1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth SCO sockets. */
26
27#include <linux/module.h>
28#include <linux/debugfs.h>
29#include <linux/seq_file.h>
30#include <linux/sched/signal.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/sco.h>
35
36static bool disable_esco;
37
38static const struct proto_ops sco_sock_ops;
39
40static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42};
43
44/* ---- SCO connections ---- */
45struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 struct delayed_work timeout_work;
52
53 unsigned int mtu;
54};
55
56#define sco_conn_lock(c) spin_lock(&c->lock)
57#define sco_conn_unlock(c) spin_unlock(&c->lock)
58
59static void sco_sock_close(struct sock *sk);
60static void sco_sock_kill(struct sock *sk);
61
62/* ----- SCO socket info ----- */
63#define sco_pi(sk) ((struct sco_pinfo *) sk)
64
65struct sco_pinfo {
66 struct bt_sock bt;
67 bdaddr_t src;
68 bdaddr_t dst;
69 __u32 flags;
70 __u16 setting;
71 struct bt_codec codec;
72 struct sco_conn *conn;
73};
74
75/* ---- SCO timers ---- */
76#define SCO_CONN_TIMEOUT (HZ * 40)
77#define SCO_DISCONN_TIMEOUT (HZ * 2)
78
79static void sco_sock_timeout(struct work_struct *work)
80{
81 struct sco_conn *conn = container_of(work, struct sco_conn,
82 timeout_work.work);
83 struct sock *sk;
84
85 sco_conn_lock(conn);
86 sk = conn->sk;
87 if (sk)
88 sock_hold(sk);
89 sco_conn_unlock(conn);
90
91 if (!sk)
92 return;
93
94 BT_DBG("sock %p state %d", sk, sk->sk_state);
95
96 lock_sock(sk);
97 sk->sk_err = ETIMEDOUT;
98 sk->sk_state_change(sk);
99 release_sock(sk);
100 sock_put(sk);
101}
102
103static void sco_sock_set_timer(struct sock *sk, long timeout)
104{
105 if (!sco_pi(sk)->conn)
106 return;
107
108 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
109 cancel_delayed_work(dwork: &sco_pi(sk)->conn->timeout_work);
110 schedule_delayed_work(dwork: &sco_pi(sk)->conn->timeout_work, delay: timeout);
111}
112
113static void sco_sock_clear_timer(struct sock *sk)
114{
115 if (!sco_pi(sk)->conn)
116 return;
117
118 BT_DBG("sock %p state %d", sk, sk->sk_state);
119 cancel_delayed_work(dwork: &sco_pi(sk)->conn->timeout_work);
120}
121
122/* ---- SCO connections ---- */
123static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
124{
125 struct hci_dev *hdev = hcon->hdev;
126 struct sco_conn *conn = hcon->sco_data;
127
128 if (conn) {
129 if (!conn->hcon)
130 conn->hcon = hcon;
131 return conn;
132 }
133
134 conn = kzalloc(size: sizeof(struct sco_conn), GFP_KERNEL);
135 if (!conn)
136 return NULL;
137
138 spin_lock_init(&conn->lock);
139 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
140
141 hcon->sco_data = conn;
142 conn->hcon = hcon;
143
144 if (hdev->sco_mtu > 0)
145 conn->mtu = hdev->sco_mtu;
146 else
147 conn->mtu = 60;
148
149 BT_DBG("hcon %p conn %p", hcon, conn);
150
151 return conn;
152}
153
154/* Delete channel.
155 * Must be called on the locked socket. */
156static void sco_chan_del(struct sock *sk, int err)
157{
158 struct sco_conn *conn;
159
160 conn = sco_pi(sk)->conn;
161
162 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
163
164 if (conn) {
165 sco_conn_lock(conn);
166 conn->sk = NULL;
167 sco_pi(sk)->conn = NULL;
168 sco_conn_unlock(conn);
169
170 if (conn->hcon)
171 hci_conn_drop(conn: conn->hcon);
172 }
173
174 sk->sk_state = BT_CLOSED;
175 sk->sk_err = err;
176 sk->sk_state_change(sk);
177
178 sock_set_flag(sk, flag: SOCK_ZAPPED);
179}
180
181static void sco_conn_del(struct hci_conn *hcon, int err)
182{
183 struct sco_conn *conn = hcon->sco_data;
184 struct sock *sk;
185
186 if (!conn)
187 return;
188
189 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
190
191 /* Kill socket */
192 sco_conn_lock(conn);
193 sk = conn->sk;
194 if (sk)
195 sock_hold(sk);
196 sco_conn_unlock(conn);
197
198 if (sk) {
199 lock_sock(sk);
200 sco_sock_clear_timer(sk);
201 sco_chan_del(sk, err);
202 release_sock(sk);
203 sock_put(sk);
204 }
205
206 /* Ensure no more work items will run before freeing conn. */
207 cancel_delayed_work_sync(dwork: &conn->timeout_work);
208
209 hcon->sco_data = NULL;
210 kfree(objp: conn);
211}
212
213static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
214 struct sock *parent)
215{
216 BT_DBG("conn %p", conn);
217
