1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/module.h>
28#include <linux/debugfs.h>
29#include <linux/seq_file.h>
30#include <linux/sched/signal.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/sco.h>
35
36static bool disable_esco;
37
38static const struct proto_ops sco_sock_ops;
39
40static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42};
43
44
45struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 unsigned int mtu;
52};
53
54#define sco_conn_lock(c) spin_lock(&c->lock);
55#define sco_conn_unlock(c) spin_unlock(&c->lock);
56
57static void sco_sock_close(struct sock *sk);
58static void sco_sock_kill(struct sock *sk);
59
60
61#define sco_pi(sk) ((struct sco_pinfo *) sk)
62
63struct sco_pinfo {
64 struct bt_sock bt;
65 bdaddr_t src;
66 bdaddr_t dst;
67 __u32 flags;
68 __u16 setting;
69 struct sco_conn *conn;
70};
71
72
73#define SCO_CONN_TIMEOUT (HZ * 40)
74#define SCO_DISCONN_TIMEOUT (HZ * 2)
75
76static void sco_sock_timeout(struct timer_list *t)
77{
78 struct sock *sk = from_timer(sk, t, sk_timer);
79
80 BT_DBG("sock %p state %d", sk, sk->sk_state);
81
82 bh_lock_sock(sk);
83 sk->sk_err = ETIMEDOUT;
84 sk->sk_state_change(sk);
85 bh_unlock_sock(sk);
86
87 sco_sock_kill(sk);
88 sock_put(sk);
89}
90
91static void sco_sock_set_timer(struct sock *sk, long timeout)
92{
93 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
94 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
95}
96
97static void sco_sock_clear_timer(struct sock *sk)
98{
99 BT_DBG("sock %p state %d", sk, sk->sk_state);
100 sk_stop_timer(sk, &sk->sk_timer);
101}
102
103
104static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
105{
106 struct hci_dev *hdev = hcon->hdev;
107 struct sco_conn *conn = hcon->sco_data;
108
109 if (conn)
110 return conn;
111
112 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
113 if (!conn)
114 return NULL;
115
116 spin_lock_init(&conn->lock);
117
118 hcon->sco_data = conn;
119 conn->hcon = hcon;
120
121 if (hdev->sco_mtu > 0)
122 conn->mtu = hdev->sco_mtu;
123 else
124 conn->mtu = 60;
125
126 BT_DBG("hcon %p conn %p", hcon, conn);
127
128 return conn;
129}
130
131
132
133static void sco_chan_del(struct sock *sk, int err)
134{
135 struct sco_conn *conn;
136
137 conn = sco_pi(sk)->conn;
138
139 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
140
141 if (conn) {
142 sco_conn_lock(conn);
143 conn->sk = NULL;
144 sco_pi(sk)->conn = NULL;
145 sco_conn_unlock(conn);
146
147 if (conn->hcon)
148 hci_conn_drop(conn->hcon);
149 }
150
151 sk->sk_state = BT_CLOSED;
152 sk->sk_err = err;
153 sk->sk_state_change(sk);
154
155 sock_set_flag(sk, SOCK_ZAPPED);
156}
157
158static void sco_conn_del(struct hci_conn *hcon, int err)
159{
160 struct sco_conn *conn = hcon->sco_data;
161 struct sock *sk;
162
163 if (!conn)
164 return;
165
166 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
167
168
169 sco_conn_lock(conn);
170 sk = conn->sk;
171 sco_conn_unlock(conn);
172
173 if (sk) {
174 sock_hold(sk);
175 bh_lock_sock(sk);
176 sco_sock_clear_timer(sk);
177 sco_chan_del(sk, err);
178 bh_unlock_sock(sk);
179 sco_sock_kill(sk);
180 sock_put(sk);
181 }
182
183 hcon->sco_data = NULL;
184 kfree(conn);
185}
186
187static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
188 struct sock *parent)
189{
190 BT_DBG("conn %p", conn);
191
192 sco_pi(sk)->conn = conn;
193 conn->sk = sk;
194
195 if (parent)
196 bt_accept_enqueue(parent, sk, true);
197}
198
199static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
200 struct sock *parent)
201{
202 int err = 0;
203
204 sco_conn_lock(conn);
205 if (conn->sk)
206 err = -EBUSY;
207 else
208 __sco_chan_add(conn, sk, parent);
209
210 sco_conn_unlock(conn);
211 return err;
212}
213
214static int sco_connect(struct sock *sk)
215{
216 struct sco_conn *conn;
