1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/module.h>
28#include <linux/debugfs.h>
29#include <linux/seq_file.h>
30
31#include <net/bluetooth/bluetooth.h>
32#include <net/bluetooth/hci_core.h>
33#include <net/bluetooth/sco.h>
34
35static bool disable_esco;
36
37static const struct proto_ops sco_sock_ops;
38
39static struct bt_sock_list sco_sk_list = {
40 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
41};
42
43
44struct sco_conn {
45 struct hci_conn *hcon;
46
47 spinlock_t lock;
48 struct sock *sk;
49
50 unsigned int mtu;
51};
52
53#define sco_conn_lock(c) spin_lock(&c->lock);
54#define sco_conn_unlock(c) spin_unlock(&c->lock);
55
56static void sco_sock_close(struct sock *sk);
57static void sco_sock_kill(struct sock *sk);
58
59
60#define sco_pi(sk) ((struct sco_pinfo *) sk)
61
62struct sco_pinfo {
63 struct bt_sock bt;
64 bdaddr_t src;
65 bdaddr_t dst;
66 __u32 flags;
67 __u16 setting;
68 struct sco_conn *conn;
69};
70
71
72#define SCO_CONN_TIMEOUT (HZ * 40)
73#define SCO_DISCONN_TIMEOUT (HZ * 2)
74
75static void sco_sock_timeout(unsigned long arg)
76{
77 struct sock *sk = (struct sock *)arg;
78
79 BT_DBG("sock %p state %d", sk, sk->sk_state);
80
81 bh_lock_sock(sk);
82 sk->sk_err = ETIMEDOUT;
83 sk->sk_state_change(sk);
84 bh_unlock_sock(sk);
85
86 sco_sock_kill(sk);
87 sock_put(sk);
88}
89
90static void sco_sock_set_timer(struct sock *sk, long timeout)
91{
92 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
93 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
94}
95
96static void sco_sock_clear_timer(struct sock *sk)
97{
98 BT_DBG("sock %p state %d", sk, sk->sk_state);
99 sk_stop_timer(sk, &sk->sk_timer);
100}
101
102
103static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
104{
105 struct hci_dev *hdev = hcon->hdev;
106 struct sco_conn *conn = hcon->sco_data;
107
108 if (conn)
109 return conn;
110
111 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
112 if (!conn)
113 return NULL;
114
115 spin_lock_init(&conn->lock);
116
117 hcon->sco_data = conn;
118 conn->hcon = hcon;
119
120 if (hdev->sco_mtu > 0)
121 conn->mtu = hdev->sco_mtu;
122 else
123 conn->mtu = 60;
124
125 BT_DBG("hcon %p conn %p", hcon, conn);
126
127 return conn;
128}
129
130
131
132static void sco_chan_del(struct sock *sk, int err)
133{
134 struct sco_conn *conn;
135
136 conn = sco_pi(sk)->conn;
137
138 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
139
140 if (conn) {
141 sco_conn_lock(conn);
142 conn->sk = NULL;
143 sco_pi(sk)->conn = NULL;
144 sco_conn_unlock(conn);
145
146 if (conn->hcon)
147 hci_conn_drop(conn->hcon);
148 }
149
150 sk->sk_state = BT_CLOSED;
151 sk->sk_err = err;
152 sk->sk_state_change(sk);
153
154 sock_set_flag(sk, SOCK_ZAPPED);
155}
156
157static void sco_conn_del(struct hci_conn *hcon, int err)
158{
159 struct sco_conn *conn = hcon->sco_data;
160 struct sock *sk;
161
162 if (!conn)
163 return;
164
165 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
166
167
168 sco_conn_lock(conn);
169 sk = conn->sk;
170 sco_conn_unlock(conn);
171
172 if (sk) {
173 sock_hold(sk);
174 bh_lock_sock(sk);
175 sco_sock_clear_timer(sk);
176 sco_chan_del(sk, err);
177 bh_unlock_sock(sk);
178 sco_sock_kill(sk);
179 sock_put(sk);
180 }
181
182 hcon->sco_data = NULL;
183 kfree(conn);
184}
185
186static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