218 sco_pi(sk)->conn = conn;
219 conn->sk = sk;
220
221 if (parent)
222 bt_accept_enqueue(parent, sk, bh: true);
223}
224
225static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
226 struct sock *parent)
227{
228 int err = 0;
229
230 sco_conn_lock(conn);
231 if (conn->sk)
232 err = -EBUSY;
233 else
234 __sco_chan_add(conn, sk, parent);
235
236 sco_conn_unlock(conn);
237 return err;
238}
239
240static int sco_connect(struct sock *sk)
241{
242 struct sco_conn *conn;
243 struct hci_conn *hcon;
244 struct hci_dev *hdev;
245 int err, type;
246
247 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
248
249 hdev = hci_get_route(dst: &sco_pi(sk)->dst, src: &sco_pi(sk)->src, BDADDR_BREDR);
250 if (!hdev)
251 return -EHOSTUNREACH;
252
253 hci_dev_lock(hdev);
254
255 if (lmp_esco_capable(hdev) && !disable_esco)
256 type = ESCO_LINK;
257 else
258 type = SCO_LINK;
259
260 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
261 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
262 err = -EOPNOTSUPP;
263 goto unlock;
264 }
265
266 hcon = hci_connect_sco(hdev, type, dst: &sco_pi(sk)->dst,
267 sco_pi(sk)->setting, codec: &sco_pi(sk)->codec,
268 timeout: sk->sk_sndtimeo);
269 if (IS_ERR(ptr: hcon)) {
270 err = PTR_ERR(ptr: hcon);
271 goto unlock;
272 }
273
274 conn = sco_conn_add(hcon);
275 if (!conn) {
276 hci_conn_drop(conn: hcon);
277 err = -ENOMEM;
278 goto unlock;
279 }
280
281 lock_sock(sk);
282
283 err = sco_chan_add(conn, sk, NULL);
284 if (err) {
285 release_sock(sk);
286 goto unlock;
287 }
288
289 /* Update source addr of the socket */
290 bacpy(dst: &sco_pi(sk)->src, src: &hcon->src);
291
292 if (hcon->state == BT_CONNECTED) {
293 sco_sock_clear_timer(sk);
294 sk->sk_state = BT_CONNECTED;
295 } else {
296 sk->sk_state = BT_CONNECT;
297 sco_sock_set_timer(sk, timeout: sk->sk_sndtimeo);
298 }
299
300 release_sock(sk);
301
302unlock:
303 hci_dev_unlock(hdev);
304 hci_dev_put(d: hdev);
305 return err;
306}
307
308static int sco_send_frame(struct sock *sk, struct sk_buff *skb)
309{
310 struct sco_conn *conn = sco_pi(sk)->conn;
311 int len = skb->len;
312
313 /* Check outgoing MTU */
314 if (len > conn->mtu)
315 return -EINVAL;
316
317 BT_DBG("sk %p len %d", sk, len);
318
319 hci_send_sco(conn: conn->hcon, skb);
320
321 return len;
322}
323
324static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
325{
326 struct sock *sk;
327
328 sco_conn_lock(conn);
329 sk = conn->sk;
330 sco_conn_unlock(conn);
331
332 if (!sk)
333 goto drop;
334
335 BT_DBG("sk %p len %u", sk, skb->len);
336
337 if (sk->sk_state != BT_CONNECTED)
338 goto drop;
339
340 if (!sock_queue_rcv_skb(sk, skb))
341 return;
342
343drop:
344 kfree_skb(skb);
345}
346
347/* -------- Socket interface ---------- */
348static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
349{
350 struct sock *sk;
351
352 sk_for_each(sk, &sco_sk_list.head) {
353 if (sk->sk_state != BT_LISTEN)
354 continue;
355
356 if (!bacmp(ba1: &sco_pi(sk)->src, ba2: ba))
357 return sk;
358 }
359
360 return NULL;
361}
362
363/* Find socket listening on source bdaddr.
364 * Returns closest match.
365 */
366static struct sock *sco_get_sock_listen(bdaddr_t *src)
367{
368 struct sock *sk = NULL, *sk1 = NULL;
369
370 read_lock(&sco_sk_list.lock);
371
372 sk_for_each(sk, &sco_sk_list.head) {
373 if (sk->sk_state != BT_LISTEN)
374 continue;
375
376 /* Exact match. */
377 if (!bacmp(ba1: &sco_pi(sk)->src, ba2: src))
378 break;
379
380 /* Closest match */
381 if (!bacmp(ba1: &sco_pi(sk)->src, BDADDR_ANY))
382 sk1 = sk;
383 }
384
385 read_unlock(&sco_sk_list.lock);
386
387 return sk ? sk : sk1;
388}
389
390static void sco_sock_destruct(struct sock *sk)
391{
392 BT_DBG("sk %p", sk);
393
394 skb_queue_purge(list: &sk->sk_receive_queue);
395 skb_queue_purge(list: &sk->sk_write_queue);
396}
397
398static void sco_sock_cleanup_listen(struct sock *parent)
399{
400 struct sock *sk;
401
402 BT_DBG("parent %p", parent);
403
404 /* Close not yet accepted channels */
405 while ((sk = bt_accept_dequeue(parent, NULL))) {
406 sco_sock_close(sk);
407 sco_sock_kill(sk);
408 }
409
410 parent->sk_state = BT_CLOSED;
411 sock_set_flag(sk: parent, flag: SOCK_ZAPPED);
412}
413
414/* Kill socket (only if zapped and orphan)
415 * Must be called on unlocked socket.
