1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/module.h>
28#include <linux/debugfs.h>
29#include <linux/seq_file.h>
30#include <linux/sched/signal.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/sco.h>
35
36static bool disable_esco;
37
38static const struct proto_ops sco_sock_ops;
39
40static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42};
43
44
45struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 struct delayed_work timeout_work;
52
53 unsigned int mtu;
54};
55
56#define sco_conn_lock(c) spin_lock(&c->lock)
57#define sco_conn_unlock(c) spin_unlock(&c->lock)
58
59static void sco_sock_close(struct sock *sk);
60static void sco_sock_kill(struct sock *sk);
61
62
63#define sco_pi(sk) ((struct sco_pinfo *) sk)
64
65struct sco_pinfo {
66 struct bt_sock bt;
67 bdaddr_t src;
68 bdaddr_t dst;
69 __u32 flags;
70 __u16 setting;
71 __u8 cmsg_mask;
72 struct sco_conn *conn;
73};
74
75
76#define SCO_CONN_TIMEOUT (HZ * 40)
77#define SCO_DISCONN_TIMEOUT (HZ * 2)
78
79static void sco_sock_timeout(struct work_struct *work)
80{
81 struct sco_conn *conn = container_of(work, struct sco_conn,
82 timeout_work.work);
83 struct sock *sk;
84
85 sco_conn_lock(conn);
86 sk = conn->sk;
87 if (sk)
88 sock_hold(sk);
89 sco_conn_unlock(conn);
90
91 if (!sk)
92 return;
93
94 BT_DBG("sock %p state %d", sk, sk->sk_state);
95
96 lock_sock(sk);
97 sk->sk_err = ETIMEDOUT;
98 sk->sk_state_change(sk);
99 release_sock(sk);
100 sock_put(sk);
101}
102
103static void sco_sock_set_timer(struct sock *sk, long timeout)
104{
105 if (!sco_pi(sk)->conn)
106 return;
107
108 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
109 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
110 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
111}
112
113static void sco_sock_clear_timer(struct sock *sk)
114{
115 if (!sco_pi(sk)->conn)
116 return;
117
118 BT_DBG("sock %p state %d", sk, sk->sk_state);
119 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
120}
121
122
123static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
124{
125 struct hci_dev *hdev = hcon->hdev;
126 struct sco_conn *conn = hcon->sco_data;
127
128 if (conn)
129 return conn;
130
131 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
132 if (!conn)
133 return NULL;
134
135 spin_lock_init(&conn->lock);
136
137 hcon->sco_data = conn;
138 conn->hcon = hcon;
139
140 if (hdev->sco_mtu > 0)
141 conn->mtu = hdev->sco_mtu;
142 else
143 conn->mtu = 60;
144
145 BT_DBG("hcon %p conn %p", hcon, conn);
146
147 return conn;
148}
149
150
151
152static void sco_chan_del(struct sock *sk, int err)
153{
154 struct sco_conn *conn;
155
156 conn = sco_pi(sk)->conn;
157
158 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
159
160 if (conn) {
161 sco_conn_lock(conn);
162 conn->sk = NULL;
163 sco_pi(sk)->conn = NULL;
164 sco_conn_unlock(conn);
165
166 if (conn->hcon)
167 hci_conn_drop(conn->hcon);
168 }
169
170 sk->sk_state = BT_CLOSED;
171 sk->sk_err = err;
172 sk->sk_state_change(sk);
173
174 sock_set_flag(sk, SOCK_ZAPPED);
175}
176
177static void sco_conn_del(struct hci_conn *hcon, int err)
178{
179 struct sco_conn *conn = hcon->sco_data;
180 struct sock *sk;
181
182 if (!conn)
183 return;
184
185 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
186
187
188 sco_conn_lock(conn);
189 sk = conn->sk;
190 sco_conn_unlock(conn);
191
192 if (sk) {
193 sock_hold(sk);
194 lock_sock(sk);
195 sco_sock_clear_timer(sk);
196 sco_chan_del(sk, err);
197 release_sock(sk);
198 sock_put(sk);
199
200