187 struct sock *parent)
188{
189 BT_DBG("conn %p", conn);
190
191 sco_pi(sk)->conn = conn;
192 conn->sk = sk;
193
194 if (parent)
195 bt_accept_enqueue(parent, sk);
196}
197
198static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
199 struct sock *parent)
200{
201 int err = 0;
202
203 sco_conn_lock(conn);
204 if (conn->sk)
205 err = -EBUSY;
206 else
207 __sco_chan_add(conn, sk, parent);
208
209 sco_conn_unlock(conn);
210 return err;
211}
212
213static int sco_connect(struct sock *sk)
214{
215 struct sco_conn *conn;
216 struct hci_conn *hcon;
217 struct hci_dev *hdev;
218 int err, type;
219
220 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
221
222 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
223 if (!hdev)
224 return -EHOSTUNREACH;
225
226 hci_dev_lock(hdev);
227
228 if (lmp_esco_capable(hdev) && !disable_esco)
229 type = ESCO_LINK;
230 else
231 type = SCO_LINK;
232
233 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
234 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
235 err = -EOPNOTSUPP;
236 goto done;
237 }
238
239 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
240 sco_pi(sk)->setting);
241 if (IS_ERR(hcon)) {
242 err = PTR_ERR(hcon);
243 goto done;
244 }
245
246 conn = sco_conn_add(hcon);
247 if (!conn) {
248 hci_conn_drop(hcon);
249 err = -ENOMEM;
250 goto done;
251 }
252
253
254 bacpy(&sco_pi(sk)->src, &hcon->src);
255
256 err = sco_chan_add(conn, sk, NULL);
257 if (err)
258 goto done;
259
260 if (hcon->state == BT_CONNECTED) {
261 sco_sock_clear_timer(sk);
262 sk->sk_state = BT_CONNECTED;
263 } else {
264 sk->sk_state = BT_CONNECT;
265 sco_sock_set_timer(sk, sk->sk_sndtimeo);
266 }
267
268done:
269 hci_dev_unlock(hdev);
270 hci_dev_put(hdev);
271 return err;
272}
273
274static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
275{
276 struct sco_conn *conn = sco_pi(sk)->conn;
277 struct sk_buff *skb;
278 int err;
279
280
281 if (len > conn->mtu)
282 return -EINVAL;
283
284 BT_DBG("sk %p len %d", sk, len);
285
286 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
287 if (!skb)
288 return err;
289
290 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
291 kfree_skb(skb);
292 return -EFAULT;
293 }
294
295 hci_send_sco(conn->hcon, skb);
296
297 return len;
298}
299
300static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
301{
302 struct sock *sk;
303
304 sco_conn_lock(conn);
305 sk = conn->sk;
306 sco_conn_unlock(conn);
307
308 if (!sk)
309 goto drop;
310
311 BT_DBG("sk %p len %d", sk, skb->len);
312
313 if (sk->sk_state != BT_CONNECTED)
314 goto drop;
315
316 if (!sock_queue_rcv_skb(sk, skb))
317 return;
318
319drop:
320 kfree_skb(skb);
321}
322
323
324static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
325{
326 struct sock *sk;
327
328 sk_for_each(sk, &sco_sk_list.head) {
329 if (sk->sk_state != BT_LISTEN)
330 continue;
331
332 if (!bacmp(&sco_pi(sk)->src, ba))
333 return sk;
334 }
335
336 return NULL;
337}
338
339
340
341
342static struct sock *sco_get_sock_listen(bdaddr_t *src)
343{
344 struct sock *sk = NULL, *sk1 = NULL;
345
346 read_lock(&sco_sk_list.lock);
347
348 sk_for_each(sk, &sco_sk_list.head) {
349 if (sk->sk_state != BT_LISTEN)
350 continue;
351
352
353 if (!bacmp(&sco_pi(sk)->src, src))
354 break;
355
356
357 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