416 */
417static void sco_sock_kill(struct sock *sk)
418{
419 if (!sock_flag(sk, flag: SOCK_ZAPPED) || sk->sk_socket)
420 return;
421
422 BT_DBG("sk %p state %d", sk, sk->sk_state);
423
424 /* Kill poor orphan */
425 bt_sock_unlink(l: &sco_sk_list, s: sk);
426 sock_set_flag(sk, flag: SOCK_DEAD);
427 sock_put(sk);
428}
429
430static void __sco_sock_close(struct sock *sk)
431{
432 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
433
434 switch (sk->sk_state) {
435 case BT_LISTEN:
436 sco_sock_cleanup_listen(parent: sk);
437 break;
438
439 case BT_CONNECTED:
440 case BT_CONFIG:
441 if (sco_pi(sk)->conn->hcon) {
442 sk->sk_state = BT_DISCONN;
443 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
444 sco_conn_lock(sco_pi(sk)->conn);
445 hci_conn_drop(sco_pi(sk)->conn->hcon);
446 sco_pi(sk)->conn->hcon = NULL;
447 sco_conn_unlock(sco_pi(sk)->conn);
448 } else
449 sco_chan_del(sk, ECONNRESET);
450 break;
451
452 case BT_CONNECT2:
453 case BT_CONNECT:
454 case BT_DISCONN:
455 sco_chan_del(sk, ECONNRESET);
456 break;
457
458 default:
459 sock_set_flag(sk, flag: SOCK_ZAPPED);
460 break;
461 }
462
463}
464
465/* Must be called on unlocked socket. */
466static void sco_sock_close(struct sock *sk)
467{
468 lock_sock(sk);
469 sco_sock_clear_timer(sk);
470 __sco_sock_close(sk);
471 release_sock(sk);
472}
473
474static void sco_sock_init(struct sock *sk, struct sock *parent)
475{
476 BT_DBG("sk %p", sk);
477
478 if (parent) {
479 sk->sk_type = parent->sk_type;
480 bt_sk(sk)->flags = bt_sk(parent)->flags;
481 security_sk_clone(sk: parent, newsk: sk);
482 }
483}
484
485static struct proto sco_proto = {
486 .name = "SCO",
487 .owner = THIS_MODULE,
488 .obj_size = sizeof(struct sco_pinfo)
489};
490
491static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
492 int proto, gfp_t prio, int kern)
493{
494 struct sock *sk;
495
496 sk = bt_sock_alloc(net, sock, prot: &sco_proto, proto, prio, kern);
497 if (!sk)
498 return NULL;
499
500 sk->sk_destruct = sco_sock_destruct;
501 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
502
503 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
504 sco_pi(sk)->codec.id = BT_CODEC_CVSD;
505 sco_pi(sk)->codec.cid = 0xffff;
506 sco_pi(sk)->codec.vid = 0xffff;
507 sco_pi(sk)->codec.data_path = 0x00;
508
509 bt_sock_link(l: &sco_sk_list, s: sk);
510 return sk;
511}
512
513static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
514 int kern)
515{
516 struct sock *sk;
517
518 BT_DBG("sock %p", sock);
519
520 sock->state = SS_UNCONNECTED;
521
522 if (sock->type != SOCK_SEQPACKET)
523 return -ESOCKTNOSUPPORT;
524
525 sock->ops = &sco_sock_ops;
526
527 sk = sco_sock_alloc(net, sock, proto: protocol, GFP_ATOMIC, kern);
528 if (!sk)
529 return -ENOMEM;
530
531 sco_sock_init(sk, NULL);
532 return 0;
533}
534
535static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
536 int addr_len)
537{
538 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
539 struct sock *sk = sock->sk;
540 int err = 0;
541
542 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
543 addr->sa_family != AF_BLUETOOTH)
544 return -EINVAL;
545
546 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
547
548 lock_sock(sk);
549
550 if (sk->sk_state != BT_OPEN) {
551 err = -EBADFD;
552 goto done;
553 }
554
555 if (sk->sk_type != SOCK_SEQPACKET) {
556 err = -EINVAL;
557 goto done;
558 }
559
560 bacpy(dst: &sco_pi(sk)->src, src: &sa->sco_bdaddr);
561
562 sk->sk_state = BT_BOUND;
563
564done:
565 release_sock(sk);
566 return err;
567}
568
569static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
570{
571 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
572 struct sock *sk = sock->sk;
573 int err;
574
575 BT_DBG("sk %p", sk);
576
577 if (alen < sizeof(struct sockaddr_sco) ||
578 addr->sa_family != AF_BLUETOOTH)
579 return -EINVAL;
580
581 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
582 return -EBADFD;
583
584 if (sk->sk_type != SOCK_SEQPACKET)
585 err = -EINVAL;
586
587 lock_sock(sk);
588 /* Set destination address and psm */
589 bacpy(dst: &sco_pi(sk)->dst, src: &sa->sco_bdaddr);
590 release_sock(sk);
591
592 err = sco_connect(sk);
593 if (err)
594 return err;
595
596 lock_sock(sk);
597