217 struct hci_conn *hcon;
218 struct hci_dev *hdev;
219 int err, type;
220
221 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
222
223 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
224 if (!hdev)
225 return -EHOSTUNREACH;
226
227 hci_dev_lock(hdev);
228
229 if (lmp_esco_capable(hdev) && !disable_esco)
230 type = ESCO_LINK;
231 else
232 type = SCO_LINK;
233
234 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
235 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
236 err = -EOPNOTSUPP;
237 goto done;
238 }
239
240 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
241 sco_pi(sk)->setting);
242 if (IS_ERR(hcon)) {
243 err = PTR_ERR(hcon);
244 goto done;
245 }
246
247 conn = sco_conn_add(hcon);
248 if (!conn) {
249 hci_conn_drop(hcon);
250 err = -ENOMEM;
251 goto done;
252 }
253
254
255 bacpy(&sco_pi(sk)->src, &hcon->src);
256
257 err = sco_chan_add(conn, sk, NULL);
258 if (err)
259 goto done;
260
261 if (hcon->state == BT_CONNECTED) {
262 sco_sock_clear_timer(sk);
263 sk->sk_state = BT_CONNECTED;
264 } else {
265 sk->sk_state = BT_CONNECT;
266 sco_sock_set_timer(sk, sk->sk_sndtimeo);
267 }
268
269done:
270 hci_dev_unlock(hdev);
271 hci_dev_put(hdev);
272 return err;
273}
274
275static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
276{
277 struct sco_conn *conn = sco_pi(sk)->conn;
278 struct sk_buff *skb;
279 int err;
280
281
282 if (len > conn->mtu)
283 return -EINVAL;
284
285 BT_DBG("sk %p len %d", sk, len);
286
287 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
288 if (!skb)
289 return err;
290
291 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
292 kfree_skb(skb);
293 return -EFAULT;
294 }
295
296 hci_send_sco(conn->hcon, skb);
297
298 return len;
299}
300
301static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
302{
303 struct sock *sk;
304
305 sco_conn_lock(conn);
306 sk = conn->sk;
307 sco_conn_unlock(conn);
308
309 if (!sk)
310 goto drop;
311
312 BT_DBG("sk %p len %d", sk, skb->len);
313
314 if (sk->sk_state != BT_CONNECTED)
315 goto drop;
316
317 if (!sock_queue_rcv_skb(sk, skb))
318 return;
319
320drop:
321 kfree_skb(skb);
322}
323
324
325static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
326{
327 struct sock *sk;
328
329 sk_for_each(sk, &sco_sk_list.head) {
330 if (sk->sk_state != BT_LISTEN)
331 continue;
332
333 if (!bacmp(&sco_pi(sk)->src, ba))
334 return sk;
335 }
336
337 return NULL;
338}
339
340
341
342
343static struct sock *sco_get_sock_listen(bdaddr_t *src)
344{
345 struct sock *sk = NULL, *sk1 = NULL;
346
347 read_lock(&sco_sk_list.lock);
348
349 sk_for_each(sk, &sco_sk_list.head) {
350 if (sk->sk_state != BT_LISTEN)
351 continue;
352
353
354 if (!bacmp(&sco_pi(sk)->src, src))
355 break;
356
357
358 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
359 sk1 = sk;
360 }
361
362 read_unlock(&sco_sk_list.lock);
363
364 return sk ? sk : sk1;
365}
366
367static void sco_sock_destruct(struct sock *sk)
368{
369 BT_DBG("sk %p", sk);
370
371 skb_queue_purge(&sk->sk_receive_queue);
372 skb_queue_purge(&sk->sk_write_queue);
373}
374
375static void sco_sock_cleanup_listen(struct sock *parent)
376{
377 struct sock *sk;
378
379 BT_DBG("parent %p", parent);
380
381
382 while ((sk = bt_accept_dequeue(parent, NULL))) {
383 sco_sock_close(sk);
384 sco_sock_kill(sk);
385 }
386
387 parent->sk_state = BT_CLOSED;
388 sock_set_flag(parent, SOCK_ZAPPED);
389}
390
391
392
393
394static void sco_sock_kill(struct sock *sk)
395{
396 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
397 sock_flag(sk, SOCK_DEAD))
398 return;
399
400 BT_DBG("sk %p state %d", sk, sk->sk_state);
401
402
403 bt_sock_unlink(&sco_sk_list, sk);
404 sock_set_flag(sk, SOCK_DEAD);
405 sock_put(sk);
406}
407
408static void __sco_sock_close(struct sock *sk)
409{