358 sk1 = sk;
359 }
360
361 read_unlock(&sco_sk_list.lock);
362
363 return sk ? sk : sk1;
364}
365
366static void sco_sock_destruct(struct sock *sk)
367{
368 BT_DBG("sk %p", sk);
369
370 skb_queue_purge(&sk->sk_receive_queue);
371 skb_queue_purge(&sk->sk_write_queue);
372}
373
374static void sco_sock_cleanup_listen(struct sock *parent)
375{
376 struct sock *sk;
377
378 BT_DBG("parent %p", parent);
379
380
381 while ((sk = bt_accept_dequeue(parent, NULL))) {
382 sco_sock_close(sk);
383 sco_sock_kill(sk);
384 }
385
386 parent->sk_state = BT_CLOSED;
387 sock_set_flag(parent, SOCK_ZAPPED);
388}
389
390
391
392
393static void sco_sock_kill(struct sock *sk)
394{
395 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
396 return;
397
398 BT_DBG("sk %p state %d", sk, sk->sk_state);
399
400
401 bt_sock_unlink(&sco_sk_list, sk);
402 sock_set_flag(sk, SOCK_DEAD);
403 sock_put(sk);
404}
405
406static void __sco_sock_close(struct sock *sk)
407{
408 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
409
410 switch (sk->sk_state) {
411 case BT_LISTEN:
412 sco_sock_cleanup_listen(sk);
413 break;
414
415 case BT_CONNECTED:
416 case BT_CONFIG:
417 if (sco_pi(sk)->conn->hcon) {
418 sk->sk_state = BT_DISCONN;
419 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
420 sco_conn_lock(sco_pi(sk)->conn);
421 hci_conn_drop(sco_pi(sk)->conn->hcon);
422 sco_pi(sk)->conn->hcon = NULL;
423 sco_conn_unlock(sco_pi(sk)->conn);
424 } else
425 sco_chan_del(sk, ECONNRESET);
426 break;
427
428 case BT_CONNECT2:
429 case BT_CONNECT:
430 case BT_DISCONN:
431 sco_chan_del(sk, ECONNRESET);
432 break;
433
434 default:
435 sock_set_flag(sk, SOCK_ZAPPED);
436 break;
437 }
438}
439
440
441static void sco_sock_close(struct sock *sk)
442{
443 sco_sock_clear_timer(sk);
444 lock_sock(sk);
445 __sco_sock_close(sk);
446 release_sock(sk);
447 sco_sock_kill(sk);
448}
449
450static void sco_sock_init(struct sock *sk, struct sock *parent)
451{
452 BT_DBG("sk %p", sk);
453
454 if (parent) {
455 sk->sk_type = parent->sk_type;
456 bt_sk(sk)->flags = bt_sk(parent)->flags;
457 security_sk_clone(parent, sk);
458 }
459}
460
461static struct proto sco_proto = {
462 .name = "SCO",
463 .owner = THIS_MODULE,
464 .obj_size = sizeof(struct sco_pinfo)
465};
466
467static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
468 int proto, gfp_t prio, int kern)
469{
470 struct sock *sk;
471
472 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
473 if (!sk)
474 return NULL;
475
476 sock_init_data(sock, sk);
477 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
478
479 sk->sk_destruct = sco_sock_destruct;
480 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
481
482 sock_reset_flag(sk, SOCK_ZAPPED);
483
484 sk->sk_protocol = proto;
485 sk->sk_state = BT_OPEN;
486
487 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
488
489 setup_timer(&sk->sk_timer, sco_sock_timeout, (unsigned long)sk);
490
491 bt_sock_link(&sco_sk_list, sk);
492 return sk;
493}
494
495static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
496 int kern)
497{
498 struct sock *sk;
499
500 BT_DBG("sock %p", sock);
501
502 sock->state = SS_UNCONNECTED;
503
504 if (sock->type != SOCK_SEQPACKET)
505 return -ESOCKTNOSUPPORT;
506
507 sock->ops = &sco_sock_ops;
508
509 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
