1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/module.h>
28#include <linux/debugfs.h>
29#include <linux/seq_file.h>
30#include <linux/sched/signal.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/sco.h>
35
36static bool disable_esco;
37
38static const struct proto_ops sco_sock_ops;
39
40static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42};
43
44
45struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 unsigned int mtu;
52};
53
54#define sco_conn_lock(c) spin_lock(&c->lock);
55#define sco_conn_unlock(c) spin_unlock(&c->lock);
56
57static void sco_sock_close(struct sock *sk);
58static void sco_sock_kill(struct sock *sk);
59
60
61#define sco_pi(sk) ((struct sco_pinfo *) sk)
62
63struct sco_pinfo {
64 struct bt_sock bt;
65 bdaddr_t src;
66 bdaddr_t dst;
67 __u32 flags;
68 __u16 setting;
69 struct sco_conn *conn;
70};
71
72
73#define SCO_CONN_TIMEOUT (HZ * 40)
74#define SCO_DISCONN_TIMEOUT (HZ * 2)
75
76static void sco_sock_timeout(struct timer_list *t)
77{
78 struct sock *sk = from_timer(sk, t, sk_timer);
79
80 BT_DBG("sock %p state %d", sk, sk->sk_state);
81
82 bh_lock_sock(sk);
83 sk->sk_err = ETIMEDOUT;
84 sk->sk_state_change(sk);
85 bh_unlock_sock(sk);
86
87 sco_sock_kill(sk);
88 sock_put(sk);
89}
90
91static void sco_sock_set_timer(struct sock *sk, long timeout)
92{
93 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
94 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
95}
96
97static void sco_sock_clear_timer(struct sock *sk)
98{
99 BT_DBG("sock %p state %d", sk, sk->sk_state);
100 sk_stop_timer(sk, &sk->sk_timer);
101}
102
103
104static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
105{
106 struct hci_dev *hdev = hcon->hdev;
107 struct sco_conn *conn = hcon->sco_data;
108
109 if (conn)
110 return conn;
111
112 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
113 if (!conn)
114 return NULL;
115
116 spin_lock_init(&conn->lock);
117
118 hcon->sco_data = conn;
119 conn->hcon = hcon;
120
121 if (hdev->sco_mtu > 0)
122 conn->mtu = hdev->sco_mtu;
123 else
124 conn->mtu = 60;
125
126 BT_DBG("hcon %p conn %p", hcon, conn);
127
128 return conn;
129}
130
131
132
133static void sco_chan_del(struct sock *sk, int err)
134{
135 struct sco_conn *conn;
136
137 conn = sco_pi(sk)->conn;
138
139 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
140
141 if (conn) {
142 sco_conn_lock(conn);
143 conn->sk = NULL;
144 sco_pi(sk)->conn = NULL;
145 sco_conn_unlock(conn);
146
147 if (conn->hcon)
148 hci_conn_drop(conn->hcon);
149 }
150
151 sk->sk_state = BT_CLOSED;
152 sk->sk_err = err;
153 sk->sk_state_change(sk);
154
155 sock_set_flag(sk, SOCK_ZAPPED);
156}
157
158static void sco_conn_del(struct hci_conn *hcon, int err)
159{
160 struct sco_conn *conn = hcon->sco_data;
161 struct sock *sk;
162
163 if (!conn)
164 return;
165
166 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
167
168
169 sco_conn_lock(conn);
170 sk = conn->sk;
171 sco_conn_unlock(conn);
172
173 if (sk) {
174 sock_hold(sk);
175 bh_lock_sock(sk);
176 sco_sock_clear_timer(sk);
177 sco_chan_del(sk, err);
178 bh_unlock_sock(sk);
179 sco_sock_kill(sk);
180 sock_put(sk);
181 }
182
183 hcon->sco_data = NULL;
184 kfree(conn);
185}
186
187static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
188 struct sock *parent)
189{
190 BT_DBG("conn %p", conn);
191
192 sco_pi(sk)->conn = conn;
193 conn->sk = sk;
194
195 if (parent)
196 bt_accept_enqueue(parent, sk);
197}
198
199static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
200 struct sock *parent)
201{
202 int err = 0;
203
204 sco_conn_lock(conn);
205 if (conn->sk)
206 err = -EBUSY;
207 else
208 __sco_chan_add(conn, sk, parent);
209
210 sco_conn_unlock(conn);
211 return err;
212}
213
214static int sco_connect(struct sock *sk)
215{
216 struct sco_conn *conn;