410 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
411
412 switch (sk->sk_state) {
413 case BT_LISTEN:
414 sco_sock_cleanup_listen(sk);
415 break;
416
417 case BT_CONNECTED:
418 case BT_CONFIG:
419 if (sco_pi(sk)->conn->hcon) {
420 sk->sk_state = BT_DISCONN;
421 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
422 sco_conn_lock(sco_pi(sk)->conn);
423 hci_conn_drop(sco_pi(sk)->conn->hcon);
424 sco_pi(sk)->conn->hcon = NULL;
425 sco_conn_unlock(sco_pi(sk)->conn);
426 } else
427 sco_chan_del(sk, ECONNRESET);
428 break;
429
430 case BT_CONNECT2:
431 case BT_CONNECT:
432 case BT_DISCONN:
433 sco_chan_del(sk, ECONNRESET);
434 break;
435
436 default:
437 sock_set_flag(sk, SOCK_ZAPPED);
438 break;
439 }
440}
441
442
443static void sco_sock_close(struct sock *sk)
444{
445 sco_sock_clear_timer(sk);
446 lock_sock(sk);
447 __sco_sock_close(sk);
448 release_sock(sk);
449 sco_sock_kill(sk);
450}
451
452static void sco_sock_init(struct sock *sk, struct sock *parent)
453{
454 BT_DBG("sk %p", sk);
455
456 if (parent) {
457 sk->sk_type = parent->sk_type;
458 bt_sk(sk)->flags = bt_sk(parent)->flags;
459 security_sk_clone(parent, sk);
460 }
461}
462
463static struct proto sco_proto = {
464 .name = "SCO",
465 .owner = THIS_MODULE,
466 .obj_size = sizeof(struct sco_pinfo)
467};
468
469static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
470 int proto, gfp_t prio, int kern)
471{
472 struct sock *sk;
473
474 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
475 if (!sk)
476 return NULL;
477
478 sock_init_data(sock, sk);
479 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
480
481 sk->sk_destruct = sco_sock_destruct;
482 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
483
484 sock_reset_flag(sk, SOCK_ZAPPED);
485
486 sk->sk_protocol = proto;
487 sk->sk_state = BT_OPEN;
488
489 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
490
491 timer_setup(&sk->sk_timer, sco_sock_timeout, 0);
492
493 bt_sock_link(&sco_sk_list, sk);
494 return sk;
495}
496
497static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
498 int kern)
499{
500 struct sock *sk;
501
502 BT_DBG("sock %p", sock);
503
504 sock->state = SS_UNCONNECTED;
505
506 if (sock->type != SOCK_SEQPACKET)
507 return -ESOCKTNOSUPPORT;
508
509 sock->ops = &sco_sock_ops;
510
511 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
512 if (!sk)
513 return -ENOMEM;
514
515 sco_sock_init(sk, NULL);
516 return 0;
517}
518
519static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
520 int addr_len)
521{
522 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
523 struct sock *sk = sock->sk;
524 int err = 0;
525
526 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
527 addr->sa_family != AF_BLUETOOTH)
528 return -EINVAL;
529
530 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
531
532 lock_sock(sk);
533
534 if (sk->sk_state != BT_OPEN) {
535 err = -EBADFD;
536 goto done;
537 }
538
539 if (sk->sk_type != SOCK_SEQPACKET) {
540 err = -EINVAL;
541 goto done;
542 }
543
544 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
545
546 sk->sk_state = BT_BOUND;
547
548done:
549 release_sock(sk);
550 return err;
551}
552
553static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
554{
555 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
556 struct sock *sk = sock->sk;
557 int err;
558
559 BT_DBG("sk %p", sk);
560
561 if (alen < sizeof(struct sockaddr_sco) ||
562 addr->sa_family != AF_BLUETOOTH)
563 return -EINVAL;
564
565 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
566 return -EBADFD;
567
568 if (sk->sk_type != SOCK_SEQPACKET)
569 return -EINVAL;
570
571 lock_sock(sk);
572
573
574 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
575
576 err = sco_connect(sk);
577 if (err)
578 goto done;
579
580 err = bt_sock_wait_state(sk, BT_CONNECTED,
