
658 if (signal_pending(current)) {
659 err = sock_intr_errno(timeo);
660 break;
661 }
662
663 release_sock(sk);
664
665 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
666 lock_sock(sk);
667 }
668 remove_wait_queue(sk_sleep(sk), &wait);
669
670 if (err)
671 goto done;
672
673 newsock->state = SS_CONNECTED;
674
675 BT_DBG("new socket %p", ch);
676
677done:
678 release_sock(sk);
679 return err;
680}
681
682static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
683 int peer)
684{
685 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
686 struct sock *sk = sock->sk;
687
688 BT_DBG("sock %p, sk %p", sock, sk);
689
690 addr->sa_family = AF_BLUETOOTH;
691
692 if (peer)
693 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
694 else
695 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
696
697 return sizeof(struct sockaddr_sco);
698}
699
700static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
701 size_t len)
702{
703 struct sock *sk = sock->sk;
704 int err;
705
706 BT_DBG("sock %p, sk %p", sock, sk);
707
708 err = sock_error(sk);
709 if (err)
710 return err;
711
712 if (msg->msg_flags & MSG_OOB)
713 return -EOPNOTSUPP;
714
715 lock_sock(sk);
716
717 if (sk->sk_state == BT_CONNECTED)
718 err = sco_send_frame(sk, msg, len);
719 else
720 err = -ENOTCONN;
721
722 release_sock(sk);
723 return err;
724}
725
726static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
727{
728 struct hci_dev *hdev = conn->hdev;
729
730 BT_DBG("conn %p", conn);
731
732 conn->state = BT_CONFIG;
733
734 if (!lmp_esco_capable(hdev)) {
735 struct hci_cp_accept_conn_req cp;
736
737 bacpy(&cp.bdaddr, &conn->dst);
738 cp.role = 0x00;
739
740 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
741 } else {
742 struct hci_cp_accept_sync_conn_req cp;
743
744 bacpy(&cp.bdaddr, &conn->dst);
745 cp.pkt_type = cpu_to_le16(conn->pkt_type);
746
747 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
748 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
749 cp.content_format = cpu_to_le16(setting);
750
751 switch (setting & SCO_AIRMODE_MASK) {
752 case SCO_AIRMODE_TRANSP:
753 if (conn->pkt_type & ESCO_2EV3)
754 cp.max_latency = cpu_to_le16(0x0008);
755 else
756 cp.max_latency = cpu_to_le16(0x000D);
757 cp.retrans_effort = 0x02;
758 break;
759 case SCO_AIRMODE_CVSD:
760 cp.max_latency = cpu_to_le16(0xffff);
761 cp.retrans_effort = 0xff;
762 break;
763 }
764
765 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
766 sizeof(cp), &cp);
767 }
768}
769
770static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
771 size_t len, int flags)
772{
773 struct sock *sk = sock->sk;
774 struct sco_pinfo *pi = sco_pi(sk);
775
776 lock_sock(sk);
777
778 if (sk->sk_state == BT_CONNECT2 &&
779 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
780 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
781 sk->sk_state = BT_CONFIG;
782
783 release_sock(sk);
784 return 0;
785 }
786
787 release_sock(sk);
788
789 return bt_sock_recvmsg(sock, msg, len, flags);
790}
791
792static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
793 char __user *optval, unsigned int optlen)
794{
795 struct sock *sk = sock->sk;
796 int len, err = 0;
797 struct bt_voice voice;
798 u32 opt;
799
800 BT_DBG("sk %p", sk);
801
802 lock_sock(sk);
803
804 switch (optname) {
805
806 case BT_DEFER_SETUP:
807 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
808 err = -EINVAL;
