sco.c (30326B)
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23*/ 24 25/* Bluetooth SCO sockets. */ 26 27#include <linux/module.h> 28#include <linux/debugfs.h> 29#include <linux/seq_file.h> 30#include <linux/sched/signal.h> 31 32#include <net/bluetooth/bluetooth.h> 33#include <net/bluetooth/hci_core.h> 34#include <net/bluetooth/sco.h> 35 36static bool disable_esco; 37 38static const struct proto_ops sco_sock_ops; 39 40static struct bt_sock_list sco_sk_list = { 41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock) 42}; 43 44/* ---- SCO connections ---- */ 45struct sco_conn { 46 struct hci_conn *hcon; 47 48 spinlock_t lock; 49 struct sock *sk; 50 51 struct delayed_work timeout_work; 52 53 unsigned int mtu; 54}; 55 56#define sco_conn_lock(c) spin_lock(&c->lock) 57#define sco_conn_unlock(c) spin_unlock(&c->lock) 58 59static void sco_sock_close(struct sock *sk); 60static void sco_sock_kill(struct sock *sk); 61 62/* ----- SCO socket info ----- */ 63#define sco_pi(sk) ((struct sco_pinfo *) sk) 64 65struct sco_pinfo { 66 struct bt_sock bt; 67 bdaddr_t src; 68 bdaddr_t dst; 69 __u32 flags; 70 __u16 setting; 71 __u8 cmsg_mask; 72 struct bt_codec codec; 73 struct sco_conn *conn; 74}; 75 76/* ---- SCO timers ---- */ 77#define SCO_CONN_TIMEOUT (HZ * 40) 78#define SCO_DISCONN_TIMEOUT (HZ * 2) 79 80static void sco_sock_timeout(struct work_struct *work) 81{ 82 struct sco_conn *conn = container_of(work, struct sco_conn, 83 timeout_work.work); 84 struct sock *sk; 85 86 sco_conn_lock(conn); 87 sk = conn->sk; 88 if (sk) 89 sock_hold(sk); 90 sco_conn_unlock(conn); 91 92 if (!sk) 93 return; 94 95 BT_DBG("sock %p state %d", sk, sk->sk_state); 96 97 lock_sock(sk); 98 sk->sk_err = ETIMEDOUT; 99 sk->sk_state_change(sk); 100 release_sock(sk); 101 sock_put(sk); 102} 103 104static void sco_sock_set_timer(struct sock *sk, long timeout) 105{ 106 if (!sco_pi(sk)->conn) 107 return; 108 109 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 110 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 111 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout); 112} 113 114static void sco_sock_clear_timer(struct sock *sk) 115{ 116 if (!sco_pi(sk)->conn) 117 return; 118 119 BT_DBG("sock %p state %d", sk, sk->sk_state); 120 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); 121} 122 123/* ---- SCO connections ---- */ 124static struct sco_conn *sco_conn_add(struct hci_conn *hcon) 125{ 126 struct hci_dev *hdev = hcon->hdev; 127 struct sco_conn *conn = hcon->sco_data; 128 129 if (conn) 130 return conn; 131 132 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); 133 if (!conn) 134 return NULL; 135 136 spin_lock_init(&conn->lock); 137 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout); 138 139 hcon->sco_data = conn; 140 conn->hcon = hcon; 141 142 if (hdev->sco_mtu > 0) 143 conn->mtu = hdev->sco_mtu; 144 else 145 conn->mtu = 60; 146 147 BT_DBG("hcon %p conn %p", hcon, conn); 148 149 return conn; 150} 151 152/* Delete channel. 153 * Must be called on the locked socket. */ 154static void sco_chan_del(struct sock *sk, int err) 155{ 156 struct sco_conn *conn; 157 158 conn = sco_pi(sk)->conn; 159 160 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 161 162 if (conn) { 163 sco_conn_lock(conn); 164 conn->sk = NULL; 165 sco_pi(sk)->conn = NULL; 166 sco_conn_unlock(conn); 167 168 if (conn->hcon) 169 hci_conn_drop(conn->hcon); 170 } 171 172 sk->sk_state = BT_CLOSED; 173 sk->sk_err = err; 174 sk->sk_state_change(sk); 175 176 sock_set_flag(sk, SOCK_ZAPPED); 177} 178 179static void sco_conn_del(struct hci_conn *hcon, int err) 180{ 181 struct sco_conn *conn = hcon->sco_data; 182 struct sock *sk; 183 184 if (!conn) 185 return; 186 187 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 188 189 /* Kill socket */ 190 sco_conn_lock(conn); 191 sk = conn->sk; 192 if (sk) 193 sock_hold(sk); 194 sco_conn_unlock(conn); 195 196 if (sk) { 197 lock_sock(sk); 198 sco_sock_clear_timer(sk); 199 sco_chan_del(sk, err); 200 release_sock(sk); 201 sock_put(sk); 202 } 203 204 /* Ensure no more work items will run before freeing conn. */ 205 cancel_delayed_work_sync(&conn->timeout_work); 206 207 hcon->sco_data = NULL; 