581 sock_sndtimeo(sk, flags & O_NONBLOCK));
582
583done:
584 release_sock(sk);
585 return err;
586}
587
588static int sco_sock_listen(struct socket *sock, int backlog)
589{
590 struct sock *sk = sock->sk;
591 bdaddr_t *src = &sco_pi(sk)->src;
592 int err = 0;
593
594 BT_DBG("sk %p backlog %d", sk, backlog);
595
596 lock_sock(sk);
597
598 if (sk->sk_state != BT_BOUND) {
599 err = -EBADFD;
600 goto done;
601 }
602
603 if (sk->sk_type != SOCK_SEQPACKET) {
604 err = -EINVAL;
605 goto done;
606 }
607
608 write_lock(&sco_sk_list.lock);
609
610 if (__sco_get_sock_listen_by_addr(src)) {
611 err = -EADDRINUSE;
612 goto unlock;
613 }
614
615 sk->sk_max_ack_backlog = backlog;
616 sk->sk_ack_backlog = 0;
617
618 sk->sk_state = BT_LISTEN;
619
620unlock:
621 write_unlock(&sco_sk_list.lock);
622
623done:
624 release_sock(sk);
625 return err;
626}
627
628static int sco_sock_accept(struct socket *sock, struct socket *newsock,
629 int flags, bool kern)
630{
631 DEFINE_WAIT_FUNC(wait, woken_wake_function);
632 struct sock *sk = sock->sk, *ch;
633 long timeo;
634 int err = 0;
635
636 lock_sock(sk);
637
638 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
639
640 BT_DBG("sk %p timeo %ld", sk, timeo);
641
642
643 add_wait_queue_exclusive(sk_sleep(sk), &wait);
644 while (1) {
645 if (sk->sk_state != BT_LISTEN) {
646 err = -EBADFD;
647 break;
648 }
649
650 ch = bt_accept_dequeue(sk, newsock);
651 if (ch)
652 break;
653
654 if (!timeo) {
655 err = -EAGAIN;
656 break;
657 }
658
659 if (signal_pending(current)) {
660 err = sock_intr_errno(timeo);
661 break;
662 }
663
664 release_sock(sk);
665
666 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
667 lock_sock(sk);
668 }
669 remove_wait_queue(sk_sleep(sk), &wait);
670
671 if (err)
672 goto done;
673
674 newsock->state = SS_CONNECTED;
675
676 BT_DBG("new socket %p", ch);
677
678done:
679 release_sock(sk);
680 return err;
681}
682
683static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
684 int peer)
685{
686 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
687 struct sock *sk = sock->sk;
688
689 BT_DBG("sock %p, sk %p", sock, sk);
690
691 addr->sa_family = AF_BLUETOOTH;
692
693 if (peer)
694 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
695 else
696 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
697
698 return sizeof(struct sockaddr_sco);
699}
700
701static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
702 size_t len)
703{
704 struct sock *sk = sock->sk;
705 int err;
706
707 BT_DBG("sock %p, sk %p", sock, sk);
708
709 err = sock_error(sk);
710 if (err)
711 return err;
712
713 if (msg->msg_flags & MSG_OOB)
714 return -EOPNOTSUPP;
715
716 lock_sock(sk);
717
718 if (sk->sk_state == BT_CONNECTED)
719 err = sco_send_frame(sk, msg, len);
720 else
721 err = -ENOTCONN;
722
723 release_sock(sk);
724 return err;
725}
726
727static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
728{
729 struct hci_dev *hdev = conn->hdev;
730
731 BT_DBG("conn %p", conn);
732
733 conn->state = BT_CONFIG;
734
735 if (!lmp_esco_capable(hdev)) {
736 struct hci_cp_accept_conn_req cp;
737
738 bacpy(&cp.bdaddr, &conn->dst);
739 cp.role = 0x00;
740
741 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
742 } else {
743 struct hci_cp_accept_sync_conn_req cp;
744
745 bacpy(&cp.bdaddr, &conn->dst);
746 cp.pkt_type = cpu_to_le16(conn->pkt_type);
747
748 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
749 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
750 cp.content_format = cpu_to_le16(setting);
751
752 switch (setting & SCO_AIRMODE_MASK) {
753 case SCO_AIRMODE_TRANSP:
754 if (conn->pkt_type & ESCO_2EV3)
755 cp.max_latency = cpu_to_le16(0x0008);
756 else
757 cp.max_latency = cpu_to_le16(0x000D);
758 cp.retrans_effort = 0x02;
759 break;