809 break;
810 }
811
812 if (get_user(opt, (u32 __user *) optval)) {
813 err = -EFAULT;
814 break;
815 }
816
817 if (opt)
818 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
819 else
820 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
821 break;
822
823 case BT_VOICE:
824 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
825 sk->sk_state != BT_CONNECT2) {
826 err = -EINVAL;
827 break;
828 }
829
830 voice.setting = sco_pi(sk)->setting;
831
832 len = min_t(unsigned int, sizeof(voice), optlen);
833 if (copy_from_user((char *)&voice, optval, len)) {
834 err = -EFAULT;
835 break;
836 }
837
838
839 if (voice.setting != BT_VOICE_TRANSPARENT &&
840 voice.setting != BT_VOICE_CVSD_16BIT) {
841 err = -EINVAL;
842 break;
843 }
844
845 sco_pi(sk)->setting = voice.setting;
846 break;
847
848 default:
849 err = -ENOPROTOOPT;
850 break;
851 }
852
853 release_sock(sk);
854 return err;
855}
856
857static int sco_sock_getsockopt_old(struct socket *sock, int optname,
858 char __user *optval, int __user *optlen)
859{
860 struct sock *sk = sock->sk;
861 struct sco_options opts;
862 struct sco_conninfo cinfo;
863 int len, err = 0;
864
865 BT_DBG("sk %p", sk);
866
867 if (get_user(len, optlen))
868 return -EFAULT;
869
870 lock_sock(sk);
871
872 switch (optname) {
873 case SCO_OPTIONS:
874 if (sk->sk_state != BT_CONNECTED &&
875 !(sk->sk_state == BT_CONNECT2 &&
876 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
877 err = -ENOTCONN;
878 break;
879 }
880
881 opts.mtu = sco_pi(sk)->conn->mtu;
882
883 BT_DBG("mtu %d", opts.mtu);
884
885 len = min_t(unsigned int, len, sizeof(opts));
886 if (copy_to_user(optval, (char *)&opts, len))
887 err = -EFAULT;
888
889 break;
890
891 case SCO_CONNINFO:
892 if (sk->sk_state != BT_CONNECTED &&
893 !(sk->sk_state == BT_CONNECT2 &&
894 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
895 err = -ENOTCONN;
896 break;
897 }
898
899 memset(&cinfo, 0, sizeof(cinfo));
900 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
901 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
902
903 len = min_t(unsigned int, len, sizeof(cinfo));
904 if (copy_to_user(optval, (char *)&cinfo, len))
905 err = -EFAULT;
906
907 break;
908
909 default:
910 err = -ENOPROTOOPT;
911 break;
912 }
913
914 release_sock(sk);
915 return err;
916}
917
918static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
919 char __user *optval, int __user *optlen)
920{
921 struct sock *sk = sock->sk;
922 int len, err = 0;
923 struct bt_voice voice;
924
925 BT_DBG("sk %p", sk);
926
927 if (level == SOL_SCO)
928 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
929
930 if (get_user(len, optlen))
931 return -EFAULT;
932
933 lock_sock(sk);
934
935 switch (optname) {
936
937 case BT_DEFER_SETUP:
938 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
939 err = -EINVAL;
940 break;
941 }
942
943 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
944 (u32 __user *)optval))
945 err = -EFAULT;
946
947 break;
948
949 case BT_VOICE:
950 voice.setting = sco_pi(sk)->setting;
951
952 len = min_t(unsigned int, len, sizeof(voice));
953 if (copy_to_user(optval, (char *)&voice, len))
954 err = -EFAULT;
955
956 break;
957
958 default:
959 err = -ENOPROTOOPT;
960 break;
961 }
962
963 release_sock(sk);
964 return err;
965}
966
967static int sco_sock_shutdown(struct socket *sock, int how)
968{
969 struct sock *sk = sock->sk;
970 int err = 0;
971