510 if (!sk)
511 return -ENOMEM;
512
513 sco_sock_init(sk, NULL);
514 return 0;
515}
516
517static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
518 int addr_len)
519{
520 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
521 struct sock *sk = sock->sk;
522 int err = 0;
523
524 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
525
526 if (!addr || addr->sa_family != AF_BLUETOOTH)
527 return -EINVAL;
528
529 if (addr_len < sizeof(struct sockaddr_sco))
530 return -EINVAL;
531
532 lock_sock(sk);
533
534 if (sk->sk_state != BT_OPEN) {
535 err = -EBADFD;
536 goto done;
537 }
538
539 if (sk->sk_type != SOCK_SEQPACKET) {
540 err = -EINVAL;
541 goto done;
542 }
543
544 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
545
546 sk->sk_state = BT_BOUND;
547
548done:
549 release_sock(sk);
550 return err;
551}
552
553static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
554{
555 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
556 struct sock *sk = sock->sk;
557 int err;
558
559 BT_DBG("sk %p", sk);
560
561 if (alen < sizeof(struct sockaddr_sco) ||
562 addr->sa_family != AF_BLUETOOTH)
563 return -EINVAL;
564
565 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
566 return -EBADFD;
567
568 if (sk->sk_type != SOCK_SEQPACKET)
569 return -EINVAL;
570
571 lock_sock(sk);
572
573
574 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
575
576 err = sco_connect(sk);
577 if (err)
578 goto done;
579
580 err = bt_sock_wait_state(sk, BT_CONNECTED,
581 sock_sndtimeo(sk, flags & O_NONBLOCK));
582
583done:
584 release_sock(sk);
585 return err;
586}
587
588static int sco_sock_listen(struct socket *sock, int backlog)
589{
590 struct sock *sk = sock->sk;
591 bdaddr_t *src = &sco_pi(sk)->src;
592 int err = 0;
593
594 BT_DBG("sk %p backlog %d", sk, backlog);
595
596 lock_sock(sk);
597
598 if (sk->sk_state != BT_BOUND) {
599 err = -EBADFD;
600 goto done;
601 }
602
603 if (sk->sk_type != SOCK_SEQPACKET) {
604 err = -EINVAL;
605 goto done;
606 }
607
608 write_lock(&sco_sk_list.lock);
609
610 if (__sco_get_sock_listen_by_addr(src)) {
611 err = -EADDRINUSE;
612 goto unlock;
613 }
614
615 sk->sk_max_ack_backlog = backlog;
616 sk->sk_ack_backlog = 0;
617
618 sk->sk_state = BT_LISTEN;
619
620unlock:
621 write_unlock(&sco_sk_list.lock);
622
623done:
624 release_sock(sk);
625 return err;
626}
627
628static int sco_sock_accept(struct socket *sock, struct socket *newsock,
629 int flags)
630{
631 DEFINE_WAIT_FUNC(wait, woken_wake_function);
632 struct sock *sk = sock->sk, *ch;
633 long timeo;
634 int err = 0;
635
636 lock_sock(sk);
637
638 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
639
640 BT_DBG("sk %p timeo %ld", sk, timeo);
641
642
643 add_wait_queue_exclusive(sk_sleep(sk), &wait);
644 while (1) {
645 if (sk->sk_state != BT_LISTEN) {
646 err = -EBADFD;
647 break;
648 }
649
650 ch = bt_accept_dequeue(sk, newsock);
651 if (ch)
652 break;
653
654 if (!timeo) {
655 err = -EAGAIN;
656 break;
657 }
658
659 if (signal_pending(current)) {
660 err = sock_intr_errno(timeo);
661 break;
662 }
663
664 release_sock(sk);
665
666 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
667 lock_sock(sk);
668 }
669 remove_wait_queue(sk_sleep(sk), &wait);
670
671 if (err)
672 goto done;
673
674 newsock->state = SS_CONNECTED;
675
676 BT_DBG("new socket %p", ch);