217 struct hci_conn *hcon;
218 struct hci_dev *hdev;
219 int err, type;
220
221 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
222
223 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
224 if (!hdev)
225 return -EHOSTUNREACH;
226
227 hci_dev_lock(hdev);
228
229 if (lmp_esco_capable(hdev) && !disable_esco)
230 type = ESCO_LINK;
231 else
232 type = SCO_LINK;
233
234 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
235 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
236 err = -EOPNOTSUPP;
237 goto done;
238 }
239
240 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
241 sco_pi(sk)->setting);
242 if (IS_ERR(hcon)) {
243 err = PTR_ERR(hcon);
244 goto done;
245 }
246
247 conn = sco_conn_add(hcon);
248 if (!conn) {
249 hci_conn_drop(hcon);
250 err = -ENOMEM;
251 goto done;
252 }
253
254
255 bacpy(&sco_pi(sk)->src, &hcon->src);
256
257 err = sco_chan_add(conn, sk, NULL);
258 if (err)
259 goto done;
260
261 if (hcon->state == BT_CONNECTED) {
262 sco_sock_clear_timer(sk);
263 sk->sk_state = BT_CONNECTED;
264 } else {
265 sk->sk_state = BT_CONNECT;
266 sco_sock_set_timer(sk, sk->sk_sndtimeo);
267 }
268
269done:
270 hci_dev_unlock(hdev);
271 hci_dev_put(hdev);
272 return err;
273}
274
275static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
276{
277 struct sco_conn *conn = sco_pi(sk)->conn;
278 struct sk_buff *skb;
279 int err;
280
281
282 if (len > conn->mtu)
283 return -EINVAL;
284
285 BT_DBG("sk %p len %d", sk, len);
286
287 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
288 if (!skb)
289 return err;
290
291 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
292 kfree_skb(skb);
293 return -EFAULT;
294 }
295
296 hci_send_sco(conn->hcon, skb);
297
298 return len;
299}
300
301static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
302{
303 struct sock *sk;
304
305 sco_conn_lock(conn);
306 sk = conn->sk;
307 sco_conn_unlock(conn);
308
309 if (!sk)
310 goto drop;
311
312 BT_DBG("sk %p len %d", sk, skb->len);
313
314 if (sk->sk_state != BT_CONNECTED)
315 goto drop;
316
317 if (!sock_queue_rcv_skb(sk, skb))
318 return;
319
320drop:
321 kfree_skb(skb);
322}
323
324
325static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
326{
327 struct sock *sk;
328
329 sk_for_each(sk, &sco_sk_list.head) {
330 if (sk->sk_state != BT_LISTEN)
331 continue;
332
333 if (!bacmp(&sco_pi(sk)->src, ba))
334 return sk;
335 }
336
337 return NULL;
338}
339
340
341
342
343static struct sock *sco_get_sock_listen(bdaddr_t *src)
344{
345 struct sock *sk = NULL, *sk1 = NULL;
346
347 read_lock(&sco_sk_list.lock);
348
349 sk_for_each(sk, &sco_sk_list.head) {
350 if (sk->sk_state != BT_LISTEN)
351 continue;
352
353
354 if (!bacmp(&sco_pi(sk)->src, src))
355 break;
356
357
358 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
359 sk1 = sk;
360 }
361
362 read_unlock(&sco_sk_list.lock);
363
364 return sk ? sk : sk1;
365}
366
367static void sco_sock_destruct(struct sock *sk)
368{
369 BT_DBG("sk %p", sk);
370
371 skb_queue_purge(&sk->sk_receive_queue);
372 skb_queue_purge(&sk->sk_write_queue);
373}
374
375static void sco_sock_cleanup_listen(struct sock *parent)
376{
377 struct sock *sk;
378
379 BT_DBG("parent %p", parent);
380
381
382 while ((sk = bt_accept_dequeue(parent, NULL))) {
383 sco_sock_close(sk);
384 sco_sock_kill(sk);
385 }
386
387 parent->sk_state = BT_CLOSED;
388 sock_set_flag(parent, SOCK_ZAPPED);
389}
390
391
392
393
394static void sco_sock_kill(struct sock *sk)
395{
396 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
397 sock_flag(sk, SOCK_DEAD))
398 return;
399
400 BT_DBG("sk %p state %d", sk, sk->sk_state);
401
402
403 bt_sock_unlink(&sco_sk_list, sk);
404 sock_set_flag(sk, SOCK_DEAD);
405 sock_put(sk);
406}
407
408static void __sco_sock_close(struct sock *sk)
409{