208 kfree(conn); 209} 210 211static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, 212 struct sock *parent) 213{ 214 BT_DBG("conn %p", conn); 215 216 sco_pi(sk)->conn = conn; 217 conn->sk = sk; 218 219 if (parent) 220 bt_accept_enqueue(parent, sk, true); 221} 222 223static int sco_chan_add(struct sco_conn *conn, struct sock *sk, 224 struct sock *parent) 225{ 226 int err = 0; 227 228 sco_conn_lock(conn); 229 if (conn->sk) 230 err = -EBUSY; 231 else 232 __sco_chan_add(conn, sk, parent); 233 234 sco_conn_unlock(conn); 235 return err; 236} 237 238static int sco_connect(struct hci_dev *hdev, struct sock *sk) 239{ 240 struct sco_conn *conn; 241 struct hci_conn *hcon; 242 int err, type; 243 244 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); 245 246 if (lmp_esco_capable(hdev) && !disable_esco) 247 type = ESCO_LINK; 248 else 249 type = SCO_LINK; 250 251 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT && 252 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) 253 return -EOPNOTSUPP; 254 255 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, 256 sco_pi(sk)->setting, &sco_pi(sk)->codec); 257 if (IS_ERR(hcon)) 258 return PTR_ERR(hcon); 259 260 conn = sco_conn_add(hcon); 261 if (!conn) { 262 hci_conn_drop(hcon); 263 return -ENOMEM; 264 } 265 266 /* Update source addr of the socket */ 267 bacpy(&sco_pi(sk)->src, &hcon->src); 268 269 err = sco_chan_add(conn, sk, NULL); 270 if (err) 271 return err; 272 273 if (hcon->state == BT_CONNECTED) { 274 sco_sock_clear_timer(sk); 275 sk->sk_state = BT_CONNECTED; 276 } else { 277 sk->sk_state = BT_CONNECT; 278 sco_sock_set_timer(sk, sk->sk_sndtimeo); 279 } 280 281 return err; 282} 283 284static int sco_send_frame(struct sock *sk, struct sk_buff *skb) 285{ 286 struct sco_conn *conn = sco_pi(sk)->conn; 287 int len = skb->len; 288 289 /* Check outgoing MTU */ 290 if (len > conn->mtu) 291 return -EINVAL; 292 293 BT_DBG("sk %p len %d", sk, len); 294 295 hci_send_sco(conn->hcon, skb); 296 297 return len; 298} 299 300static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb) 301{ 302 struct sock *sk; 303 304 sco_conn_lock(conn); 305 sk = conn->sk; 306 sco_conn_unlock(conn); 307 308 if (!sk) 309 goto drop; 310 311 BT_DBG("sk %p len %u", sk, skb->len); 312 313 if (sk->sk_state != BT_CONNECTED) 314 goto drop; 315 316 if (!sock_queue_rcv_skb(sk, skb)) 317 return; 318 319drop: 320 kfree_skb(skb); 321} 322 323/* -------- Socket interface ---------- */ 324static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba) 325{ 326 struct sock *sk; 327 328 sk_for_each(sk, &sco_sk_list.head) { 329 if (sk->sk_state != BT_LISTEN) 330 continue; 331 332 if (!bacmp(&sco_pi(sk)->src, ba)) 333 return sk; 334 } 335 336 return NULL; 337} 338 339/* Find socket listening on source bdaddr. 340 * Returns closest match. 341 */ 342static struct sock *sco_get_sock_listen(bdaddr_t *src) 343{ 344 struct sock *sk = NULL, *sk1 = NULL; 345 346 read_lock(&sco_sk_list.lock); 347 348 sk_for_each(sk, &sco_sk_list.head) { 349 if (sk->sk_state != BT_LISTEN) 350 continue; 351 352 /* Exact match. */ 353 if (!bacmp(&sco_pi(sk)->src, src)) 354 break; 355 356 /* Closest match */ 357 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY)) 358 sk1 = sk; 359 } 360 361 read_unlock(&sco_sk_list.lock); 362 363 return sk ? sk : sk1; 364} 365 366static void sco_sock_destruct(struct sock *sk) 367{ 368 BT_DBG("sk %p", sk); 369 370 skb_queue_purge(&sk->sk_receive_queue); 371 skb_queue_purge(&sk->sk_write_queue); 372} 373 374static void sco_sock_cleanup_listen(struct sock *parent) 375{ 376 struct sock *sk; 377 378 BT_DBG("parent %p", parent); 379 380 /* Close not yet accepted channels */ 381 while ((sk = bt_accept_dequeue(parent, NULL))) { 382 sco_sock_close(sk); 383 sco_sock_kill(sk); 384 } 385 386 parent->sk_state = BT_CLOSED; 387 sock_set_flag(parent, SOCK_ZAPPED); 388} 389 390/* Kill socket (only if zapped and orphan) 391 * Must be called on unlocked socket. 