677
678done:
679 release_sock(sk);
680 return err;
681}
682
683static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
684 int *len, int peer)
685{
686 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
687 struct sock *sk = sock->sk;
688
689 BT_DBG("sock %p, sk %p", sock, sk);
690
691 addr->sa_family = AF_BLUETOOTH;
692 *len = sizeof(struct sockaddr_sco);
693
694 if (peer)
695 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
696 else
697 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
698
699 return 0;
700}
701
702static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
703 size_t len)
704{
705 struct sock *sk = sock->sk;
706 int err;
707
708 BT_DBG("sock %p, sk %p", sock, sk);
709
710 err = sock_error(sk);
711 if (err)
712 return err;
713
714 if (msg->msg_flags & MSG_OOB)
715 return -EOPNOTSUPP;
716
717 lock_sock(sk);
718
719 if (sk->sk_state == BT_CONNECTED)
720 err = sco_send_frame(sk, msg, len);
721 else
722 err = -ENOTCONN;
723
724 release_sock(sk);
725 return err;
726}
727
728static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
729{
730 struct hci_dev *hdev = conn->hdev;
731
732 BT_DBG("conn %p", conn);
733
734 conn->state = BT_CONFIG;
735
736 if (!lmp_esco_capable(hdev)) {
737 struct hci_cp_accept_conn_req cp;
738
739 bacpy(&cp.bdaddr, &conn->dst);
740 cp.role = 0x00;
741
742 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
743 } else {
744 struct hci_cp_accept_sync_conn_req cp;
745
746 bacpy(&cp.bdaddr, &conn->dst);
747 cp.pkt_type = cpu_to_le16(conn->pkt_type);
748
749 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
750 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
751 cp.content_format = cpu_to_le16(setting);
752
753 switch (setting & SCO_AIRMODE_MASK) {
754 case SCO_AIRMODE_TRANSP:
755 if (conn->pkt_type & ESCO_2EV3)
756 cp.max_latency = cpu_to_le16(0x0008);
757 else
758 cp.max_latency = cpu_to_le16(0x000D);
759 cp.retrans_effort = 0x02;
760 break;
761 case SCO_AIRMODE_CVSD:
762 cp.max_latency = cpu_to_le16(0xffff);
763 cp.retrans_effort = 0xff;
764 break;
765 }
766
767 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
768 sizeof(cp), &cp);
769 }
770}
771
772static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
773 size_t len, int flags)
774{
775 struct sock *sk = sock->sk;
776 struct sco_pinfo *pi = sco_pi(sk);
777
778 lock_sock(sk);
779
780 if (sk->sk_state == BT_CONNECT2 &&
781 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
782 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
783 sk->sk_state = BT_CONFIG;
784
785 release_sock(sk);
786 return 0;
787 }
788
789 release_sock(sk);
790
791 return bt_sock_recvmsg(sock, msg, len, flags);
792}
793
794static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
795 char __user *optval, unsigned int optlen)
796{
797 struct sock *sk = sock->sk;
798 int len, err = 0;
799 struct bt_voice voice;
800 u32 opt;
801
802 BT_DBG("sk %p", sk);
803
804 lock_sock(sk);
805
806 switch (optname) {
807
808 case BT_DEFER_SETUP:
809 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
810 err = -EINVAL;
811 break;
812 }
813
814 if (get_user(opt, (u32 __user *) optval)) {
815 err = -EFAULT;
816 break;
817 }
818
819 if (opt)
820 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
821 else
822 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