201 cancel_delayed_work_sync(&conn->timeout_work);
202 }
203
204 hcon->sco_data = NULL;
205 kfree(conn);
206}
207
208static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
209 struct sock *parent)
210{
211 BT_DBG("conn %p", conn);
212
213 sco_pi(sk)->conn = conn;
214 conn->sk = sk;
215
216 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
217
218 if (parent)
219 bt_accept_enqueue(parent, sk, true);
220}
221
222static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
223 struct sock *parent)
224{
225 int err = 0;
226
227 sco_conn_lock(conn);
228 if (conn->sk)
229 err = -EBUSY;
230 else
231 __sco_chan_add(conn, sk, parent);
232
233 sco_conn_unlock(conn);
234 return err;
235}
236
237static int sco_connect(struct hci_dev *hdev, struct sock *sk)
238{
239 struct sco_conn *conn;
240 struct hci_conn *hcon;
241 int err, type;
242
243 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
244
245 if (lmp_esco_capable(hdev) && !disable_esco)
246 type = ESCO_LINK;
247 else
248 type = SCO_LINK;
249
250 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
251 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)))
252 return -EOPNOTSUPP;
253
254 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
255 sco_pi(sk)->setting);
256 if (IS_ERR(hcon))
257 return PTR_ERR(hcon);
258
259 conn = sco_conn_add(hcon);
260 if (!conn) {
261 hci_conn_drop(hcon);
262 return -ENOMEM;
263 }
264
265
266 bacpy(&sco_pi(sk)->src, &hcon->src);
267
268 err = sco_chan_add(conn, sk, NULL);
269 if (err)
270 return err;
271
272 if (hcon->state == BT_CONNECTED) {
273 sco_sock_clear_timer(sk);
274 sk->sk_state = BT_CONNECTED;
275 } else {
276 sk->sk_state = BT_CONNECT;
277 sco_sock_set_timer(sk, sk->sk_sndtimeo);
278 }
279
280 return err;
281}
282
283static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
284{
285 struct sco_conn *conn = sco_pi(sk)->conn;
286 struct sk_buff *skb;
287 int err;
288
289
290 if (len > conn->mtu)
291 return -EINVAL;
292
293 BT_DBG("sk %p len %d", sk, len);
294
295 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
296 if (!skb)
297 return err;
298
299 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
300 kfree_skb(skb);
301 return -EFAULT;
302 }
303
304 hci_send_sco(conn->hcon, skb);
305
306 return len;
307}
308
309static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
310{
311 struct sock *sk;
312
313 sco_conn_lock(conn);
314 sk = conn->sk;
315 sco_conn_unlock(conn);
316
317 if (!sk)
318 goto drop;
319
320 BT_DBG("sk %p len %u", sk, skb->len);
321
322 if (sk->sk_state != BT_CONNECTED)
323 goto drop;
324
325 if (!sock_queue_rcv_skb(sk, skb))
326 return;
327
328drop:
329 kfree_skb(skb);
330}
331
332
333static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
334{
335 struct sock *sk;
336
337 sk_for_each(sk, &sco_sk_list.head) {
338 if (sk->sk_state != BT_LISTEN)
339 continue;
340
341 if (!bacmp(&sco_pi(sk)->src, ba))
342 return sk;
343 }
344
345 return NULL;
346}
347
348
349
350
351static struct sock *sco_get_sock_listen(bdaddr_t *src)
352{
353 struct sock *sk = NULL, *sk1 = NULL;
354
355 read_lock(&sco_sk_list.lock);
356
357 sk_for_each(sk, &sco_sk_list.head) {
358 if (sk->sk_state != BT_LISTEN)
359 continue;
360
361
362 if (!bacmp(&sco_pi(sk)->src, src))
363 break;
364
365
366 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
367 sk1 = sk;
368 }
369
370 read_unlock(&sco_sk_list.lock);
371
372 return sk ? sk : sk1;
373}
374
375static void sco_sock_destruct(struct sock *sk)
376{
377 BT_DBG("sk %p", sk);
378