760 case SCO_AIRMODE_CVSD:
761 cp.max_latency = cpu_to_le16(0xffff);
762 cp.retrans_effort = 0xff;
763 break;
764 }
765
766 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
767 sizeof(cp), &cp);
768 }
769}
770
771static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
772 size_t len, int flags)
773{
774 struct sock *sk = sock->sk;
775 struct sco_pinfo *pi = sco_pi(sk);
776
777 lock_sock(sk);
778
779 if (sk->sk_state == BT_CONNECT2 &&
780 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
781 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
782 sk->sk_state = BT_CONFIG;
783
784 release_sock(sk);
785 return 0;
786 }
787
788 release_sock(sk);
789
790 return bt_sock_recvmsg(sock, msg, len, flags);
791}
792
793static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
794 char __user *optval, unsigned int optlen)
795{
796 struct sock *sk = sock->sk;
797 int len, err = 0;
798 struct bt_voice voice;
799 u32 opt;
800
801 BT_DBG("sk %p", sk);
802
803 lock_sock(sk);
804
805 switch (optname) {
806
807 case BT_DEFER_SETUP:
808 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
809 err = -EINVAL;
810 break;
811 }
812
813 if (get_user(opt, (u32 __user *) optval)) {
814 err = -EFAULT;
815 break;
816 }
817
818 if (opt)
819 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
820 else
821 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
822 break;
823
824 case BT_VOICE:
825 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
826 sk->sk_state != BT_CONNECT2) {
827 err = -EINVAL;
828 break;
829 }
830
831 voice.setting = sco_pi(sk)->setting;
832
833 len = min_t(unsigned int, sizeof(voice), optlen);
834 if (copy_from_user((char *)&voice, optval, len)) {
835 err = -EFAULT;
836 break;
837 }
838
839
840 if (voice.setting != BT_VOICE_TRANSPARENT &&
841 voice.setting != BT_VOICE_CVSD_16BIT) {
842 err = -EINVAL;
843 break;
844 }
845
846 sco_pi(sk)->setting = voice.setting;
847 break;
848
849 default:
850 err = -ENOPROTOOPT;
851 break;
852 }
853
854 release_sock(sk);
855 return err;
856}
857
858static int sco_sock_getsockopt_old(struct socket *sock, int optname,
859 char __user *optval, int __user *optlen)
860{
861 struct sock *sk = sock->sk;
862 struct sco_options opts;
863 struct sco_conninfo cinfo;
864 int len, err = 0;
865
866 BT_DBG("sk %p", sk);
867
868 if (get_user(len, optlen))
869 return -EFAULT;
870
871 lock_sock(sk);
872
873 switch (optname) {
874 case SCO_OPTIONS:
875 if (sk->sk_state != BT_CONNECTED &&
876 !(sk->sk_state == BT_CONNECT2 &&
877 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
878 err = -ENOTCONN;
879 break;
880 }
881
882 opts.mtu = sco_pi(sk)->conn->mtu;
883
884 BT_DBG("mtu %d", opts.mtu);
885
886 len = min_t(unsigned int, len, sizeof(opts));
887 if (copy_to_user(optval, (char *)&opts, len))
888 err = -EFAULT;
889
890 break;
891
892 case SCO_CONNINFO:
893 if (sk->sk_state != BT_CONNECTED &&
894 !(sk->sk_state == BT_CONNECT2 &&
895 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
896 err = -ENOTCONN;
897 break;
898 }
899
900 memset(&cinfo, 0, sizeof(cinfo));
901 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
902 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
903
904 len = min_t(unsigned int, len, sizeof(cinfo));
905 if (copy_to_user(optval, (char *)&cinfo, len))
906 err = -EFAULT;
907
908 break;
909
910 default:
911 err = -ENOPROTOOPT;
912 break;
913 }
914
915 release_sock(sk);
916 return err;
917}
918
919static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
920 char __user *optval, int __user *optlen)
921{
922 struct sock *sk = sock->sk;
923 int len, err = 0;
924 struct bt_voice voice;
925 u32 phys;
926
927 BT_DBG("sk %p", sk);
928
929 if (level == SOL_SCO)
930 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
931
932 if (get_user(len, optlen))