823 break;
824
825 case BT_VOICE:
826 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
827 sk->sk_state != BT_CONNECT2) {
828 err = -EINVAL;
829 break;
830 }
831
832 voice.setting = sco_pi(sk)->setting;
833
834 len = min_t(unsigned int, sizeof(voice), optlen);
835 if (copy_from_user((char *)&voice, optval, len)) {
836 err = -EFAULT;
837 break;
838 }
839
840
841 if (voice.setting != BT_VOICE_TRANSPARENT &&
842 voice.setting != BT_VOICE_CVSD_16BIT) {
843 err = -EINVAL;
844 break;
845 }
846
847 sco_pi(sk)->setting = voice.setting;
848 break;
849
850 default:
851 err = -ENOPROTOOPT;
852 break;
853 }
854
855 release_sock(sk);
856 return err;
857}
858
859static int sco_sock_getsockopt_old(struct socket *sock, int optname,
860 char __user *optval, int __user *optlen)
861{
862 struct sock *sk = sock->sk;
863 struct sco_options opts;
864 struct sco_conninfo cinfo;
865 int len, err = 0;
866
867 BT_DBG("sk %p", sk);
868
869 if (get_user(len, optlen))
870 return -EFAULT;
871
872 lock_sock(sk);
873
874 switch (optname) {
875 case SCO_OPTIONS:
876 if (sk->sk_state != BT_CONNECTED &&
877 !(sk->sk_state == BT_CONNECT2 &&
878 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
879 err = -ENOTCONN;
880 break;
881 }
882
883 opts.mtu = sco_pi(sk)->conn->mtu;
884
885 BT_DBG("mtu %d", opts.mtu);
886
887 len = min_t(unsigned int, len, sizeof(opts));
888 if (copy_to_user(optval, (char *)&opts, len))
889 err = -EFAULT;
890
891 break;
892
893 case SCO_CONNINFO:
894 if (sk->sk_state != BT_CONNECTED &&
895 !(sk->sk_state == BT_CONNECT2 &&
896 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
897 err = -ENOTCONN;
898 break;
899 }
900
901 memset(&cinfo, 0, sizeof(cinfo));
902 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
903 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
904
905 len = min_t(unsigned int, len, sizeof(cinfo));
906 if (copy_to_user(optval, (char *)&cinfo, len))
907 err = -EFAULT;
908
909 break;
910
911 default:
912 err = -ENOPROTOOPT;
913 break;
914 }
915
916 release_sock(sk);
917 return err;
918}
919
920static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
921 char __user *optval, int __user *optlen)
922{
923 struct sock *sk = sock->sk;
924 int len, err = 0;
925 struct bt_voice voice;
926
927 BT_DBG("sk %p", sk);
928
929 if (level == SOL_SCO)
930 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
931
932 if (get_user(len, optlen))
933 return -EFAULT;
934
935 lock_sock(sk);
936
937 switch (optname) {
938
939 case BT_DEFER_SETUP:
940 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
941 err = -EINVAL;
942 break;
943 }
944
945 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
946 (u32 __user *)optval))
947 err = -EFAULT;
948
949 break;
950
951 case BT_VOICE:
952 voice.setting = sco_pi(sk)->setting;
953
954 len = min_t(unsigned int, len, sizeof(voice));
955 if (copy_to_user(optval, (char *)&voice, len))
956 err = -EFAULT;
957
958 break;
959
960 default:
961 err = -ENOPROTOOPT;
962 break;
963 }
964
965 release_sock(sk);
966 return err;
967}
968
969static int sco_sock_shutdown(struct socket *sock, int how)
970{
971 struct sock *sk = sock->sk;
972 int err = 0;
973
974 BT_DBG("sock %p, sk %p", sock, sk);
975
976 if (!sk)
977 return 0;
978
979 sock_hold(sk);
980 lock_sock(sk);
981
982 if (!sk->sk_shutdown) {
983 sk->sk_shutdown = SHUTDOWN_MASK;