598 err = bt_sock_wait_state(sk, state: BT_CONNECTED,
599 timeo: sock_sndtimeo(sk, noblock: flags & O_NONBLOCK));
600
601 release_sock(sk);
602 return err;
603}
604
605static int sco_sock_listen(struct socket *sock, int backlog)
606{
607 struct sock *sk = sock->sk;
608 bdaddr_t *src = &sco_pi(sk)->src;
609 int err = 0;
610
611 BT_DBG("sk %p backlog %d", sk, backlog);
612
613 lock_sock(sk);
614
615 if (sk->sk_state != BT_BOUND) {
616 err = -EBADFD;
617 goto done;
618 }
619
620 if (sk->sk_type != SOCK_SEQPACKET) {
621 err = -EINVAL;
622 goto done;
623 }
624
625 write_lock(&sco_sk_list.lock);
626
627 if (__sco_get_sock_listen_by_addr(ba: src)) {
628 err = -EADDRINUSE;
629 goto unlock;
630 }
631
632 sk->sk_max_ack_backlog = backlog;
633 sk->sk_ack_backlog = 0;
634
635 sk->sk_state = BT_LISTEN;
636
637unlock:
638 write_unlock(&sco_sk_list.lock);
639
640done:
641 release_sock(sk);
642 return err;
643}
644
645static int sco_sock_accept(struct socket *sock, struct socket *newsock,
646 int flags, bool kern)
647{
648 DEFINE_WAIT_FUNC(wait, woken_wake_function);
649 struct sock *sk = sock->sk, *ch;
650 long timeo;
651 int err = 0;
652
653 lock_sock(sk);
654
655 timeo = sock_rcvtimeo(sk, noblock: flags & O_NONBLOCK);
656
657 BT_DBG("sk %p timeo %ld", sk, timeo);
658
659 /* Wait for an incoming connection. (wake-one). */
660 add_wait_queue_exclusive(wq_head: sk_sleep(sk), wq_entry: &wait);
661 while (1) {
662 if (sk->sk_state != BT_LISTEN) {
663 err = -EBADFD;
664 break;
665 }
666
667 ch = bt_accept_dequeue(parent: sk, newsock);
668 if (ch)
669 break;
670
671 if (!timeo) {
672 err = -EAGAIN;
673 break;
674 }
675
676 if (signal_pending(current)) {
677 err = sock_intr_errno(timeo);
678 break;
679 }
680
681 release_sock(sk);
682
683 timeo = wait_woken(wq_entry: &wait, TASK_INTERRUPTIBLE, timeout: timeo);
684 lock_sock(sk);
685 }
686 remove_wait_queue(wq_head: sk_sleep(sk), wq_entry: &wait);
687
688 if (err)
689 goto done;
690
691 newsock->state = SS_CONNECTED;
692
693 BT_DBG("new socket %p", ch);
694
695done:
696 release_sock(sk);
697 return err;
698}
699
700static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
701 int peer)
702{
703 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
704 struct sock *sk = sock->sk;
705
706 BT_DBG("sock %p, sk %p", sock, sk);
707
708 addr->sa_family = AF_BLUETOOTH;
709
710 if (peer)
711 bacpy(dst: &sa->sco_bdaddr, src: &sco_pi(sk)->dst);
712 else
713 bacpy(dst: &sa->sco_bdaddr, src: &sco_pi(sk)->src);
714
715 return sizeof(struct sockaddr_sco);
716}
717
718static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
719 size_t len)
720{
721 struct sock *sk = sock->sk;
722 struct sk_buff *skb;
723 int err;
724
725 BT_DBG("sock %p, sk %p", sock, sk);
726
727 err = sock_error(sk);
728 if (err)
729 return err;
730
731 if (msg->msg_flags & MSG_OOB)
732 return -EOPNOTSUPP;
733
734 skb = bt_skb_sendmsg(sk, msg, len, mtu: len, headroom: 0, tailroom: 0);
735 if (IS_ERR(ptr: skb))
736 return PTR_ERR(ptr: skb);
737
738 lock_sock(sk);
739
740 if (sk->sk_state == BT_CONNECTED)
741 err = sco_send_frame(sk, skb);
742 else
743 err = -ENOTCONN;
744
745 release_sock(sk);
746
747 if (err < 0)
748 kfree_skb(skb);
749 return err;
750}
751
752static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
753{
754 struct hci_dev *hdev = conn->hdev;
755
756 BT_DBG("conn %p", conn);
757
758 conn->state = BT_CONFIG;
759
760 if (!lmp_esco_capable(hdev)) {
761 struct hci_cp_accept_conn_req cp;
762
763 bacpy(dst: &cp.bdaddr, src: &conn->dst);
764 cp.role = 0x00; /* Ignored */
765
766 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, plen: sizeof(cp), param: &cp);
767 } else {
768 struct hci_cp_accept_sync_conn_req cp;
769
770 bacpy(dst: &cp.bdaddr, src: &conn->dst);
771 cp.pkt_type = cpu_to_le16(conn->pkt_type);
772
773 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
774 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
775 cp.content_format = cpu_to_le16(setting);
776
777 switch (setting & SCO_AIRMODE_MASK) {
778 case SCO_AIRMODE_TRANSP:
779 if (conn->pkt_type & ESCO_2EV3)
780 cp.max_latency = cpu_to_le16(0x0008);
781 else
782 cp.max_latency = cpu_to_le16(0x000D);
783 cp.retrans_effort = 0x02;
784 break;