410 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
411
412 switch (sk->sk_state) {
413 case BT_LISTEN:
414 sco_sock_cleanup_listen(sk);
415 break;
416
417 case BT_CONNECTED:
418 case BT_CONFIG:
419 if (sco_pi(sk)->conn->hcon) {
420 sk->sk_state = BT_DISCONN;
421 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
422 sco_conn_lock(sco_pi(sk)->conn);
423 hci_conn_drop(sco_pi(sk)->conn->hcon);
424 sco_pi(sk)->conn->hcon = NULL;
425 sco_conn_unlock(sco_pi(sk)->conn);
426 } else
427 sco_chan_del(sk, ECONNRESET);
428 break;
429
430 case BT_CONNECT2:
431 case BT_CONNECT:
432 case BT_DISCONN:
433 sco_chan_del(sk, ECONNRESET);
434 break;
435
436 default:
437 sock_set_flag(sk, SOCK_ZAPPED);
438 break;
439 }
440}
441
442
443static void sco_sock_close(struct sock *sk)
444{
445 sco_sock_clear_timer(sk);
446 lock_sock(sk);
447 __sco_sock_close(sk);
448 release_sock(sk);
449 sco_sock_kill(sk);
450}
451
452static void sco_sock_init(struct sock *sk, struct sock *parent)
453{
454 BT_DBG("sk %p", sk);
455
456 if (parent) {
457 sk->sk_type = parent->sk_type;
458 bt_sk(sk)->flags = bt_sk(parent)->flags;
459 security_sk_clone(parent, sk);
460 }
461}
462
463static struct proto sco_proto = {
464 .name = "SCO",
465 .owner = THIS_MODULE,
466 .obj_size = sizeof(struct sco_pinfo)
467};
468
469static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
470 int proto, gfp_t prio, int kern)
471{
472 struct sock *sk;
473
474 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
475 if (!sk)
476 return NULL;
477
478 sock_init_data(sock, sk);
479 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
480
481 sk->sk_destruct = sco_sock_destruct;
482 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
483
484 sock_reset_flag(sk, SOCK_ZAPPED);
485
486 sk->sk_protocol = proto;
487 sk->sk_state = BT_OPEN;
488
489 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
490
491 timer_setup(&sk->sk_timer, sco_sock_timeout, 0);
492
493 bt_sock_link(&sco_sk_list, sk);
494 return sk;
495}
496
497static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
498 int kern)
499{
500 struct sock *sk;
501
502 BT_DBG("sock %p", sock);
503
504 sock->state = SS_UNCONNECTED;
505
506 if (sock->type != SOCK_SEQPACKET)
507 return -ESOCKTNOSUPPORT;
508
509 sock->ops = &sco_sock_ops;
510
511 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
512 if (!sk)
513 return -ENOMEM;
514
515 sco_sock_init(sk, NULL);
516 return 0;
517}
518
519static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
520 int addr_len)
521{
522 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
523 struct sock *sk = sock->sk;
524 int err = 0;
525
526 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
527
528 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
529 addr->sa_family != AF_BLUETOOTH)
530 return -EINVAL;
531
532 lock_sock(sk);
533
534 if (sk->sk_state != BT_OPEN) {
535 err = -EBADFD;
536 goto done;
537 }
538
539 if (sk->sk_type != SOCK_SEQPACKET) {
540 err = -EINVAL;
541 goto done;
542 }
543
544 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
545
546 sk->sk_state = BT_BOUND;
547
548done:
549 release_sock(sk);
550 return err;
551}
552
553static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
554{
555 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
556 struct sock *sk = sock->sk;
557 int err;
558
559 BT_DBG("sk %p", sk);
560
561 if (alen < sizeof(struct sockaddr_sco) ||
562 addr->sa_family != AF_BLUETOOTH)
563 return -EINVAL;
564
565 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
566 return -EBADFD;
567
568 if (sk->sk_type != SOCK_SEQPACKET)
569 return -EINVAL;
570
571 lock_sock(sk);
572
573
574 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
575
576 err = sco_connect(sk);
577 if (err)
578 goto done;
579
580 err = bt_sock_wait_state(sk, BT_CONNECTED,