984 sco_sock_clear_timer(sk);
985 __sco_sock_close(sk);
986
987 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
988 !(current->flags & PF_EXITING))
989 err = bt_sock_wait_state(sk, BT_CLOSED,
990 sk->sk_lingertime);
991 }
992
993 release_sock(sk);
994 sock_put(sk);
995
996 return err;
997}
998
999static int sco_sock_release(struct socket *sock)
1000{
1001 struct sock *sk = sock->sk;
1002 int err = 0;
1003
1004 BT_DBG("sock %p, sk %p", sock, sk);
1005
1006 if (!sk)
1007 return 0;
1008
1009 sco_sock_close(sk);
1010
1011 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1012 !(current->flags & PF_EXITING)) {
1013 lock_sock(sk);
1014 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1015 release_sock(sk);
1016 }
1017
1018 sock_orphan(sk);
1019 sco_sock_kill(sk);
1020 return err;
1021}
1022
1023static void sco_conn_ready(struct sco_conn *conn)
1024{
1025 struct sock *parent;
1026 struct sock *sk = conn->sk;
1027
1028 BT_DBG("conn %p", conn);
1029
1030 if (sk) {
1031 sco_sock_clear_timer(sk);
1032 bh_lock_sock(sk);
1033 sk->sk_state = BT_CONNECTED;
1034 sk->sk_state_change(sk);
1035 bh_unlock_sock(sk);
1036 } else {
1037 sco_conn_lock(conn);
1038
1039 if (!conn->hcon) {
1040 sco_conn_unlock(conn);
1041 return;
1042 }
1043
1044 parent = sco_get_sock_listen(&conn->hcon->src);
1045 if (!parent) {
1046 sco_conn_unlock(conn);
1047 return;
1048 }
1049
1050 bh_lock_sock(parent);
1051
1052 sk = sco_sock_alloc(sock_net(parent), NULL,
1053 BTPROTO_SCO, GFP_ATOMIC, 0);
1054 if (!sk) {
1055 bh_unlock_sock(parent);
1056 sco_conn_unlock(conn);
1057 return;
1058 }
1059
1060 sco_sock_init(sk, parent);
1061
1062 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1063 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1064
1065 hci_conn_hold(conn->hcon);
1066 __sco_chan_add(conn, sk, parent);
1067
1068 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1069 sk->sk_state = BT_CONNECT2;
1070 else
1071 sk->sk_state = BT_CONNECTED;
1072
1073
1074 parent->sk_data_ready(parent);
1075
1076 bh_unlock_sock(parent);
1077
1078 sco_conn_unlock(conn);
1079 }
1080}
1081
1082
1083int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1084{
1085 struct sock *sk;
1086 int lm = 0;
1087
1088 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1089
1090
1091 read_lock(&sco_sk_list.lock);
1092 sk_for_each(sk, &sco_sk_list.head) {
1093 if (sk->sk_state != BT_LISTEN)
1094 continue;
1095
1096 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1097 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1098 lm |= HCI_LM_ACCEPT;
1099
1100 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1101 *flags |= HCI_PROTO_DEFER;
1102 break;
1103 }
1104 }
1105 read_unlock(&sco_sk_list.lock);
1106
1107 return lm;
1108}
1109
1110static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1111{
1112 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1113 return;
1114
1115 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1116
1117 if (!status) {
1118 struct sco_conn *conn;
1119
1120 conn = sco_conn_add(hcon);
1121 if (conn)
1122 sco_conn_ready(conn);
1123 } else
1124 sco_conn_del(hcon, bt_to_errno(status));
1125}
1126
1127static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1128{
1129 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1130 return;
1131