379 skb_queue_purge(&sk->sk_receive_queue);
380 skb_queue_purge(&sk->sk_write_queue);
381}
382
383static void sco_sock_cleanup_listen(struct sock *parent)
384{
385 struct sock *sk;
386
387 BT_DBG("parent %p", parent);
388
389
390 while ((sk = bt_accept_dequeue(parent, NULL))) {
391 sco_sock_close(sk);
392 sco_sock_kill(sk);
393 }
394
395 parent->sk_state = BT_CLOSED;
396 sock_set_flag(parent, SOCK_ZAPPED);
397}
398
399
400
401
402static void sco_sock_kill(struct sock *sk)
403{
404 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
405 return;
406
407 BT_DBG("sk %p state %d", sk, sk->sk_state);
408
409
410 bt_sock_unlink(&sco_sk_list, sk);
411 sock_set_flag(sk, SOCK_DEAD);
412 sock_put(sk);
413}
414
415static void __sco_sock_close(struct sock *sk)
416{
417 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
418
419 switch (sk->sk_state) {
420 case BT_LISTEN:
421 sco_sock_cleanup_listen(sk);
422 break;
423
424 case BT_CONNECTED:
425 case BT_CONFIG:
426 if (sco_pi(sk)->conn->hcon) {
427 sk->sk_state = BT_DISCONN;
428 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
429 sco_conn_lock(sco_pi(sk)->conn);
430 hci_conn_drop(sco_pi(sk)->conn->hcon);
431 sco_pi(sk)->conn->hcon = NULL;
432 sco_conn_unlock(sco_pi(sk)->conn);
433 } else
434 sco_chan_del(sk, ECONNRESET);
435 break;
436
437 case BT_CONNECT2:
438 case BT_CONNECT:
439 case BT_DISCONN:
440 sco_chan_del(sk, ECONNRESET);
441 break;
442
443 default:
444 sock_set_flag(sk, SOCK_ZAPPED);
445 break;
446 }
447}
448
449
450static void sco_sock_close(struct sock *sk)
451{
452 lock_sock(sk);
453 sco_sock_clear_timer(sk);
454 __sco_sock_close(sk);
455 release_sock(sk);
456}
457
458static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg,
459 struct sock *sk)
460{
461 if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS)
462 put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS,
463 sizeof(bt_cb(skb)->sco.pkt_status),
464 &bt_cb(skb)->sco.pkt_status);
465}
466
467static void sco_sock_init(struct sock *sk, struct sock *parent)
468{
469 BT_DBG("sk %p", sk);
470
471 if (parent) {
472 sk->sk_type = parent->sk_type;
473 bt_sk(sk)->flags = bt_sk(parent)->flags;
474 security_sk_clone(parent, sk);
475 } else {
476 bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg;
477 }
478}
479
480static struct proto sco_proto = {
481 .name = "SCO",
482 .owner = THIS_MODULE,
483 .obj_size = sizeof(struct sco_pinfo)
484};
485
486static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
487 int proto, gfp_t prio, int kern)
488{
489 struct sock *sk;
490
491 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
492 if (!sk)
493 return NULL;
494
495 sock_init_data(sock, sk);
496 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
497
498 sk->sk_destruct = sco_sock_destruct;
499 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
500
501 sock_reset_flag(sk, SOCK_ZAPPED);
502
503 sk->sk_protocol = proto;
504 sk->sk_state = BT_OPEN;
505
506 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
507
508 bt_sock_link(&sco_sk_list, sk);
509 return sk;
510}
511
512static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
513 int kern)
514{
515 struct sock *sk;
516
517 BT_DBG("sock %p", sock);
518
519 sock->state = SS_UNCONNECTED;
520
521 if (sock->type != SOCK_SEQPACKET)
522 return -ESOCKTNOSUPPORT;
523
524 sock->ops = &sco_sock_ops;
525
526 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
527 if (!sk)
528 return -ENOMEM;
529
530 sco_sock_init(sk, NULL);
531 return 0;
532}
533