972 BT_DBG("sock %p, sk %p", sock, sk);
973
974 if (!sk)
975 return 0;
976
977 sock_hold(sk);
978 lock_sock(sk);
979
980 if (!sk->sk_shutdown) {
981 sk->sk_shutdown = SHUTDOWN_MASK;
982 sco_sock_clear_timer(sk);
983 __sco_sock_close(sk);
984
985 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
986 !(current->flags & PF_EXITING))
987 err = bt_sock_wait_state(sk, BT_CLOSED,
988 sk->sk_lingertime);
989 }
990
991 release_sock(sk);
992 sock_put(sk);
993
994 return err;
995}
996
997static int sco_sock_release(struct socket *sock)
998{
999 struct sock *sk = sock->sk;
1000 int err = 0;
1001
1002 BT_DBG("sock %p, sk %p", sock, sk);
1003
1004 if (!sk)
1005 return 0;
1006
1007 sco_sock_close(sk);
1008
1009 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1010 !(current->flags & PF_EXITING)) {
1011 lock_sock(sk);
1012 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1013 release_sock(sk);
1014 }
1015
1016 sock_orphan(sk);
1017 sco_sock_kill(sk);
1018 return err;
1019}
1020
1021static void sco_conn_ready(struct sco_conn *conn)
1022{
1023 struct sock *parent;
1024 struct sock *sk = conn->sk;
1025
1026 BT_DBG("conn %p", conn);
1027
1028 if (sk) {
1029 sco_sock_clear_timer(sk);
1030 bh_lock_sock(sk);
1031 sk->sk_state = BT_CONNECTED;
1032 sk->sk_state_change(sk);
1033 bh_unlock_sock(sk);
1034 } else {
1035 sco_conn_lock(conn);
1036
1037 if (!conn->hcon) {
1038 sco_conn_unlock(conn);
1039 return;
1040 }
1041
1042 parent = sco_get_sock_listen(&conn->hcon->src);
1043 if (!parent) {
1044 sco_conn_unlock(conn);
1045 return;
1046 }
1047
1048 bh_lock_sock(parent);
1049
1050 sk = sco_sock_alloc(sock_net(parent), NULL,
1051 BTPROTO_SCO, GFP_ATOMIC, 0);
1052 if (!sk) {
1053 bh_unlock_sock(parent);
1054 sco_conn_unlock(conn);
1055 return;
1056 }
1057
1058 sco_sock_init(sk, parent);
1059
1060 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1061 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1062
1063 hci_conn_hold(conn->hcon);
1064 __sco_chan_add(conn, sk, parent);
1065
1066 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1067 sk->sk_state = BT_CONNECT2;
1068 else
1069 sk->sk_state = BT_CONNECTED;
1070
1071
1072 parent->sk_data_ready(parent);
1073
1074 bh_unlock_sock(parent);
1075
1076 sco_conn_unlock(conn);
1077 }
1078}
1079
1080
1081int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1082{
1083 struct sock *sk;
1084 int lm = 0;
1085
1086 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1087
1088
1089 read_lock(&sco_sk_list.lock);
1090 sk_for_each(sk, &sco_sk_list.head) {
1091 if (sk->sk_state != BT_LISTEN)
1092 continue;
1093
1094 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1095 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1096 lm |= HCI_LM_ACCEPT;
1097
1098 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1099 *flags |= HCI_PROTO_DEFER;
1100 break;
1101 }
1102 }
1103 read_unlock(&sco_sk_list.lock);
1104
1105 return lm;
1106}
1107
1108static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1109{
1110 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1111 return;
1112
1113 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1114
1115 if (!status) {
1116 struct sco_conn *conn;
1117
1118 conn = sco_conn_add(hcon);
1119 if (conn)
1120 sco_conn_ready(conn);
1121 } else
1122 sco_conn_del(hcon, bt_to_errno(status));
1123}
1124
1125static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1126{