1132 BT_DBG("hcon %p reason %d", hcon, reason);
1133
1134 sco_conn_del(hcon, bt_to_errno(reason));
1135}
1136
1137void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1138{
1139 struct sco_conn *conn = hcon->sco_data;
1140
1141 if (!conn)
1142 goto drop;
1143
1144 BT_DBG("conn %p len %d", conn, skb->len);
1145
1146 if (skb->len) {
1147 sco_recv_frame(conn, skb);
1148 return;
1149 }
1150
1151drop:
1152 kfree_skb(skb);
1153}
1154
1155static struct hci_cb sco_cb = {
1156 .name = "SCO",
1157 .connect_cfm = sco_connect_cfm,
1158 .disconn_cfm = sco_disconn_cfm,
1159};
1160
1161static int sco_debugfs_show(struct seq_file *f, void *p)
1162{
1163 struct sock *sk;
1164
1165 read_lock(&sco_sk_list.lock);
1166
1167 sk_for_each(sk, &sco_sk_list.head) {
1168 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1169 &sco_pi(sk)->dst, sk->sk_state);
1170 }
1171
1172 read_unlock(&sco_sk_list.lock);
1173
1174 return 0;
1175}
1176
1177static int sco_debugfs_open(struct inode *inode, struct file *file)
1178{
1179 return single_open(file, sco_debugfs_show, inode->i_private);
1180}
1181
1182static const struct file_operations sco_debugfs_fops = {
1183 .open = sco_debugfs_open,
1184 .read = seq_read,
1185 .llseek = seq_lseek,
1186 .release = single_release,
1187};
1188
1189static struct dentry *sco_debugfs;
1190
1191static const struct proto_ops sco_sock_ops = {
1192 .family = PF_BLUETOOTH,
1193 .owner = THIS_MODULE,
1194 .release = sco_sock_release,
1195 .bind = sco_sock_bind,
1196 .connect = sco_sock_connect,
1197 .listen = sco_sock_listen,
1198 .accept = sco_sock_accept,
1199 .getname = sco_sock_getname,
1200 .sendmsg = sco_sock_sendmsg,
1201 .recvmsg = sco_sock_recvmsg,
1202 .poll = bt_sock_poll,
1203 .ioctl = bt_sock_ioctl,
1204 .mmap = sock_no_mmap,
1205 .socketpair = sock_no_socketpair,
1206 .shutdown = sco_sock_shutdown,
1207 .setsockopt = sco_sock_setsockopt,
1208 .getsockopt = sco_sock_getsockopt
1209};
1210
1211static const struct net_proto_family sco_sock_family_ops = {
1212 .family = PF_BLUETOOTH,
1213 .owner = THIS_MODULE,
1214 .create = sco_sock_create,
1215};
1216
1217int __init sco_init(void)
1218{
1219 int err;
1220
1221 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1222
1223 err = proto_register(&sco_proto, 0);
1224 if (err < 0)
1225 return err;
1226
1227 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1228 if (err < 0) {
1229 BT_ERR("SCO socket registration failed");
1230 goto error;
1231 }
1232
1233 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1234 if (err < 0) {
1235 BT_ERR("Failed to create SCO proc file");
1236 bt_sock_unregister(BTPROTO_SCO);
1237 goto error;
1238 }
1239
1240 BT_INFO("SCO socket layer initialized");
1241
1242 hci_register_cb(&sco_cb);
1243
1244 if (IS_ERR_OR_NULL(bt_debugfs))
1245 return 0;
1246
1247 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1248 NULL, &sco_debugfs_fops);
1249
1250 return 0;
1251
1252error:
1253 proto_unregister(&sco_proto);
1254 return err;
1255}
1256
1257void sco_exit(void)
1258{
1259 bt_procfs_cleanup(&init_net, "sco");
1260
1261 debugfs_remove(sco_debugfs);
1262
1263 hci_unregister_cb(&sco_cb);
1264
1265 bt_sock_unregister(BTPROTO_SCO);
1266
1267 proto_unregister(&sco_proto);
1268}
1269
1270module_param(disable_esco, bool, 0644);
1271MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1272