933 return -EFAULT;
934
935 lock_sock(sk);
936
937 switch (optname) {
938
939 case BT_DEFER_SETUP:
940 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
941 err = -EINVAL;
942 break;
943 }
944
945 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
946 (u32 __user *)optval))
947 err = -EFAULT;
948
949 break;
950
951 case BT_VOICE:
952 voice.setting = sco_pi(sk)->setting;
953
954 len = min_t(unsigned int, len, sizeof(voice));
955 if (copy_to_user(optval, (char *)&voice, len))
956 err = -EFAULT;
957
958 break;
959
960 case BT_PHY:
961 if (sk->sk_state != BT_CONNECTED) {
962 err = -ENOTCONN;
963 break;
964 }
965
966 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
967
968 if (put_user(phys, (u32 __user *) optval))
969 err = -EFAULT;
970 break;
971
972 default:
973 err = -ENOPROTOOPT;
974 break;
975 }
976
977 release_sock(sk);
978 return err;
979}
980
981static int sco_sock_shutdown(struct socket *sock, int how)
982{
983 struct sock *sk = sock->sk;
984 int err = 0;
985
986 BT_DBG("sock %p, sk %p", sock, sk);
987
988 if (!sk)
989 return 0;
990
991 sock_hold(sk);
992 lock_sock(sk);
993
994 if (!sk->sk_shutdown) {
995 sk->sk_shutdown = SHUTDOWN_MASK;
996 sco_sock_clear_timer(sk);
997 __sco_sock_close(sk);
998
999 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1000 !(current->flags & PF_EXITING))
1001 err = bt_sock_wait_state(sk, BT_CLOSED,
1002 sk->sk_lingertime);
1003 }
1004
1005 release_sock(sk);
1006 sock_put(sk);
1007
1008 return err;
1009}
1010
1011static int sco_sock_release(struct socket *sock)
1012{
1013 struct sock *sk = sock->sk;
1014 int err = 0;
1015
1016 BT_DBG("sock %p, sk %p", sock, sk);
1017
1018 if (!sk)
1019 return 0;
1020
1021 sco_sock_close(sk);
1022
1023 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1024 !(current->flags & PF_EXITING)) {
1025 lock_sock(sk);
1026 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1027 release_sock(sk);
1028 }
1029
1030 sock_orphan(sk);
1031 sco_sock_kill(sk);
1032 return err;
1033}
1034
1035static void sco_conn_ready(struct sco_conn *conn)
1036{
1037 struct sock *parent;
1038 struct sock *sk = conn->sk;
1039
1040 BT_DBG("conn %p", conn);
1041
1042 if (sk) {
1043 sco_sock_clear_timer(sk);
1044 bh_lock_sock(sk);
1045 sk->sk_state = BT_CONNECTED;
1046 sk->sk_state_change(sk);
1047 bh_unlock_sock(sk);
1048 } else {
1049 sco_conn_lock(conn);
1050
1051 if (!conn->hcon) {
1052 sco_conn_unlock(conn);
1053 return;
1054 }
1055
1056 parent = sco_get_sock_listen(&conn->hcon->src);
1057 if (!parent) {
1058 sco_conn_unlock(conn);
1059 return;
1060 }
1061
1062 bh_lock_sock(parent);
1063
1064 sk = sco_sock_alloc(sock_net(parent), NULL,
1065 BTPROTO_SCO, GFP_ATOMIC, 0);
1066 if (!sk) {
1067 bh_unlock_sock(parent);
1068 sco_conn_unlock(conn);
1069 return;
1070 }
1071
1072 sco_sock_init(sk, parent);
1073
1074 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1075 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1076
1077 hci_conn_hold(conn->hcon);
1078 __sco_chan_add(conn, sk, parent);
1079
1080 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1081 sk->sk_state = BT_CONNECT2;
1082 else
1083 sk->sk_state = BT_CONNECTED;
1084
1085
1086 parent->sk_data_ready(parent);
1087
1088 bh_unlock_sock(parent);
1089
1090 sco_conn_unlock(conn);
1091 }
1092}
1093
1094
1095int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1096{
1097 struct sock *sk;
1098 int lm = 0;
1099
1100 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1101
1102
1103 read_lock(&sco_sk_list.lock);
1104 sk_for_each(sk, &sco_sk_list.head) {
1105 if (sk->sk_state != BT_LISTEN)
1106 continue;
1107
1108 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1109 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1110 lm |= HCI_LM_ACCEPT;
1111