392 */ 393static void sco_sock_kill(struct sock *sk) 394{ 395 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 396 return; 397 398 BT_DBG("sk %p state %d", sk, sk->sk_state); 399 400 /* Kill poor orphan */ 401 bt_sock_unlink(&sco_sk_list, sk); 402 sock_set_flag(sk, SOCK_DEAD); 403 sock_put(sk); 404} 405 406static void __sco_sock_close(struct sock *sk) 407{ 408 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 409 410 switch (sk->sk_state) { 411 case BT_LISTEN: 412 sco_sock_cleanup_listen(sk); 413 break; 414 415 case BT_CONNECTED: 416 case BT_CONFIG: 417 if (sco_pi(sk)->conn->hcon) { 418 sk->sk_state = BT_DISCONN; 419 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 420 sco_conn_lock(sco_pi(sk)->conn); 421 hci_conn_drop(sco_pi(sk)->conn->hcon); 422 sco_pi(sk)->conn->hcon = NULL; 423 sco_conn_unlock(sco_pi(sk)->conn); 424 } else 425 sco_chan_del(sk, ECONNRESET); 426 break; 427 428 case BT_CONNECT2: 429 case BT_CONNECT: 430 case BT_DISCONN: 431 sco_chan_del(sk, ECONNRESET); 432 break; 433 434 default: 435 sock_set_flag(sk, SOCK_ZAPPED); 436 break; 437 } 438 439} 440 441/* Must be called on unlocked socket. */ 442static void sco_sock_close(struct sock *sk) 443{ 444 lock_sock(sk); 445 sco_sock_clear_timer(sk); 446 __sco_sock_close(sk); 447 release_sock(sk); 448} 449 450static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg, 451 struct sock *sk) 452{ 453 if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS) 454 put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS, 455 sizeof(bt_cb(skb)->sco.pkt_status), 456 &bt_cb(skb)->sco.pkt_status); 457} 458 459static void sco_sock_init(struct sock *sk, struct sock *parent) 460{ 461 BT_DBG("sk %p", sk); 462 463 if (parent) { 464 sk->sk_type = parent->sk_type; 465 bt_sk(sk)->flags = bt_sk(parent)->flags; 466 security_sk_clone(parent, sk); 467 } else { 468 bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg; 469 } 470} 471 472static struct proto sco_proto = { 473 .name = "SCO", 474 .owner = THIS_MODULE, 475 .obj_size = sizeof(struct sco_pinfo) 476}; 477 478static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, 479 int proto, gfp_t prio, int kern) 480{ 481 struct sock *sk; 482 483 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern); 484 if (!sk) 485 return NULL; 486 487 sock_init_data(sock, sk); 488 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 489 490 sk->sk_destruct = sco_sock_destruct; 491 sk->sk_sndtimeo = SCO_CONN_TIMEOUT; 492 493 sock_reset_flag(sk, SOCK_ZAPPED); 494 495 sk->sk_protocol = proto; 496 sk->sk_state = BT_OPEN; 497 498 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; 499 sco_pi(sk)->codec.id = BT_CODEC_CVSD; 500 sco_pi(sk)->codec.cid = 0xffff; 501 sco_pi(sk)->codec.vid = 0xffff; 502 sco_pi(sk)->codec.data_path = 0x00; 503 504 bt_sock_link(&sco_sk_list, sk); 505 return sk; 506} 507 508static int sco_sock_create(struct net *net, struct socket *sock, int protocol, 509 int kern) 510{ 511 struct sock *sk; 512 513 BT_DBG("sock %p", sock); 514 515 sock->state = SS_UNCONNECTED; 516 517 if (sock->type != SOCK_SEQPACKET) 518 return -ESOCKTNOSUPPORT; 519 520 sock->ops = &sco_sock_ops; 521 522 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 523 if (!sk) 524 return -ENOMEM; 525 526 sco_sock_init(sk, NULL); 527 return 0; 528} 529 530static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, 531 int addr_len) 532{ 533 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 534 struct sock *sk = sock->sk; 535 int err = 0; 536 537 if (!addr || addr_len < sizeof(struct sockaddr_sco) || 538 addr->sa_family != AF_BLUETOOTH) 539 return -EINVAL; 540 541 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr); 542 543 lock_sock(sk); 544 545 if (sk->sk_state != BT_OPEN) { 546 err = -EBADFD; 547 goto done; 548 } 549 550 if (sk->sk_type != SOCK_SEQPACKET) { 551 err = -EINVAL; 552 goto done; 553 } 554 555 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr); 556 557 sk->sk_state = BT_BOUND; 558 559done: 560 release_sock(sk); 561 return err; 562} 563 564static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 565{ 566 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 567 struct sock *sk = sock->sk; 568 struct hci_dev *hdev; 569 int err; 570 571 BT_DBG("sk %p", sk); 572 573 if (alen < sizeof(struct sockaddr_sco) || 574 addr->sa_family != AF_BLUETOOTH) 575 return -EINVAL; 576 577 lock_sock(sk); 578 