1127 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1128 return;
1129
1130 BT_DBG("hcon %p reason %d", hcon, reason);
1131
1132 sco_conn_del(hcon, bt_to_errno(reason));
1133}
1134
1135void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1136{
1137 struct sco_conn *conn = hcon->sco_data;
1138
1139 if (!conn)
1140 goto drop;
1141
1142 BT_DBG("conn %p len %d", conn, skb->len);
1143
1144 if (skb->len) {
1145 sco_recv_frame(conn, skb);
1146 return;
1147 }
1148
1149drop:
1150 kfree_skb(skb);
1151}
1152
1153static struct hci_cb sco_cb = {
1154 .name = "SCO",
1155 .connect_cfm = sco_connect_cfm,
1156 .disconn_cfm = sco_disconn_cfm,
1157};
1158
1159static int sco_debugfs_show(struct seq_file *f, void *p)
1160{
1161 struct sock *sk;
1162
1163 read_lock(&sco_sk_list.lock);
1164
1165 sk_for_each(sk, &sco_sk_list.head) {
1166 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1167 &sco_pi(sk)->dst, sk->sk_state);
1168 }
1169
1170 read_unlock(&sco_sk_list.lock);
1171
1172 return 0;
1173}
1174
1175static int sco_debugfs_open(struct inode *inode, struct file *file)
1176{
1177 return single_open(file, sco_debugfs_show, inode->i_private);
1178}
1179
1180static const struct file_operations sco_debugfs_fops = {
1181 .open = sco_debugfs_open,
1182 .read = seq_read,
1183 .llseek = seq_lseek,
1184 .release = single_release,
1185};
1186
1187static struct dentry *sco_debugfs;
1188
1189static const struct proto_ops sco_sock_ops = {
1190 .family = PF_BLUETOOTH,
1191 .owner = THIS_MODULE,
1192 .release = sco_sock_release,
1193 .bind = sco_sock_bind,
1194 .connect = sco_sock_connect,
1195 .listen = sco_sock_listen,
1196 .accept = sco_sock_accept,
1197 .getname = sco_sock_getname,
1198 .sendmsg = sco_sock_sendmsg,
1199 .recvmsg = sco_sock_recvmsg,
1200 .poll = bt_sock_poll,
1201 .ioctl = bt_sock_ioctl,
1202 .mmap = sock_no_mmap,
1203 .socketpair = sock_no_socketpair,
1204 .shutdown = sco_sock_shutdown,
1205 .setsockopt = sco_sock_setsockopt,
1206 .getsockopt = sco_sock_getsockopt
1207};
1208
1209static const struct net_proto_family sco_sock_family_ops = {
1210 .family = PF_BLUETOOTH,
1211 .owner = THIS_MODULE,
1212 .create = sco_sock_create,
1213};
1214
1215int __init sco_init(void)
1216{
1217 int err;
1218
1219 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1220
1221 err = proto_register(&sco_proto, 0);
1222 if (err < 0)
1223 return err;
1224
1225 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1226 if (err < 0) {
1227 BT_ERR("SCO socket registration failed");
1228 goto error;
1229 }
1230
1231 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1232 if (err < 0) {
1233 BT_ERR("Failed to create SCO proc file");
1234 bt_sock_unregister(BTPROTO_SCO);
1235 goto error;
1236 }
1237
1238 BT_INFO("SCO socket layer initialized");
1239
1240 hci_register_cb(&sco_cb);
1241
1242 if (IS_ERR_OR_NULL(bt_debugfs))
1243 return 0;
1244
1245 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1246 NULL, &sco_debugfs_fops);
1247
1248 return 0;
1249
1250error:
1251 proto_unregister(&sco_proto);
1252 return err;
1253}
1254
1255void sco_exit(void)
1256{
1257 bt_procfs_cleanup(&init_net, "sco");
1258
1259 debugfs_remove(sco_debugfs);
1260
1261 hci_unregister_cb(&sco_cb);
1262
1263 bt_sock_unregister(BTPROTO_SCO);
1264
1265 proto_unregister(&sco_proto);
1266}
1267
1268module_param(disable_esco, bool, 0644);
1269MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1270