1112 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1113 *flags |= HCI_PROTO_DEFER;
1114 break;
1115 }
1116 }
1117 read_unlock(&sco_sk_list.lock);
1118
1119 return lm;
1120}
1121
1122static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1123{
1124 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1125 return;
1126
1127 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1128
1129 if (!status) {
1130 struct sco_conn *conn;
1131
1132 conn = sco_conn_add(hcon);
1133 if (conn)
1134 sco_conn_ready(conn);
1135 } else
1136 sco_conn_del(hcon, bt_to_errno(status));
1137}
1138
1139static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1140{
1141 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1142 return;
1143
1144 BT_DBG("hcon %p reason %d", hcon, reason);
1145
1146 sco_conn_del(hcon, bt_to_errno(reason));
1147}
1148
1149void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1150{
1151 struct sco_conn *conn = hcon->sco_data;
1152
1153 if (!conn)
1154 goto drop;
1155
1156 BT_DBG("conn %p len %d", conn, skb->len);
1157
1158 if (skb->len) {
1159 sco_recv_frame(conn, skb);
1160 return;
1161 }
1162
1163drop:
1164 kfree_skb(skb);
1165}
1166
1167static struct hci_cb sco_cb = {
1168 .name = "SCO",
1169 .connect_cfm = sco_connect_cfm,
1170 .disconn_cfm = sco_disconn_cfm,
1171};
1172
1173static int sco_debugfs_show(struct seq_file *f, void *p)
1174{
1175 struct sock *sk;
1176
1177 read_lock(&sco_sk_list.lock);
1178
1179 sk_for_each(sk, &sco_sk_list.head) {
1180 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1181 &sco_pi(sk)->dst, sk->sk_state);
1182 }
1183
1184 read_unlock(&sco_sk_list.lock);
1185
1186 return 0;
1187}
1188
1189DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1190
1191static struct dentry *sco_debugfs;
1192
1193static const struct proto_ops sco_sock_ops = {
1194 .family = PF_BLUETOOTH,
1195 .owner = THIS_MODULE,
1196 .release = sco_sock_release,
1197 .bind = sco_sock_bind,
1198 .connect = sco_sock_connect,
1199 .listen = sco_sock_listen,
1200 .accept = sco_sock_accept,
1201 .getname = sco_sock_getname,
1202 .sendmsg = sco_sock_sendmsg,
1203 .recvmsg = sco_sock_recvmsg,
1204 .poll = bt_sock_poll,
1205 .ioctl = bt_sock_ioctl,
1206 .gettstamp = sock_gettstamp,
1207 .mmap = sock_no_mmap,
1208 .socketpair = sock_no_socketpair,
1209 .shutdown = sco_sock_shutdown,
1210 .setsockopt = sco_sock_setsockopt,
1211 .getsockopt = sco_sock_getsockopt
1212};
1213
1214static const struct net_proto_family sco_sock_family_ops = {
1215 .family = PF_BLUETOOTH,
1216 .owner = THIS_MODULE,
1217 .create = sco_sock_create,
1218};
1219
1220int __init sco_init(void)
1221{
1222 int err;
1223
1224 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1225
1226 err = proto_register(&sco_proto, 0);
1227 if (err < 0)
1228 return err;
1229
1230 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1231 if (err < 0) {
1232 BT_ERR("SCO socket registration failed");
1233 goto error;
1234 }
1235
1236 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1237 if (err < 0) {
1238 BT_ERR("Failed to create SCO proc file");
1239 bt_sock_unregister(BTPROTO_SCO);
1240 goto error;
1241 }
1242
1243 BT_INFO("SCO socket layer initialized");
1244
1245 hci_register_cb(&sco_cb);
1246
1247 if (IS_ERR_OR_NULL(bt_debugfs))
1248 return 0;
1249
1250 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1251 NULL, &sco_debugfs_fops);
1252
1253 return 0;
1254
1255error:
1256 proto_unregister(&sco_proto);
1257 return err;
1258}
1259
1260void sco_exit(void)
1261{
1262 bt_procfs_cleanup(&init_net, "sco");
1263
1264 debugfs_remove(sco_debugfs);
1265
1266 hci_unregister_cb(&sco_cb);
1267
1268 bt_sock_unregister(BTPROTO_SCO);
1269
1270 proto_unregister(&sco_proto);
1271}
1272
1273module_param(disable_esco, bool, 0644);
1274MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1275