581 sock_sndtimeo(sk, flags & O_NONBLOCK));
582
583done:
584 release_sock(sk);
585 return err;
586}
587
588static int sco_sock_listen(struct socket *sock, int backlog)
589{
590 struct sock *sk = sock->sk;
591 bdaddr_t *src = &sco_pi(sk)->src;
592 int err = 0;
593
594 BT_DBG("sk %p backlog %d", sk, backlog);
595
596 lock_sock(sk);
597
598 if (sk->sk_state != BT_BOUND) {
599 err = -EBADFD;
600 goto done;
601 }
602
603 if (sk->sk_type != SOCK_SEQPACKET) {
604 err = -EINVAL;
605 goto done;
606 }
607
608 write_lock(&sco_sk_list.lock);
609
610 if (__sco_get_sock_listen_by_addr(src)) {
611 err = -EADDRINUSE;
612 goto unlock;
613 }
614
615 sk->sk_max_ack_backlog = backlog;
616 sk->sk_ack_backlog = 0;
617
618 sk->sk_state = BT_LISTEN;
619
620unlock:
621 write_unlock(&sco_sk_list.lock);
622
623done:
624 release_sock(sk);
625 return err;
626}
627
628static int sco_sock_accept(struct socket *sock, struct socket *newsock,
629 int flags, bool kern)
630{
631 DEFINE_WAIT_FUNC(wait, woken_wake_function);
632 struct sock *sk = sock->sk, *ch;
633 long timeo;
634 int err = 0;
635
636 lock_sock(sk);
637
638 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
639
640 BT_DBG("sk %p timeo %ld", sk, timeo);
641
642
643 add_wait_queue_exclusive(sk_sleep(sk), &wait);
644 while (1) {
645 if (sk->sk_state != BT_LISTEN) {
646 err = -EBADFD;
647 break;
648 }
649
650 ch = bt_accept_dequeue(sk, newsock);
651 if (ch)
652 break;
653
654 if (!timeo) {
655 err = -EAGAIN;
656 break;
657 }
658
659 if (signal_pending(current)) {
660 err = sock_intr_errno(timeo);
661 break;
662 }
663
664 release_sock(sk);
665
666 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
667 lock_sock(sk);
668 }
669 remove_wait_queue(sk_sleep(sk), &wait);
670
671 if (err)
672 goto done;
673
674 newsock->state = SS_CONNECTED;
675
676 BT_DBG("new socket %p", ch);
677
678done:
679 release_sock(sk);
680 return err;
681}
682
683static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
684 int peer)
685{
686 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
687 struct sock *sk = sock->sk;
688
689 BT_DBG("sock %p, sk %p", sock, sk);
690
691 addr->sa_family = AF_BLUETOOTH;
692
693 if (peer)
694 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
695 else
696 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
697
698 return sizeof(struct sockaddr_sco);
699}
700
701static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
702 size_t len)
703{
704 struct sock *sk = sock->sk;
705 int err;
706
707 BT_DBG("sock %p, sk %p", sock, sk);
708
709 err = sock_error(sk);
710 if (err)
711 return err;
712
713 if (msg->msg_flags & MSG_OOB)
714 return -EOPNOTSUPP;
715
716 lock_sock(sk);
717
718 if (sk->sk_state == BT_CONNECTED)
719 err = sco_send_frame(sk, msg, len);
720 else
721 err = -ENOTCONN;
722
723 release_sock(sk);
724 return err;
725}
726
727static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
728{
729 struct hci_dev *hdev = conn->hdev;
730
731 BT_DBG("conn %p", conn);
732
733 conn->state = BT_CONFIG;
734
735 if (!lmp_esco_capable(hdev)) {
736 struct hci_cp_accept_conn_req cp;
737
738 bacpy(&cp.bdaddr, &conn->dst);
739 cp.role = 0x00;
740
741 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
742 } else {
743 struct hci_cp_accept_sync_conn_req cp;
744
745 bacpy(&cp.bdaddr, &conn->dst);
746 cp.pkt_type = cpu_to_le16(conn->pkt_type);
747
748 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
749 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
750 cp.content_format = cpu_to_le16(setting);
751
752 switch (setting & SCO_AIRMODE_MASK) {
753 case SCO_AIRMODE_TRANSP:
754 if (conn->pkt_type & ESCO_2EV3)
755 cp.max_latency = cpu_to_le16(0x0008);
756 else
757 cp.max_latency = cpu_to_le16(0x000D);
758 cp.retrans_effort = 0x02;
759 break;