785 case SCO_AIRMODE_CVSD:
786 cp.max_latency = cpu_to_le16(0xffff);
787 cp.retrans_effort = 0xff;
788 break;
789 default:
790 /* use CVSD settings as fallback */
791 cp.max_latency = cpu_to_le16(0xffff);
792 cp.retrans_effort = 0xff;
793 break;
794 }
795
796 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
797 plen: sizeof(cp), param: &cp);
798 }
799}
800
801static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
802 size_t len, int flags)
803{
804 struct sock *sk = sock->sk;
805 struct sco_pinfo *pi = sco_pi(sk);
806
807 lock_sock(sk);
808
809 if (sk->sk_state == BT_CONNECT2 &&
810 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
811 sco_conn_defer_accept(conn: pi->conn->hcon, setting: pi->setting);
812 sk->sk_state = BT_CONFIG;
813
814 release_sock(sk);
815 return 0;
816 }
817
818 release_sock(sk);
819
820 return bt_sock_recvmsg(sock, msg, len, flags);
821}
822
823static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
824 sockptr_t optval, unsigned int optlen)
825{
826 struct sock *sk = sock->sk;
827 int err = 0;
828 struct bt_voice voice;
829 u32 opt;
830 struct bt_codecs *codecs;
831 struct hci_dev *hdev;
832 __u8 buffer[255];
833
834 BT_DBG("sk %p", sk);
835
836 lock_sock(sk);
837
838 switch (optname) {
839
840 case BT_DEFER_SETUP:
841 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
842 err = -EINVAL;
843 break;
844 }
845
846 err = bt_copy_from_sockptr(dst: &opt, dst_size: sizeof(opt), src: optval, src_size: optlen);
847 if (err)
848 break;
849
850 if (opt)
851 set_bit(nr: BT_SK_DEFER_SETUP, addr: &bt_sk(sk)->flags);
852 else
853 clear_bit(nr: BT_SK_DEFER_SETUP, addr: &bt_sk(sk)->flags);
854 break;
855
856 case BT_VOICE:
857 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
858 sk->sk_state != BT_CONNECT2) {
859 err = -EINVAL;
860 break;
861 }
862
863 voice.setting = sco_pi(sk)->setting;
864
865 err = bt_copy_from_sockptr(dst: &voice, dst_size: sizeof(voice), src: optval,
866 src_size: optlen);
867 if (err)
868 break;
869
870 /* Explicitly check for these values */
871 if (voice.setting != BT_VOICE_TRANSPARENT &&
872 voice.setting != BT_VOICE_CVSD_16BIT) {
873 err = -EINVAL;
874 break;
875 }
876
877 sco_pi(sk)->setting = voice.setting;
878 hdev = hci_get_route(dst: &sco_pi(sk)->dst, src: &sco_pi(sk)->src,
879 BDADDR_BREDR);
880 if (!hdev) {
881 err = -EBADFD;
882 break;
883 }
884 if (enhanced_sync_conn_capable(hdev) &&
885 voice.setting == BT_VOICE_TRANSPARENT)
886 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT;
887 hci_dev_put(d: hdev);
888 break;
889
890 case BT_PKT_STATUS:
891 err = bt_copy_from_sockptr(dst: &opt, dst_size: sizeof(opt), src: optval, src_size: optlen);
892 if (err)
893 break;
894
895 if (opt)
896 set_bit(nr: BT_SK_PKT_STATUS, addr: &bt_sk(sk)->flags);
897 else
898 clear_bit(nr: BT_SK_PKT_STATUS, addr: &bt_sk(sk)->flags);
899 break;
900
901 case BT_CODEC:
902 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
903 sk->sk_state != BT_CONNECT2) {
904 err = -EINVAL;
905 break;
906 }
907
908 hdev = hci_get_route(dst: &sco_pi(sk)->dst, src: &sco_pi(sk)->src,
909 BDADDR_BREDR);
910 if (!hdev) {
911 err = -EBADFD;
912 break;
913 }
914
915 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
916 hci_dev_put(d: hdev);
917 err = -EOPNOTSUPP;
918 break;
919 }
920
921 if (!hdev->get_data_path_id) {
922 hci_dev_put(d: hdev);
923 err = -EOPNOTSUPP;
924 break;
925 }
926
927 if (optlen < sizeof(struct bt_codecs) ||
928 optlen > sizeof(buffer)) {
929 hci_dev_put(d: hdev);
930 err = -EINVAL;
931 break;
932 }
933
934 err = bt_copy_from_sockptr(dst: buffer, dst_size: optlen, src: optval, src_size: optlen);
935 if (err) {
936 hci_dev_put(d: hdev);
937 break;
938 }
939
940 codecs = (void *)buffer;
941
942 if (codecs->num_codecs > 1) {
943 hci_dev_put(d: hdev);
944 err = -EINVAL;
945 break;
946 }
947
948 sco_pi(sk)->codec = codecs->codecs[0];
949 hci_dev_put(d: hdev);
950 break;
951
952 default:
953 err = -ENOPROTOOPT;
954 break;
955 }
956
957 release_sock(sk);
958 return err;
959}
960
961static int sco_sock_getsockopt_old(struct socket *sock, int optname,
962 char __user *optval, int __user *optlen)
963{
964 struct sock *sk = sock->sk;
965 struct sco_options opts;