534static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
535 int addr_len)
536{
537 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
538 struct sock *sk = sock->sk;
539 int err = 0;
540
541 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
542 addr->sa_family != AF_BLUETOOTH)
543 return -EINVAL;
544
545 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
546
547 lock_sock(sk);
548
549 if (sk->sk_state != BT_OPEN) {
550 err = -EBADFD;
551 goto done;
552 }
553
554 if (sk->sk_type != SOCK_SEQPACKET) {
555 err = -EINVAL;
556 goto done;
557 }
558
559 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
560
561 sk->sk_state = BT_BOUND;
562
563done:
564 release_sock(sk);
565 return err;
566}
567
568static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
569{
570 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
571 struct sock *sk = sock->sk;
572 struct hci_dev *hdev;
573 int err;
574
575 BT_DBG("sk %p", sk);
576
577 if (alen < sizeof(struct sockaddr_sco) ||
578 addr->sa_family != AF_BLUETOOTH)
579 return -EINVAL;
580
581 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
582 return -EBADFD;
583
584 if (sk->sk_type != SOCK_SEQPACKET)
585 return -EINVAL;
586
587 hdev = hci_get_route(&sa->sco_bdaddr, &sco_pi(sk)->src, BDADDR_BREDR);
588 if (!hdev)
589 return -EHOSTUNREACH;
590 hci_dev_lock(hdev);
591
592 lock_sock(sk);
593
594
595 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
596
597 err = sco_connect(hdev, sk);
598 hci_dev_unlock(hdev);
599 hci_dev_put(hdev);
600 if (err)
601 goto done;
602
603 err = bt_sock_wait_state(sk, BT_CONNECTED,
604 sock_sndtimeo(sk, flags & O_NONBLOCK));
605
606done:
607 release_sock(sk);
608 return err;
609}
610
611static int sco_sock_listen(struct socket *sock, int backlog)
612{
613 struct sock *sk = sock->sk;
614 bdaddr_t *src = &sco_pi(sk)->src;
615 int err = 0;
616
617 BT_DBG("sk %p backlog %d", sk, backlog);
618
619 lock_sock(sk);
620
621 if (sk->sk_state != BT_BOUND) {
622 err = -EBADFD;
623 goto done;
624 }
625
626 if (sk->sk_type != SOCK_SEQPACKET) {
627 err = -EINVAL;
628 goto done;
629 }
630
631 write_lock(&sco_sk_list.lock);
632
633 if (__sco_get_sock_listen_by_addr(src)) {
634 err = -EADDRINUSE;
635 goto unlock;
636 }
637
638 sk->sk_max_ack_backlog = backlog;
639 sk->sk_ack_backlog = 0;
640
641 sk->sk_state = BT_LISTEN;
642
643unlock:
644 write_unlock(&sco_sk_list.lock);
645
646done:
647 release_sock(sk);
648 return err;
649}
650
651static int sco_sock_accept(struct socket *sock, struct socket *newsock,
652 int flags, bool kern)
653{
654 DEFINE_WAIT_FUNC(wait, woken_wake_function);
655 struct sock *sk = sock->sk, *ch;
656 long timeo;
657 int err = 0;
658
659 lock_sock(sk);
660
661 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
662
663 BT_DBG("sk %p timeo %ld", sk, timeo);
664
665
666 add_wait_queue_exclusive(sk_sleep(sk), &wait);
667 while (1) {
668 if (sk->sk_state != BT_LISTEN) {
669 err = -EBADFD;
670 break;
671 }
672
673 ch = bt_accept_dequeue(sk, newsock);
674 if (ch)
675 break;
676
677 if (!timeo) {
678 err = -EAGAIN;
679 break;
680 }
681
682 if (signal_pending(current)) {
683 err = sock_intr_errno(timeo);
684 break;
685 }
686
687 release_sock(sk);
688
689 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
690 lock_sock(sk);
691 }
692 remove_wait_queue(sk_sleep(sk), &wait);
693
694 if (err)
695 goto done;
696
697 newsock->state = SS_CONNECTED;
698
699 BT_DBG("new socket %p", ch);
700
701done:
702 release_sock(sk);
703 return err;
704}
705
706static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