760 case SCO_AIRMODE_CVSD:
761 cp.max_latency = cpu_to_le16(0xffff);
762 cp.retrans_effort = 0xff;
763 break;
764 }
765
766 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
767 sizeof(cp), &cp);
768 }
769}
770
771static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
772 size_t len, int flags)
773{
774 struct sock *sk = sock->sk;
775 struct sco_pinfo *pi = sco_pi(sk);
776
777 lock_sock(sk);
778
779 if (sk->sk_state == BT_CONNECT2 &&
780 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
781 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
782 sk->sk_state = BT_CONFIG;
783
784 release_sock(sk);
785 return 0;
786 }
787
788 release_sock(sk);
789
790 return bt_sock_recvmsg(sock, msg, len, flags);
791}
792
793static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
794 char __user *optval, unsigned int optlen)
795{
796 struct sock *sk = sock->sk;
797 int len, err = 0;
798 struct bt_voice voice;
799 u32 opt;
800
801 BT_DBG("sk %p", sk);
802
803 lock_sock(sk);
804
805 switch (optname) {
806
807 case BT_DEFER_SETUP:
808 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
809 err = -EINVAL;
810 break;
811 }
812
813 if (get_user(opt, (u32 __user *) optval)) {
814 err = -EFAULT;
815 break;
816 }
817
818 if (opt)
819 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
820 else
821 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
822 break;
823
824 case BT_VOICE:
825 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
826 sk->sk_state != BT_CONNECT2) {
827 err = -EINVAL;
828 break;
829 }
830
831 voice.setting = sco_pi(sk)->setting;
832
833 len = min_t(unsigned int, sizeof(voice), optlen);
834 if (copy_from_user((char *)&voice, optval, len)) {
835 err = -EFAULT;
836 break;
837 }
838
839
840 if (voice.setting != BT_VOICE_TRANSPARENT &&
841 voice.setting != BT_VOICE_CVSD_16BIT) {
842 err = -EINVAL;
843 break;
844 }
845
846 sco_pi(sk)->setting = voice.setting;
847 break;
848
849 default:
850 err = -ENOPROTOOPT;
851 break;
852 }
853
854 release_sock(sk);
855 return err;
856}
857
858static int sco_sock_getsockopt_old(struct socket *sock, int optname,
859 char __user *optval, int __user *optlen)
860{
861 struct sock *sk = sock->sk;
862 struct sco_options opts;
863 struct sco_conninfo cinfo;
864 int len, err = 0;
865
866 BT_DBG("sk %p", sk);
867
868 if (get_user(len, optlen))
869 return -EFAULT;
870
871 lock_sock(sk);
872
873 switch (optname) {
874 case SCO_OPTIONS:
875 if (sk->sk_state != BT_CONNECTED &&
876 !(sk->sk_state == BT_CONNECT2 &&
877 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
878 err = -ENOTCONN;
879 break;
880 }
881
882 opts.mtu = sco_pi(sk)->conn->mtu;
883
884 BT_DBG("mtu %d", opts.mtu);
885
886 len = min_t(unsigned int, len, sizeof(opts));
887 if (copy_to_user(optval, (char *)&opts, len))
888 err = -EFAULT;
889
890 break;
891
892 case SCO_CONNINFO:
893 if (sk->sk_state != BT_CONNECTED &&
894 !(sk->sk_state == BT_CONNECT2 &&
895 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
896 err = -ENOTCONN;
897 break;
898 }
899
900 memset(&cinfo, 0, sizeof(cinfo));
901 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
902 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
903
904 len = min_t(unsigned int, len, sizeof(cinfo));
905 if (copy_to_user(optval, (char *)&cinfo, len))
906 err = -EFAULT;
907
908 break;
909
910 default:
911 err = -ENOPROTOOPT;
912 break;
913 }
914
915 release_sock(sk);
916 return err;
917}
918
919static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
920 char __user *optval, int __user *optlen)
921{
922 struct sock *sk = sock->sk;
923 int len, err = 0;
924 struct bt_voice voice;
925
926 BT_DBG("sk %p", sk);
927
928 if (level == SOL_SCO)
929 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
930
931 if (get_user(len, optlen))