966 struct sco_conninfo cinfo;
967 int len, err = 0;
968
969 BT_DBG("sk %p", sk);
970
971 if (get_user(len, optlen))
972 return -EFAULT;
973
974 lock_sock(sk);
975
976 switch (optname) {
977 case SCO_OPTIONS:
978 if (sk->sk_state != BT_CONNECTED &&
979 !(sk->sk_state == BT_CONNECT2 &&
980 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
981 err = -ENOTCONN;
982 break;
983 }
984
985 opts.mtu = sco_pi(sk)->conn->mtu;
986
987 BT_DBG("mtu %u", opts.mtu);
988
989 len = min_t(unsigned int, len, sizeof(opts));
990 if (copy_to_user(to: optval, from: (char *)&opts, n: len))
991 err = -EFAULT;
992
993 break;
994
995 case SCO_CONNINFO:
996 if (sk->sk_state != BT_CONNECTED &&
997 !(sk->sk_state == BT_CONNECT2 &&
998 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
999 err = -ENOTCONN;
1000 break;
1001 }
1002
1003 memset(&cinfo, 0, sizeof(cinfo));
1004 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
1005 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
1006
1007 len = min_t(unsigned int, len, sizeof(cinfo));
1008 if (copy_to_user(to: optval, from: (char *)&cinfo, n: len))
1009 err = -EFAULT;
1010
1011 break;
1012
1013 default:
1014 err = -ENOPROTOOPT;
1015 break;
1016 }
1017
1018 release_sock(sk);
1019 return err;
1020}
1021
1022static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
1023 char __user *optval, int __user *optlen)
1024{
1025 struct sock *sk = sock->sk;
1026 int len, err = 0;
1027 struct bt_voice voice;
1028 u32 phys;
1029 int buf_len;
1030 struct codec_list *c;
1031 u8 num_codecs, i, __user *ptr;
1032 struct hci_dev *hdev;
1033 struct hci_codec_caps *caps;
1034 struct bt_codec codec;
1035
1036 BT_DBG("sk %p", sk);
1037
1038 if (level == SOL_SCO)
1039 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
1040
1041 if (get_user(len, optlen))
1042 return -EFAULT;
1043
1044 lock_sock(sk);
1045
1046 switch (optname) {
1047
1048 case BT_DEFER_SETUP:
1049 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1050 err = -EINVAL;
1051 break;
1052 }
1053
1054 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1055 (u32 __user *)optval))
1056 err = -EFAULT;
1057
1058 break;
1059
1060 case BT_VOICE:
1061 voice.setting = sco_pi(sk)->setting;
1062
1063 len = min_t(unsigned int, len, sizeof(voice));
1064 if (copy_to_user(to: optval, from: (char *)&voice, n: len))
1065 err = -EFAULT;
1066
1067 break;
1068
1069 case BT_PHY:
1070 if (sk->sk_state != BT_CONNECTED) {
1071 err = -ENOTCONN;
1072 break;
1073 }
1074
1075 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1076
1077 if (put_user(phys, (u32 __user *) optval))
1078 err = -EFAULT;
1079 break;
1080
1081 case BT_PKT_STATUS:
1082 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1083 (int __user *)optval))
1084 err = -EFAULT;
1085 break;
1086
1087 case BT_SNDMTU:
1088 case BT_RCVMTU:
1089 if (sk->sk_state != BT_CONNECTED) {
1090 err = -ENOTCONN;
1091 break;
1092 }
1093
1094 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1095 err = -EFAULT;
1096 break;
1097
1098 case BT_CODEC:
1099 num_codecs = 0;
1100 buf_len = 0;
1101
1102 hdev = hci_get_route(dst: &sco_pi(sk)->dst, src: &sco_pi(sk)->src, BDADDR_BREDR);
1103 if (!hdev) {
1104 err = -EBADFD;
1105 break;
1106 }
1107
1108 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
1109 hci_dev_put(d: hdev);
1110 err = -EOPNOTSUPP;
1111 break;
1112 }
1113
1114 if (!hdev->get_data_path_id) {
1115 hci_dev_put(d: hdev);
1116 err = -EOPNOTSUPP;
1117 break;
1118 }
1119
1120 release_sock(sk);
1121
1122 /* find total buffer size required to copy codec + caps */
1123 hci_dev_lock(hdev);
1124 list_for_each_entry(c, &hdev->local_codecs, list) {
1125 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1126 continue;
1127 num_codecs++;
1128 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1129 buf_len += 1 + caps->len;
1130 caps = (void *)&caps->data[caps->len];
1131 }
1132 buf_len += sizeof(struct bt_codec);
1133 }
1134 hci_dev_unlock(hdev);
1135
1136 buf_len += sizeof(struct bt_codecs);
1137 if (buf_len > len) {
1138 hci_dev_put(d: hdev);
1139 return -ENOBUFS;
1140 }
1141 ptr = optval;
1142
1143 if (put_user(num_codecs, ptr)) {
1144 hci_dev_put(d: hdev);
1145 return -EFAULT;
1146 }