707 int peer)
708{
709 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
710 struct sock *sk = sock->sk;
711
712 BT_DBG("sock %p, sk %p", sock, sk);
713
714 addr->sa_family = AF_BLUETOOTH;
715
716 if (peer)
717 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
718 else
719 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
720
721 return sizeof(struct sockaddr_sco);
722}
723
724static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
725 size_t len)
726{
727 struct sock *sk = sock->sk;
728 int err;
729
730 BT_DBG("sock %p, sk %p", sock, sk);
731
732 err = sock_error(sk);
733 if (err)
734 return err;
735
736 if (msg->msg_flags & MSG_OOB)
737 return -EOPNOTSUPP;
738
739 lock_sock(sk);
740
741 if (sk->sk_state == BT_CONNECTED)
742 err = sco_send_frame(sk, msg, len);
743 else
744 err = -ENOTCONN;
745
746 release_sock(sk);
747 return err;
748}
749
750static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
751{
752 struct hci_dev *hdev = conn->hdev;
753
754 BT_DBG("conn %p", conn);
755
756 conn->state = BT_CONFIG;
757
758 if (!lmp_esco_capable(hdev)) {
759 struct hci_cp_accept_conn_req cp;
760
761 bacpy(&cp.bdaddr, &conn->dst);
762 cp.role = 0x00;
763
764 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
765 } else {
766 struct hci_cp_accept_sync_conn_req cp;
767
768 bacpy(&cp.bdaddr, &conn->dst);
769 cp.pkt_type = cpu_to_le16(conn->pkt_type);
770
771 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
772 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
773 cp.content_format = cpu_to_le16(setting);
774
775 switch (setting & SCO_AIRMODE_MASK) {
776 case SCO_AIRMODE_TRANSP:
777 if (conn->pkt_type & ESCO_2EV3)
778 cp.max_latency = cpu_to_le16(0x0008);
779 else
780 cp.max_latency = cpu_to_le16(0x000D);
781 cp.retrans_effort = 0x02;
782 break;
783 case SCO_AIRMODE_CVSD:
784 cp.max_latency = cpu_to_le16(0xffff);
785 cp.retrans_effort = 0xff;
786 break;
787 default:
788
789 cp.max_latency = cpu_to_le16(0xffff);
790 cp.retrans_effort = 0xff;
791 break;
792 }
793
794 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
795 sizeof(cp), &cp);
796 }
797}
798
799static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
800 size_t len, int flags)
801{
802 struct sock *sk = sock->sk;
803 struct sco_pinfo *pi = sco_pi(sk);
804
805 lock_sock(sk);
806
807 if (sk->sk_state == BT_CONNECT2 &&
808 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
809 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
810 sk->sk_state = BT_CONFIG;
811
812 release_sock(sk);
813 return 0;
814 }
815
816 release_sock(sk);
817
818 return bt_sock_recvmsg(sock, msg, len, flags);
819}
820
821static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
822 sockptr_t optval, unsigned int optlen)
823{
824 struct sock *sk = sock->sk;
825 int len, err = 0;
826 struct bt_voice voice;
827 u32 opt;
828
829 BT_DBG("sk %p", sk);
830
831 lock_sock(sk);
832
833 switch (optname) {
834
835 case BT_DEFER_SETUP:
836 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
837 err = -EINVAL;
838 break;
839 }
840
841 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
842 err = -EFAULT;
843 break;
844 }
845
846 if (opt)
847 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
848 else
849 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
850 break;
851
852 case BT_VOICE:
853 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
854 sk->sk_state != BT_CONNECT2) {
855 err = -EINVAL;
856 break;
857 }
858
859 voice.setting = sco_pi(sk)->setting;