932 return -EFAULT;
933
934 lock_sock(sk);
935
936 switch (optname) {
937
938 case BT_DEFER_SETUP:
939 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
940 err = -EINVAL;
941 break;
942 }
943
944 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
945 (u32 __user *)optval))
946 err = -EFAULT;
947
948 break;
949
950 case BT_VOICE:
951 voice.setting = sco_pi(sk)->setting;
952
953 len = min_t(unsigned int, len, sizeof(voice));
954 if (copy_to_user(optval, (char *)&voice, len))
955 err = -EFAULT;
956
957 break;
958
959 default:
960 err = -ENOPROTOOPT;
961 break;
962 }
963
964 release_sock(sk);
965 return err;
966}
967
968static int sco_sock_shutdown(struct socket *sock, int how)
969{
970 struct sock *sk = sock->sk;
971 int err = 0;
972
973 BT_DBG("sock %p, sk %p", sock, sk);
974
975 if (!sk)
976 return 0;
977
978 sock_hold(sk);
979 lock_sock(sk);
980
981 if (!sk->sk_shutdown) {
982 sk->sk_shutdown = SHUTDOWN_MASK;
983 sco_sock_clear_timer(sk);
984 __sco_sock_close(sk);
985
986 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
987 !(current->flags & PF_EXITING))
988 err = bt_sock_wait_state(sk, BT_CLOSED,
989 sk->sk_lingertime);
990 }
991
992 release_sock(sk);
993 sock_put(sk);
994
995 return err;
996}
997
998static int sco_sock_release(struct socket *sock)
999{
1000 struct sock *sk = sock->sk;
1001 int err = 0;
1002
1003 BT_DBG("sock %p, sk %p", sock, sk);
1004
1005 if (!sk)
1006 return 0;
1007
1008 sco_sock_close(sk);
1009
1010 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1011 !(current->flags & PF_EXITING)) {
1012 lock_sock(sk);
1013 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1014 release_sock(sk);
1015 }
1016
1017 sock_orphan(sk);
1018 sco_sock_kill(sk);
1019 return err;
1020}
1021
1022static void sco_conn_ready(struct sco_conn *conn)
1023{
1024 struct sock *parent;
1025 struct sock *sk = conn->sk;
1026
1027 BT_DBG("conn %p", conn);
1028
1029 if (sk) {
1030 sco_sock_clear_timer(sk);
1031 bh_lock_sock(sk);
1032 sk->sk_state = BT_CONNECTED;
1033 sk->sk_state_change(sk);
1034 bh_unlock_sock(sk);
1035 } else {
1036 sco_conn_lock(conn);
1037
1038 if (!conn->hcon) {
1039 sco_conn_unlock(conn);
1040 return;
1041 }
1042
1043 parent = sco_get_sock_listen(&conn->hcon->src);
1044 if (!parent) {
1045 sco_conn_unlock(conn);
1046 return;
1047 }
1048
1049 bh_lock_sock(parent);
1050
1051 sk = sco_sock_alloc(sock_net(parent), NULL,
1052 BTPROTO_SCO, GFP_ATOMIC, 0);
1053 if (!sk) {
1054 bh_unlock_sock(parent);
1055 sco_conn_unlock(conn);
1056 return;
1057 }
1058
1059 sco_sock_init(sk, parent);
1060
1061 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1062 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1063
1064 hci_conn_hold(conn->hcon);
1065 __sco_chan_add(conn, sk, parent);
1066
1067 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1068 sk->sk_state = BT_CONNECT2;
1069 else
1070 sk->sk_state = BT_CONNECTED;
1071
1072
1073 parent->sk_data_ready(parent);
1074
1075 bh_unlock_sock(parent);
1076
1077 sco_conn_unlock(conn);
1078 }
1079}
1080
1081
1082int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1083{
1084 struct sock *sk;
1085 int lm = 0;
1086
1087 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1088
1089
1090 read_lock(&sco_sk_list.lock);
1091 sk_for_each(sk, &sco_sk_list.head) {
1092 if (sk->sk_state != BT_LISTEN)
1093 continue;
1094
1095 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1096 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1097 lm |= HCI_LM_ACCEPT;
1098
1099 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1100 *flags |= HCI_PROTO_DEFER;
1101 break;
1102 }
1103 }
1104 read_unlock(&sco_sk_list.lock);
1105
1106 return lm;
1107}
1108
1109static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1110{
1111 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1112 return;