1147 ptr += sizeof(num_codecs);
1148
1149 /* Iterate all the codecs supported over SCO and populate
1150 * codec data
1151 */
1152 hci_dev_lock(hdev);
1153 list_for_each_entry(c, &hdev->local_codecs, list) {
1154 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1155 continue;
1156
1157 codec.id = c->id;
1158 codec.cid = c->cid;
1159 codec.vid = c->vid;
1160 err = hdev->get_data_path_id(hdev, &codec.data_path);
1161 if (err < 0)
1162 break;
1163 codec.num_caps = c->num_caps;
1164 if (copy_to_user(to: ptr, from: &codec, n: sizeof(codec))) {
1165 err = -EFAULT;
1166 break;
1167 }
1168 ptr += sizeof(codec);
1169
1170 /* find codec capabilities data length */
1171 len = 0;
1172 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1173 len += 1 + caps->len;
1174 caps = (void *)&caps->data[caps->len];
1175 }
1176
1177 /* copy codec capabilities data */
1178 if (len && copy_to_user(to: ptr, from: c->caps, n: len)) {
1179 err = -EFAULT;
1180 break;
1181 }
1182 ptr += len;
1183 }
1184
1185 hci_dev_unlock(hdev);
1186 hci_dev_put(d: hdev);
1187
1188 lock_sock(sk);
1189
1190 if (!err && put_user(buf_len, optlen))
1191 err = -EFAULT;
1192
1193 break;
1194
1195 default:
1196 err = -ENOPROTOOPT;
1197 break;
1198 }
1199
1200 release_sock(sk);
1201 return err;
1202}
1203
1204static int sco_sock_shutdown(struct socket *sock, int how)
1205{
1206 struct sock *sk = sock->sk;
1207 int err = 0;
1208
1209 BT_DBG("sock %p, sk %p", sock, sk);
1210
1211 if (!sk)
1212 return 0;
1213
1214 sock_hold(sk);
1215 lock_sock(sk);
1216
1217 if (!sk->sk_shutdown) {
1218 sk->sk_shutdown = SHUTDOWN_MASK;
1219 sco_sock_clear_timer(sk);
1220 __sco_sock_close(sk);
1221
1222 if (sock_flag(sk, flag: SOCK_LINGER) && sk->sk_lingertime &&
1223 !(current->flags & PF_EXITING))
1224 err = bt_sock_wait_state(sk, state: BT_CLOSED,
1225 timeo: sk->sk_lingertime);
1226 }
1227
1228 release_sock(sk);
1229 sock_put(sk);
1230
1231 return err;
1232}
1233
1234static int sco_sock_release(struct socket *sock)
1235{
1236 struct sock *sk = sock->sk;
1237 int err = 0;
1238
1239 BT_DBG("sock %p, sk %p", sock, sk);
1240
1241 if (!sk)
1242 return 0;
1243
1244 sco_sock_close(sk);
1245
1246 if (sock_flag(sk, flag: SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
1247 !(current->flags & PF_EXITING)) {
1248 lock_sock(sk);
1249 err = bt_sock_wait_state(sk, state: BT_CLOSED, timeo: sk->sk_lingertime);
1250 release_sock(sk);
1251 }
1252
1253 sock_orphan(sk);
1254 sco_sock_kill(sk);
1255 return err;
1256}
1257
1258static void sco_conn_ready(struct sco_conn *conn)
1259{
1260 struct sock *parent;
1261 struct sock *sk = conn->sk;
1262
1263 BT_DBG("conn %p", conn);
1264
1265 if (sk) {
1266 lock_sock(sk);
1267 sco_sock_clear_timer(sk);
1268 sk->sk_state = BT_CONNECTED;
1269 sk->sk_state_change(sk);
1270 release_sock(sk);
1271 } else {
1272 sco_conn_lock(conn);
1273
1274 if (!conn->hcon) {
1275 sco_conn_unlock(conn);
1276 return;
1277 }
1278
1279 parent = sco_get_sock_listen(src: &conn->hcon->src);
1280 if (!parent) {
1281 sco_conn_unlock(conn);
1282 return;
1283 }
1284
1285 lock_sock(sk: parent);
1286
1287 sk = sco_sock_alloc(net: sock_net(sk: parent), NULL,
1288 BTPROTO_SCO, GFP_ATOMIC, kern: 0);
1289 if (!sk) {
1290 release_sock(sk: parent);
1291 sco_conn_unlock(conn);
1292 return;
1293 }
1294
1295 sco_sock_init(sk, parent);
1296
1297 bacpy(dst: &sco_pi(sk)->src, src: &conn->hcon->src);
1298 bacpy(dst: &sco_pi(sk)->dst, src: &conn->hcon->dst);
1299
1300 hci_conn_hold(conn: conn->hcon);
1301 __sco_chan_add(conn, sk, parent);
1302
1303 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1304 sk->sk_state = BT_CONNECT2;
1305 else
1306 sk->sk_state = BT_CONNECTED;
1307
1308 /* Wake up parent */
1309 parent->sk_data_ready(parent);
1310
1311 release_sock(sk: parent);
1312
1313 sco_conn_unlock(conn);
1314 }
1315}
1316
1317/* ----- SCO interface with lower layer (HCI) ----- */
1318int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1319{
1320 struct sock *sk;
1321 int lm = 0;
1322
1323 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1324
1325 /* Find listening sockets */
1326 read_lock(&sco_sk_list.lock);
1327 sk_for_each(sk, &sco_sk_list.head) {
1328 if (sk->sk_state != BT_LISTEN)