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 579 err = -EBADFD; 580 goto done; 581 } 582 583 if (sk->sk_type != SOCK_SEQPACKET) { 584 err = -EINVAL; 585 goto done; 586 } 587 588 hdev = hci_get_route(&sa->sco_bdaddr, &sco_pi(sk)->src, BDADDR_BREDR); 589 if (!hdev) { 590 err = -EHOSTUNREACH; 591 goto done; 592 } 593 hci_dev_lock(hdev); 594 595 /* Set destination address and psm */ 596 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); 597 598 err = sco_connect(hdev, sk); 599 hci_dev_unlock(hdev); 600 hci_dev_put(hdev); 601 if (err) 602 goto done; 603 604 err = bt_sock_wait_state(sk, BT_CONNECTED, 605 sock_sndtimeo(sk, flags & O_NONBLOCK)); 606 607done: 608 release_sock(sk); 609 return err; 610} 611 612static int sco_sock_listen(struct socket *sock, int backlog) 613{ 614 struct sock *sk = sock->sk; 615 bdaddr_t *src = &sco_pi(sk)->src; 616 int err = 0; 617 618 BT_DBG("sk %p backlog %d", sk, backlog); 619 620 lock_sock(sk); 621 622 if (sk->sk_state != BT_BOUND) { 623 err = -EBADFD; 624 goto done; 625 } 626 627 if (sk->sk_type != SOCK_SEQPACKET) { 628 err = -EINVAL; 629 goto done; 630 } 631 632 write_lock(&sco_sk_list.lock); 633 634 if (__sco_get_sock_listen_by_addr(src)) { 635 err = -EADDRINUSE; 636 goto unlock; 637 } 638 639 sk->sk_max_ack_backlog = backlog; 640 sk->sk_ack_backlog = 0; 641 642 sk->sk_state = BT_LISTEN; 643 644unlock: 645 write_unlock(&sco_sk_list.lock); 646 647done: 648 release_sock(sk); 649 return err; 650} 651 652static int sco_sock_accept(struct socket *sock, struct socket *newsock, 653 int flags, bool kern) 654{ 655 DEFINE_WAIT_FUNC(wait, woken_wake_function); 656 struct sock *sk = sock->sk, *ch; 657 long timeo; 658 int err = 0; 659 660 lock_sock(sk); 661 662 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 663 664 BT_DBG("sk %p timeo %ld", sk, timeo); 665 666 /* Wait for an incoming connection. (wake-one). */ 667 add_wait_queue_exclusive(sk_sleep(sk), &wait); 668 while (1) { 669 if (sk->sk_state != BT_LISTEN) { 670 err = -EBADFD; 671 break; 672 } 673 674 ch = bt_accept_dequeue(sk, newsock); 675 if (ch) 676 break; 677 678 if (!timeo) { 679 err = -EAGAIN; 680 break; 681 } 682 683 if (signal_pending(current)) { 684 err = sock_intr_errno(timeo); 685 break; 686 } 687 688 release_sock(sk); 689 690 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 691 lock_sock(sk); 692 } 693 remove_wait_queue(sk_sleep(sk), &wait); 694 695 if (err) 696 goto done; 697 698 newsock->state = SS_CONNECTED; 699 700 BT_DBG("new socket %p", ch); 701 702done: 703 release_sock(sk); 704 return err; 705} 706 707static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, 708 int peer) 709{ 710 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 711 struct sock *sk = sock->sk; 712 713 BT_DBG("sock %p, sk %p", sock, sk); 714 715 addr->sa_family = AF_BLUETOOTH; 716 717 if (peer) 718 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst); 719 else 720 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src); 721 722 return sizeof(struct sockaddr_sco); 723} 724 725static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, 726 size_t len) 727{ 728 struct sock *sk = sock->sk; 729 struct sk_buff *skb; 730 int err; 731 732 BT_DBG("sock %p, sk %p", sock, sk); 733 734 err = sock_error(sk); 735 if (err) 736 return err; 737 738 if (msg->msg_flags & MSG_OOB) 739 return -EOPNOTSUPP; 740 741 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0); 742 if (IS_ERR(skb)) 743 return PTR_ERR(skb); 744 745 lock_sock(sk); 746 747 if (sk->sk_state == BT_CONNECTED) 748 err = sco_send_frame(sk, skb); 749 else 750 err = -ENOTCONN; 751 752 release_sock(sk); 753 754 if (err < 0) 755 kfree_skb(skb); 756 return err; 757} 758 759static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) 760{ 761 struct hci_dev *hdev = conn->hdev; 762 763 BT_DBG("conn %p", conn); 764 765 conn->state = BT_CONFIG; 766 767 if (!lmp_esco_capable(hdev)) { 768 struct hci_cp_accept_conn_req cp; 769 770 bacpy(&cp.bdaddr, &conn->dst); 771 cp.role = 0x00; /* Ignored */ 772 773 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 774 } else { 775 struct hci_cp_accept_sync_conn_req cp; 776 777 bacpy(&cp.bdaddr, &conn->dst); 778 cp.pkt_type = cpu_to_le16(conn->pkt_type); 779 780 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 781 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 782 cp.content_format = cpu_to_le16(setting); 783 784 switch (setting & SCO_AIRMODE_MASK) { 785 case SCO_AIRMODE_TRANSP: 786 if (conn->pkt_type & ESCO_2EV3) 787 cp.max_latency = cpu_to_le16(0x0008); 788 else 789 cp.max_latency = cpu_to_le16(0x000D); 790 cp.retrans_effort = 0x02; 791 break; 792 case SCO_AIRMODE_CVSD: 793 cp.max_latency = cpu_to_le16(0xffff); 794 cp.retrans_effort = 0xff; 795 break; 796 default: 797 /* use CVSD settings as fallback */ 798 cp.max_latency = cpu_to_le16(0xffff); 799 cp.retrans_effort = 0xff; 800 break; 801 } 802 803 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 804 sizeof(cp), &cp); 805 } 806} 807 808static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg, 809 size_t len, int flags) 810{ 811 struct sock *sk = sock->sk; 812 struct sco_pinfo *pi = sco_pi(sk); 813 814 lock_sock(sk); 815 816 if (sk->sk_state == BT_CONNECT2 && 817 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 818 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 819 sk->sk_state = BT_CONFIG; 820 821 release_sock(sk); 822 return 0; 823 } 824 825 release_sock(sk); 826 827 return bt_sock_recvmsg(sock, msg, len, flags); 828} 829 830static int sco_sock_setsockopt(struct socket *sock, int level, int optname, 831 sockptr_t optval, unsigned int optlen) 832{ 833 struct sock *sk = sock->sk; 834 int len, err = 0; 835 struct bt_voice voice; 836 u32 opt; 837 struct bt_codecs *codecs; 838 struct hci_dev *hdev; 839 __u8 buffer[255]; 840 841 BT_DBG("sk %p", sk); 842 843 lock_sock(sk); 844 845 switch (optname) { 846 847 case BT_DEFER_SETUP: 848 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 849 err = -EINVAL; 850 break; 851 } 852 853 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 854 err = -EFAULT; 855 break; 856 } 857 858 if (opt) 859 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 860 else 861 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 862 break; 863 864 case BT_VOICE: 865 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 866 sk->sk_state != BT_CONNECT2) { 867 err = -EINVAL; 868 break; 869 } 870 871 voice.setting = sco_pi(sk)->setting; 872 873 len = min_t(unsigned int, sizeof(voice), optlen); 874 if (copy_from_sockptr(&voice, optval, len)) { 875 err = -EFAULT; 876 break; 877 } 878 879 /* Explicitly check for these values */ 880 if (voice.setting != BT_VOICE_TRANSPARENT && 881 voice.setting != BT_VOICE_CVSD_16BIT) { 882 err = -EINVAL; 883 break; 884 } 885 886 sco_pi(sk)->setting = voice.setting; 887 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 888 BDADDR_BREDR); 889 if (!hdev) { 890 err = -EBADFD; 891 break; 892 } 893 if (enhanced_sync_conn_capable(hdev) && 894 voice.setting == BT_VOICE_TRANSPARENT) 895 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT; 896 hci_dev_put(hdev); 897 break; 898 899 case BT_PKT_STATUS: 900 if (copy_from_sockptr(&opt, optval, sizeof(u32))) { 901 err = -EFAULT; 902 break; 903 } 904 905 if (opt) 906 sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS; 907 else 908 sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS; 909 break; 910 911 case BT_CODEC: 912 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 913 sk->sk_state != BT_CONNECT2) { 914 err = -EINVAL; 915 break; 916 } 917 918 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, 919 BDADDR_BREDR); 920 if (!hdev) { 921 err = -EBADFD; 922 break; 923 } 924 925 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 926 hci_dev_put(hdev); 927 err = -EOPNOTSUPP; 928 break; 929 } 930 931 if (!hdev->get_data_path_id) { 932 hci_dev_put(hdev); 933 err = -EOPNOTSUPP; 934 break; 935 } 936 937 if (optlen < sizeof(struct bt_codecs) || 938 optlen > sizeof(buffer)) { 939 hci_dev_put(hdev); 940 err = -EINVAL; 941 break; 942 } 943 944 if (copy_from_sockptr(buffer, optval, optlen)) { 945 hci_dev_put(hdev); 946 err = -EFAULT; 947 break; 948 } 949 950 codecs = (void *)buffer; 951 952 if (codecs->num_codecs > 1) { 953 hci_dev_put(hdev); 954 err = -EINVAL; 955 break; 956 } 957 958 sco_pi(sk)->codec = codecs->codecs[0]; 959 hci_dev_put(hdev); 960 break; 961 962 default: 963 err = -ENOPROTOOPT; 964 break; 965 } 966 967 release_sock(sk); 968 return err; 969} 970 971static int sco_sock_getsockopt_old(struct socket *sock, int optname, 972 char __user *optval, int __user *optlen) 973{ 974 struct sock *sk = sock->sk; 975 struct sco_options opts; 976 struct sco_conninfo cinfo; 977 int len, err = 0; 978 979 BT_DBG("sk %p", sk); 980 981 if (get_user(len, optlen)) 982 return -EFAULT; 983 984 lock_sock(sk); 985 986 switch (optname) { 987 case SCO_OPTIONS: 988 if (sk->sk_state != BT_CONNECTED && 989 !