860
861 len = min_t(unsigned int, sizeof(voice), optlen);
862 if (copy_from_sockptr(&voice, optval, len)) {
863 err = -EFAULT;
864 break;
865 }
866
867
868 if (voice.setting != BT_VOICE_TRANSPARENT &&
869 voice.setting != BT_VOICE_CVSD_16BIT) {
870 err = -EINVAL;
871 break;
872 }
873
874 sco_pi(sk)->setting = voice.setting;
875 break;
876
877 case BT_PKT_STATUS:
878 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
879 err = -EFAULT;
880 break;
881 }
882
883 if (opt)
884 sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS;
885 else
886 sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS;
887 break;
888
889 default:
890 err = -ENOPROTOOPT;
891 break;
892 }
893
894 release_sock(sk);
895 return err;
896}
897
898static int sco_sock_getsockopt_old(struct socket *sock, int optname,
899 char __user *optval, int __user *optlen)
900{
901 struct sock *sk = sock->sk;
902 struct sco_options opts;
903 struct sco_conninfo cinfo;
904 int len, err = 0;
905
906 BT_DBG("sk %p", sk);
907
908 if (get_user(len, optlen))
909 return -EFAULT;
910
911 lock_sock(sk);
912
913 switch (optname) {
914 case SCO_OPTIONS:
915 if (sk->sk_state != BT_CONNECTED &&
916 !(sk->sk_state == BT_CONNECT2 &&
917 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
918 err = -ENOTCONN;
919 break;
920 }
921
922 opts.mtu = sco_pi(sk)->conn->mtu;
923
924 BT_DBG("mtu %u", opts.mtu);
925
926 len = min_t(unsigned int, len, sizeof(opts));
927 if (copy_to_user(optval, (char *)&opts, len))
928 err = -EFAULT;
929
930 break;
931
932 case SCO_CONNINFO:
933 if (sk->sk_state != BT_CONNECTED &&
934 !(sk->sk_state == BT_CONNECT2 &&
935 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
936 err = -ENOTCONN;
937 break;
938 }
939
940 memset(&cinfo, 0, sizeof(cinfo));
941 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
942 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
943
944 len = min_t(unsigned int, len, sizeof(cinfo));
945 if (copy_to_user(optval, (char *)&cinfo, len))
946 err = -EFAULT;
947
948 break;
949
950 default:
951 err = -ENOPROTOOPT;
952 break;
953 }
954
955 release_sock(sk);
956 return err;
957}
958
959static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
960 char __user *optval, int __user *optlen)
961{
962 struct sock *sk = sock->sk;
963 int len, err = 0;
964 struct bt_voice voice;
965 u32 phys;
966 int pkt_status;
967
968 BT_DBG("sk %p", sk);
969
970 if (level == SOL_SCO)
971 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
972
973 if (get_user(len, optlen))
974 return -EFAULT;
975
976 lock_sock(sk);
977
978 switch (optname) {
979
980 case BT_DEFER_SETUP:
981 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
982 err = -EINVAL;
983 break;
984 }
985
986 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
987 (u32 __user *)optval))
988 err = -EFAULT;
989
990 break;
991
992 case BT_VOICE:
993 voice.setting = sco_pi(sk)->setting;
994
995 len = min_t(unsigned int, len, sizeof(voice));
996 if (copy_to_user(optval, (char *)&voice, len))
997 err = -EFAULT;
998
999 break;
1000
1001 case BT_PHY:
1002 if (sk->sk_state != BT_CONNECTED) {
1003 err = -ENOTCONN;
1004 break;
1005 }
1006
1007 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1008
1009 if (put_user(phys, (u32 __user *) optval))
1010 err = -EFAULT;
1011 break;
1012
1013 case BT_PKT_STATUS:
1014 pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS);
1015
1016 if (put_user(pkt_status, (int __user *)optval))
1017 err = -EFAULT;
1018 break;
1019
1020 case BT_SNDMTU:
1021 case BT_RCVMTU:
1022 if (sk->sk_state != BT_CONNECTED) {
1023 err = -ENOTCONN;
1024 break;
1025 }
1026
1027 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1028 err = -EFAULT;
1029 break;
1030
1031 default:
1032 err = -ENOPROTOOPT;
1033 break;
1034 }
1035
1036 release_sock(sk);
1037 return err;
1038}
1039
1040static int sco_sock_shutdown(struct socket *sock, int how)
1041{
1042 struct sock *sk = sock->sk;
1043 int err = 0;
1044
1045 BT_DBG("sock %p, sk %p", sock, sk);
1046
1047 if (!sk)
1048 return 0;
1049
1050 sock_hold(sk);
1051 lock_sock(sk);
1052
1053 if (!sk->sk_shutdown) {
1054 sk->sk_shutdown = SHUTDOWN_MASK;
1055 sco_sock_clear_timer(sk);
1056 __sco_sock_close(sk);
1057
1058 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1059 !(current->flags & PF_EXITING))
1060 err = bt_sock_wait_state(sk, BT_CLOSED,
1061 sk->sk_lingertime);
1062 }
1063
1064 release_sock(sk);
1065 sock_put(sk);
1066
1067 return err;
1068}
1069
1070static int sco_sock_release(struct socket *sock)
1071{
1072 struct sock *sk = sock->sk;
1073 int err = 0;
1074
1075 BT_DBG("sock %p, sk %p", sock, sk);
1076
1077 if (!sk)
1078 return 0;
1079
1080 sco_sock_close(sk);
1081
1082 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1083 !(current->flags & PF_EXITING)) {
1084 lock_sock(sk);
1085 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1086 release_sock(sk);
1087 }
1088
1089 sock_orphan(sk);
1090 sco_sock_kill(sk);
1091 return err;
1092}
1093
1094static void sco_conn_ready(struct sco_conn *conn)
1095{
1096 struct sock *parent;
1097 struct sock *sk = conn->sk;
1098
1099 BT_DBG("conn %p", conn);
1100
1101 if (sk) {
1102 lock_sock(sk);
1103 sco_sock_clear_timer(sk);
1104 sk->sk_state = BT_CONNECTED;
1105 sk->sk_state_change(sk);
1106 release_sock(sk);
1107 } else {
1108 sco_conn_lock(conn);
1109
1110 if (!conn->hcon) {
1111 sco_conn_unlock(conn);
1112 return;
1113 }
1114
1115 parent = sco_get_sock_listen(&conn->hcon->src);
1116 if (!parent) {
1117 sco_conn_unlock(conn);
1118 return;
1119 }
1120
1121 lock_sock(parent);
1122
1123 sk = sco_sock_alloc(sock_net(parent), NULL,
1124 BTPROTO_SCO, GFP_ATOMIC, 0);
1125 if (!sk) {
1126 release_sock(parent);
1127 sco_conn_unlock(conn);
1128 return;
1129 }
1130
1131 sco_sock_init(sk, parent);
1132
1133 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1134 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1135
1136 hci_conn_hold(conn->hcon);
1137 __sco_chan_add(conn, sk, parent);
1138
1139 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1140 sk->sk_state = BT_CONNECT2;
1141 else
1142 sk->sk_state = BT_CONNECTED;
1143
1144
1145 parent->sk_data_ready(parent);
1146
1147 release_sock(parent);
1148
1149 sco_conn_unlock(conn);
1150 }
1151}
1152
1153
1154int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1155{
1156 struct sock *sk;
1157 int lm = 0;
1158
1159 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1160
1161
1162 read_lock(&sco_sk_list.lock);
1163 sk_for_each(sk, &sco_sk_list.head) {
1164 if (sk->sk_state != BT_LISTEN)
1165 continue;
1166
1167 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1168 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1169 lm |= HCI_LM_ACCEPT;
1170
1171 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1172 *flags |= HCI_PROTO_DEFER;
1173 break;
1174 }
1175 }
1176 read_unlock(&sco_sk_list.lock);
1177
1178 return lm;
1179}
1180
1181static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1182{
1183 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1184 return;
1185