1113
1114 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1115
1116 if (!status) {
1117 struct sco_conn *conn;
1118
1119 conn = sco_conn_add(hcon);
1120 if (conn)
1121 sco_conn_ready(conn);
1122 } else
1123 sco_conn_del(hcon, bt_to_errno(status));
1124}
1125
1126static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1127{
1128 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1129 return;
1130
1131 BT_DBG("hcon %p reason %d", hcon, reason);
1132
1133 sco_conn_del(hcon, bt_to_errno(reason));
1134}
1135
1136void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1137{
1138 struct sco_conn *conn = hcon->sco_data;
1139
1140 if (!conn)
1141 goto drop;
1142
1143 BT_DBG("conn %p len %d", conn, skb->len);
1144
1145 if (skb->len) {
1146 sco_recv_frame(conn, skb);
1147 return;
1148 }
1149
1150drop:
1151 kfree_skb(skb);
1152}
1153
1154static struct hci_cb sco_cb = {
1155 .name = "SCO",
1156 .connect_cfm = sco_connect_cfm,
1157 .disconn_cfm = sco_disconn_cfm,
1158};
1159
1160static int sco_debugfs_show(struct seq_file *f, void *p)
1161{
1162 struct sock *sk;
1163
1164 read_lock(&sco_sk_list.lock);
1165
1166 sk_for_each(sk, &sco_sk_list.head) {
1167 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1168 &sco_pi(sk)->dst, sk->sk_state);
1169 }
1170
1171 read_unlock(&sco_sk_list.lock);
1172
1173 return 0;
1174}
1175
1176static int sco_debugfs_open(struct inode *inode, struct file *file)
1177{
1178 return single_open(file, sco_debugfs_show, inode->i_private);
1179}
1180
1181static const struct file_operations sco_debugfs_fops = {
1182 .open = sco_debugfs_open,
1183 .read = seq_read,
1184 .llseek = seq_lseek,
1185 .release = single_release,
1186};
1187
1188static struct dentry *sco_debugfs;
1189
1190static const struct proto_ops sco_sock_ops = {
1191 .family = PF_BLUETOOTH,
1192 .owner = THIS_MODULE,
1193 .release = sco_sock_release,
1194 .bind = sco_sock_bind,
1195 .connect = sco_sock_connect,
1196 .listen = sco_sock_listen,
1197 .accept = sco_sock_accept,
1198 .getname = sco_sock_getname,
1199 .sendmsg = sco_sock_sendmsg,
1200 .recvmsg = sco_sock_recvmsg,
1201 .poll = bt_sock_poll,
1202 .ioctl = bt_sock_ioctl,
1203 .mmap = sock_no_mmap,
1204 .socketpair = sock_no_socketpair,
1205 .shutdown = sco_sock_shutdown,
1206 .setsockopt = sco_sock_setsockopt,
1207 .getsockopt = sco_sock_getsockopt
1208};
1209
1210static const struct net_proto_family sco_sock_family_ops = {
1211 .family = PF_BLUETOOTH,
1212 .owner = THIS_MODULE,
1213 .create = sco_sock_create,
1214};
1215
1216int __init sco_init(void)
1217{
1218 int err;
1219
1220 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1221
1222 err = proto_register(&sco_proto, 0);
1223 if (err < 0)
1224 return err;
1225
1226 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1227 if (err < 0) {
1228 BT_ERR("SCO socket registration failed");
1229 goto error;
1230 }
1231
1232 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1233 if (err < 0) {
1234 BT_ERR("Failed to create SCO proc file");
1235 bt_sock_unregister(BTPROTO_SCO);
1236 goto error;
1237 }
1238
1239 BT_INFO("SCO socket layer initialized");
1240
1241 hci_register_cb(&sco_cb);
1242
1243 if (IS_ERR_OR_NULL(bt_debugfs))
1244 return 0;
1245
1246 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1247 NULL, &sco_debugfs_fops);
1248
1249 return 0;
1250
1251error:
1252 proto_unregister(&sco_proto);
1253 return err;
1254}
1255
1256void sco_exit(void)
1257{
1258 bt_procfs_cleanup(&init_net, "sco");
1259
1260 debugfs_remove(sco_debugfs);
1261
1262 hci_unregister_cb(&sco_cb);
1263
1264 bt_sock_unregister(BTPROTO_SCO);
1265
1266 proto_unregister(&sco_proto);
1267}
1268
1269module_param(disable_esco, bool, 0644);
1270MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1271