1329 continue;
1330
1331 if (!bacmp(ba1: &sco_pi(sk)->src, ba2: &hdev->bdaddr) ||
1332 !bacmp(ba1: &sco_pi(sk)->src, BDADDR_ANY)) {
1333 lm |= HCI_LM_ACCEPT;
1334
1335 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1336 *flags |= HCI_PROTO_DEFER;
1337 break;
1338 }
1339 }
1340 read_unlock(&sco_sk_list.lock);
1341
1342 return lm;
1343}
1344
1345static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1346{
1347 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1348 return;
1349
1350 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status);
1351
1352 if (!status) {
1353 struct sco_conn *conn;
1354
1355 conn = sco_conn_add(hcon);
1356 if (conn)
1357 sco_conn_ready(conn);
1358 } else
1359 sco_conn_del(hcon, err: bt_to_errno(code: status));
1360}
1361
1362static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1363{
1364 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1365 return;
1366
1367 BT_DBG("hcon %p reason %d", hcon, reason);
1368
1369 sco_conn_del(hcon, err: bt_to_errno(code: reason));
1370}
1371
1372void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1373{
1374 struct sco_conn *conn = hcon->sco_data;
1375
1376 if (!conn)
1377 goto drop;
1378
1379 BT_DBG("conn %p len %u", conn, skb->len);
1380
1381 if (skb->len) {
1382 sco_recv_frame(conn, skb);
1383 return;
1384 }
1385
1386drop:
1387 kfree_skb(skb);
1388}
1389
1390static struct hci_cb sco_cb = {
1391 .name = "SCO",
1392 .connect_cfm = sco_connect_cfm,
1393 .disconn_cfm = sco_disconn_cfm,
1394};
1395
1396static int sco_debugfs_show(struct seq_file *f, void *p)
1397{
1398 struct sock *sk;
1399
1400 read_lock(&sco_sk_list.lock);
1401
1402 sk_for_each(sk, &sco_sk_list.head) {
1403 seq_printf(m: f, fmt: "%pMR %pMR %d\n", &sco_pi(sk)->src,
1404 &sco_pi(sk)->dst, sk->sk_state);
1405 }
1406
1407 read_unlock(&sco_sk_list.lock);
1408
1409 return 0;
1410}
1411
1412DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1413
1414static struct dentry *sco_debugfs;
1415
1416static const struct proto_ops sco_sock_ops = {
1417 .family = PF_BLUETOOTH,
1418 .owner = THIS_MODULE,
1419 .release = sco_sock_release,
1420 .bind = sco_sock_bind,
1421 .connect = sco_sock_connect,
1422 .listen = sco_sock_listen,
1423 .accept = sco_sock_accept,
1424 .getname = sco_sock_getname,
1425 .sendmsg = sco_sock_sendmsg,
1426 .recvmsg = sco_sock_recvmsg,
1427 .poll = bt_sock_poll,
1428 .ioctl = bt_sock_ioctl,
1429 .gettstamp = sock_gettstamp,
1430 .mmap = sock_no_mmap,
1431 .socketpair = sock_no_socketpair,
1432 .shutdown = sco_sock_shutdown,
1433 .setsockopt = sco_sock_setsockopt,
1434 .getsockopt = sco_sock_getsockopt
1435};
1436
1437static const struct net_proto_family sco_sock_family_ops = {
1438 .family = PF_BLUETOOTH,
1439 .owner = THIS_MODULE,
1440 .create = sco_sock_create,
1441};
1442
1443int __init sco_init(void)
1444{
1445 int err;
1446
1447 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1448
1449 err = proto_register(prot: &sco_proto, alloc_slab: 0);
1450 if (err < 0)
1451 return err;
1452
1453 err = bt_sock_register(BTPROTO_SCO, ops: &sco_sock_family_ops);
1454 if (err < 0) {
1455 BT_ERR("SCO socket registration failed");
1456 goto error;
1457 }
1458
1459 err = bt_procfs_init(net: &init_net, name: "sco", sk_list: &sco_sk_list, NULL);
1460 if (err < 0) {
1461 BT_ERR("Failed to create SCO proc file");
1462 bt_sock_unregister(BTPROTO_SCO);
1463 goto error;
1464 }
1465
1466 BT_INFO("SCO socket layer initialized");
1467
1468 hci_register_cb(hcb: &sco_cb);
1469
1470 if (IS_ERR_OR_NULL(ptr: bt_debugfs))
1471 return 0;
1472
1473 sco_debugfs = debugfs_create_file(name: "sco", mode: 0444, parent: bt_debugfs,
1474 NULL, fops: &sco_debugfs_fops);
1475
1476 return 0;
1477
1478error:
1479 proto_unregister(prot: &sco_proto);
1480 return err;
1481}
1482
1483void sco_exit(void)
1484{
1485 bt_procfs_cleanup(net: &init_net, name: "sco");
1486
1487 debugfs_remove(dentry: sco_debugfs);
1488
1489 hci_unregister_cb(hcb: &sco_cb);
1490
1491 bt_sock_unregister(BTPROTO_SCO);
1492
1493 proto_unregister(prot: &sco_proto);
1494}
1495
1496module_param(disable_esco, bool, 0644);
1497MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1498

source code of linux/net/bluetooth/sco.c