1186 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status);
1187
1188 if (!status) {
1189 struct sco_conn *conn;
1190
1191 conn = sco_conn_add(hcon);
1192 if (conn)
1193 sco_conn_ready(conn);
1194 } else
1195 sco_conn_del(hcon, bt_to_errno(status));
1196}
1197
1198static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1199{
1200 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1201 return;
1202
1203 BT_DBG("hcon %p reason %d", hcon, reason);
1204
1205 sco_conn_del(hcon, bt_to_errno(reason));
1206}
1207
1208void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1209{
1210 struct sco_conn *conn = hcon->sco_data;
1211
1212 if (!conn)
1213 goto drop;
1214
1215 BT_DBG("conn %p len %u", conn, skb->len);
1216
1217 if (skb->len) {
1218 sco_recv_frame(conn, skb);
1219 return;
1220 }
1221
1222drop:
1223 kfree_skb(skb);
1224}
1225
1226static struct hci_cb sco_cb = {
1227 .name = "SCO",
1228 .connect_cfm = sco_connect_cfm,
1229 .disconn_cfm = sco_disconn_cfm,
1230};
1231
1232static int sco_debugfs_show(struct seq_file *f, void *p)
1233{
1234 struct sock *sk;
1235
1236 read_lock(&sco_sk_list.lock);
1237
1238 sk_for_each(sk, &sco_sk_list.head) {
1239 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1240 &sco_pi(sk)->dst, sk->sk_state);
1241 }
1242
1243 read_unlock(&sco_sk_list.lock);
1244
1245 return 0;
1246}
1247
1248DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1249
1250static struct dentry *sco_debugfs;
1251
1252static const struct proto_ops sco_sock_ops = {
1253 .family = PF_BLUETOOTH,
1254 .owner = THIS_MODULE,
1255 .release = sco_sock_release,
1256 .bind = sco_sock_bind,
1257 .connect = sco_sock_connect,
1258 .listen = sco_sock_listen,
1259 .accept = sco_sock_accept,
1260 .getname = sco_sock_getname,
1261 .sendmsg = sco_sock_sendmsg,
1262 .recvmsg = sco_sock_recvmsg,
1263 .poll = bt_sock_poll,
1264 .ioctl = bt_sock_ioctl,
1265 .gettstamp = sock_gettstamp,
1266 .mmap = sock_no_mmap,
1267 .socketpair = sock_no_socketpair,
1268 .shutdown = sco_sock_shutdown,
1269 .setsockopt = sco_sock_setsockopt,
1270 .getsockopt = sco_sock_getsockopt
1271};
1272
1273static const struct net_proto_family sco_sock_family_ops = {
1274 .family = PF_BLUETOOTH,
1275 .owner = THIS_MODULE,
1276 .create = sco_sock_create,
1277};
1278
1279int __init sco_init(void)
1280{
1281 int err;
1282
1283 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1284
1285 err = proto_register(&sco_proto, 0);
1286 if (err < 0)
1287 return err;
1288
1289 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1290 if (err < 0) {
1291 BT_ERR("SCO socket registration failed");
1292 goto error;
1293 }
1294
1295 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1296 if (err < 0) {
1297 BT_ERR("Failed to create SCO proc file");
1298 bt_sock_unregister(BTPROTO_SCO);
1299 goto error;
1300 }
1301
1302 BT_INFO("SCO socket layer initialized");
1303
1304 hci_register_cb(&sco_cb);
1305
1306 if (IS_ERR_OR_NULL(bt_debugfs))
1307 return 0;
1308
1309 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1310 NULL, &sco_debugfs_fops);
1311
1312 return 0;
1313
1314error:
1315 proto_unregister(&sco_proto);
1316 return err;
1317}
1318
1319void sco_exit(void)
1320{
1321 bt_procfs_cleanup(&init_net, "sco");
1322
1323 debugfs_remove(sco_debugfs);
1324
1325 hci_unregister_cb(&sco_cb);
1326
1327 bt_sock_unregister(BTPROTO_SCO);
1328
1329 proto_unregister(&sco_proto);
1330}
1331
1332module_param(disable_esco, bool, 0644);
1333MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1334