(sk->sk_state == BT_CONNECT2 && 990 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 991 err = -ENOTCONN; 992 break; 993 } 994 995 opts.mtu = sco_pi(sk)->conn->mtu; 996 997 BT_DBG("mtu %u", opts.mtu); 998 999 len = min_t(unsigned int, len, sizeof(opts)); 1000 if (copy_to_user(optval, (char *)&opts, len)) 1001 err = -EFAULT; 1002 1003 break; 1004 1005 case SCO_CONNINFO: 1006 if (sk->sk_state != BT_CONNECTED && 1007 !(sk->sk_state == BT_CONNECT2 && 1008 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) { 1009 err = -ENOTCONN; 1010 break; 1011 } 1012 1013 memset(&cinfo, 0, sizeof(cinfo)); 1014 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; 1015 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); 1016 1017 len = min_t(unsigned int, len, sizeof(cinfo)); 1018 if (copy_to_user(optval, (char *)&cinfo, len)) 1019 err = -EFAULT; 1020 1021 break; 1022 1023 default: 1024 err = -ENOPROTOOPT; 1025 break; 1026 } 1027 1028 release_sock(sk); 1029 return err; 1030} 1031 1032static int sco_sock_getsockopt(struct socket *sock, int level, int optname, 1033 char __user *optval, int __user *optlen) 1034{ 1035 struct sock *sk = sock->sk; 1036 int len, err = 0; 1037 struct bt_voice voice; 1038 u32 phys; 1039 int pkt_status; 1040 int buf_len; 1041 struct codec_list *c; 1042 u8 num_codecs, i, __user *ptr; 1043 struct hci_dev *hdev; 1044 struct hci_codec_caps *caps; 1045 struct bt_codec codec; 1046 1047 BT_DBG("sk %p", sk); 1048 1049 if (level == SOL_SCO) 1050 return sco_sock_getsockopt_old(sock, optname, optval, optlen); 1051 1052 if (get_user(len, optlen)) 1053 return -EFAULT; 1054 1055 lock_sock(sk); 1056 1057 switch (optname) { 1058 1059 case BT_DEFER_SETUP: 1060 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1061 err = -EINVAL; 1062 break; 1063 } 1064 1065 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1066 (u32 __user *)optval)) 1067 err = -EFAULT; 1068 1069 break; 1070 1071 case BT_VOICE: 1072 voice.setting = sco_pi(sk)->setting; 1073 1074 len = min_t(unsigned int, len, sizeof(voice)); 1075 if (copy_to_user(optval, (char *)&voice, len)) 1076 err = -EFAULT; 1077 1078 break; 1079 1080 case BT_PHY: 1081 if (sk->sk_state != BT_CONNECTED) { 1082 err = -ENOTCONN; 1083 break; 1084 } 1085 1086 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon); 1087 1088 if (put_user(phys, (u32 __user *) optval)) 1089 err = -EFAULT; 1090 break; 1091 1092 case BT_PKT_STATUS: 1093 pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS); 1094 1095 if (put_user(pkt_status, (int __user *)optval)) 1096 err = -EFAULT; 1097 break; 1098 1099 case BT_SNDMTU: 1100 case BT_RCVMTU: 1101 if (sk->sk_state != BT_CONNECTED) { 1102 err = -ENOTCONN; 1103 break; 1104 } 1105 1106 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval)) 1107 err = -EFAULT; 1108 break; 1109 1110 case BT_CODEC: 1111 num_codecs = 0; 1112 buf_len = 0; 1113 1114 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); 1115 if (!hdev) { 1116 err = -EBADFD; 1117 break; 1118 } 1119 1120 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) { 1121 hci_dev_put(hdev); 1122 err = -EOPNOTSUPP; 1123 break; 1124 } 1125 1126 if (!hdev->get_data_path_id) { 1127 hci_dev_put(hdev); 1128 err = -EOPNOTSUPP; 1129 break; 1130 } 1131 1132 /* find total buffer size required to copy codec + caps */ 1133 hci_dev_lock(hdev); 1134 list_for_each_entry(c, &hdev->local_codecs, list) { 1135 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1136 continue; 1137 num_codecs++; 1138 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1139 buf_len += 1 + caps->len; 1140 caps = (void *)&caps->data[caps->len]; 1141 } 1142 buf_len += sizeof(struct bt_codec); 1143 } 1144 hci_dev_unlock(hdev); 1145 1146 buf_len += sizeof(struct bt_codecs); 1147 if (buf_len > len) { 1148 hci_dev_put(hdev); 1149 err = -ENOBUFS; 1150 break; 1151 } 1152 ptr = optval; 1153 1154 if (put_user(num_codecs, ptr)) { 1155 hci_dev_put(hdev); 1156 err = -EFAULT; 1157 break; 1158 } 1159 ptr += sizeof(num_codecs); 1160 1161 /* Iterate all the codecs supported over SCO and populate 1162 * codec data 1163 */ 1164 hci_dev_lock(hdev); 1165 list_for_each_entry(c, &hdev->local_codecs, list) { 1166 if (c->transport != HCI_TRANSPORT_SCO_ESCO) 1167 continue; 1168 1169 codec.id = c->id; 1170 codec.cid = c->cid; 1171 codec.vid = c->vid; 1172 err = hdev->get_data_path_id(hdev, &codec.data_path); 1173 if (err < 0) 1174 break; 1175 codec.num_caps = c->num_caps; 1176 if (copy_to_user(ptr, &codec, sizeof(codec))) { 1177 err = -EFAULT; 1178 break; 1179 } 1180 ptr += sizeof(codec); 1181 1182 /* find codec capabilities data length */ 1183 len = 0; 1184 for (i = 0, caps = c->caps; i < c->num_caps; i++) { 1185 len += 1 + caps->len; 1186 caps = (void *)&caps->data[caps->len]; 1187 } 1188 1189 /* copy codec capabilities data */ 1190 if (len && copy_to_user(ptr, c->caps, len)) { 1191 err = -EFAULT; 1192 break; 1193 } 1194 ptr += len; 1195 } 1196 1197 if (!err && put_user(buf_len, optlen)) 1198 err = -EFAULT; 1199 1200 hci_dev_unlock(hdev); 1201 hci_dev_put(hdev); 1202 1203 break; 1204 1205 default: 1206 err = -ENOPROTOOPT; 1207 break; 1208 } 1209 1210 release_sock(sk); 1211 return err; 1212} 1213 1214static int sco_sock_shutdown(struct socket *sock, int how) 1215{ 1216 struct sock *sk = sock->sk; 1217 int err = 0; 1218 1219 BT_DBG("sock %p, sk %p", sock, sk); 1220 1221 if (!sk) 1222 return 0; 1223 1224 sock_hold(sk); 1225 lock_sock(sk); 1226 1227 if (!sk->sk_shutdown) { 1228 sk->sk_shutdown = SHUTDOWN_MASK; 1229 sco_sock_clear_timer(sk); 1230 __sco_sock_close(sk); 1231 1232 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1233 !(current->flags & PF_EXITING)) 1234 err = bt_sock_wait_state(sk, BT_CLOSED, 1235 sk->sk_lingertime); 1236 } 1237 1238 release_sock(sk); 1239 sock_put(sk); 1240 1241 return err; 1242} 1243 1244static int sco_sock_release(struct socket *sock) 1245{ 1246 struct sock *sk = sock->sk; 1247 int err = 0; 1248 1249 BT_DBG("sock %p, sk %p", sock, sk); 1250 1251 if (!sk) 1252 return 0; 1253 1254 sco_sock_close(sk); 1255 1256 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1257 !(current->flags & PF_EXITING)) { 1258 lock_sock(sk); 1259 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1260 release_sock(sk); 1261 } 1262 1263 sock_orphan(sk); 1264 sco_sock_kill(sk); 1265 return err; 1266} 1267 1268static void sco_conn_ready(struct sco_conn *conn) 1269{ 1270 struct sock *parent; 1271 struct sock *sk = conn->sk; 1272 1273 BT_DBG("conn %p", conn); 1274 1275 if (sk) { 1276 lock_sock(sk); 1277 sco_sock_clear_timer(sk); 1278 sk->sk_state = BT_CONNECTED; 1279 sk->sk_state_change(sk); 1280 release_sock(sk); 1281 } else { 1282 sco_conn_lock(conn); 1283 1284 if (!conn->hcon) { 1285 sco_conn_unlock(conn); 1286 return; 1287 } 1288 1289 parent = sco_get_sock_listen(&conn->hcon->src); 1290 if (!parent) { 1291 sco_conn_unlock(conn); 1292 return; 1293 } 1294 1295 lock_sock(parent); 1296 1297 sk = sco_sock_alloc(sock_net(parent), NULL, 1298 BTPROTO_SCO, GFP_ATOMIC, 0); 1299 if (!sk) { 1300 release_sock(parent); 1301 sco_conn_unlock(conn); 1302 return; 1303 } 1304 1305 sco_sock_init(sk, parent); 1306 1307 bacpy(&sco_pi(sk)->src, &conn->hcon->src); 1308 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst); 1309 1310 hci_conn_hold(conn->hcon); 1311 __sco_chan_add(conn, sk, parent); 1312 1313 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1314 sk->sk_state = BT_CONNECT2; 1315 else 1316 sk->sk_state = BT_CONNECTED; 1317 1318 /* Wake up parent */ 1319 parent->sk_data_ready(parent); 1320 1321 release_sock(parent); 1322 1323 sco_conn_unlock(conn); 1324 } 1325} 1326 1327/* ----- SCO interface with lower layer (HCI) ----- */ 1328int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1329{ 1330 struct sock *sk; 1331 int lm = 0; 1332 1333 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); 1334 1335 /* Find listening sockets */ 1336 read_lock(&sco_sk_list.lock); 1337 sk_for_each(sk, &sco_sk_list.head) { 1338 if (sk->sk_state != BT_LISTEN) 1339 continue; 1340 1341 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) || 1342 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) { 1343 lm |= HCI_LM_ACCEPT; 1344 1345 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1346 *flags |= HCI_PROTO_DEFER; 1347 break; 1348 } 1349 } 1350 read_unlock(&sco_sk_list.lock); 1351 1352 return lm; 1353} 1354 1355static void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 1356{ 1357 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1358 return; 1359 1360 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status); 1361 1362 if (!status) { 1363 struct sco_conn *conn; 1364 1365 conn = sco_conn_add(hcon); 1366 if (conn) 1367 sco_conn_ready(conn); 1368 } else 1369 sco_conn_del(hcon, bt_to_errno(status)); 1370} 1371 1372static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) 1373{ 1374 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) 1375 return; 1376 1377 BT_DBG("hcon %p reason %d", hcon, reason); 1378 1379 sco_conn_del(hcon, bt_to_errno(reason)); 1380} 1381 1382void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb) 1383{ 1384 struct sco_conn *conn = hcon->sco_data; 1385 1386 if (!conn) 1387 goto drop; 1388 1389 BT_DBG("conn %p len %u", conn, skb->len); 1390 1391 if (skb->len) { 1392 sco_recv_frame(conn, skb); 1393 return; 1394 } 1395 1396drop: 1397 kfree_skb(skb); 1398} 1399 1400static struct hci_cb sco_cb = { 1401 .name = "SCO", 1402 .connect_cfm = sco_connect_cfm, 1403 .disconn_cfm = sco_disconn_cfm, 1404}; 1405 1406static int sco_debugfs_show(struct seq_file *f, void *p) 1407{ 1408 struct sock *sk; 1409 1410 read_lock(&sco_sk_list.lock); 1411 1412 sk_for_each(sk, &sco_sk_list.head) { 1413 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src, 1414 &sco_pi(sk)->dst, sk->sk_state); 1415 } 1416 1417 read_unlock(&sco_sk_list.lock); 1418 1419 return 0; 1420} 1421 1422DEFINE_SHOW_ATTRIBUTE(sco_debugfs); 1423 1424static struct dentry *sco_debugfs; 1425 1426static const struct proto_ops sco_sock_ops = { 1427 .family = PF_BLUETOOTH, 1428 .owner = THIS_MODULE, 1429 .release = sco_sock_release, 1430 .bind = sco_sock_bind, 1431 .connect = sco_sock_connect, 1432 .listen = sco_sock_listen, 1433 .accept = sco_sock_accept, 1434 .getname = sco_sock_getname, 1435 .sendmsg = sco_sock_sendmsg, 1436 .recvmsg = sco_sock_recvmsg, 1437 .poll = bt_sock_poll, 1438 .ioctl = bt_sock_ioctl, 1439 .gettstamp = sock_gettstamp, 1440 .mmap = sock_no_mmap, 1441 .socketpair = sock_no_socketpair, 1442 .shutdown = sco_sock_shutdown, 1443 .setsockopt = sco_sock_setsockopt, 1444 .getsockopt = sco_sock_getsockopt 1445}; 1446 1447static const struct net_proto_family sco_sock_family_ops = { 1448 .family = PF_BLUETOOTH, 1449 .owner = THIS_MODULE, 1450 .create = sco_sock_create, 1451}; 1452 1453int __init sco_init(void) 1454{ 1455 int err; 1456 1457 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr)); 1458 1459 err = proto_register(&sco_proto, 0); 1460 if (err < 0) 1461 return err; 1462 1463 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops); 1464 if (err < 0) { 1465 BT_ERR("SCO socket registration failed"); 1466 goto error; 1467 } 1468 1469 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL); 1470 if (err < 0) { 1471 BT_ERR("Failed to create SCO proc file"); 1472 bt_sock_unregister(BTPROTO_SCO); 1473 goto error; 1474 } 1475 1476 BT_INFO("SCO socket layer initialized"); 1477 1478 hci_register_cb(&sco_cb); 1479 1480 if (IS_ERR_OR_NULL(bt_debugfs)) 1481 return 0; 1482 1483 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs, 1484 NULL, &sco_debugfs_fops); 1485 1486 return 0; 1487 1488error: 1489 proto_unregister(&sco_proto); 1490 return err; 1491} 1492 1493void sco_exit(void) 1494{ 1495 bt_procfs_cleanup(&init_net, "sco"); 1496 1497 debugfs_remove(sco_debugfs); 1498 1499 hci_unregister_cb(&sco_cb); 1500 1501 bt_sock_unregister(BTPROTO_SCO); 1502 1503 proto_unregister(&sco_proto); 1504} 1505 1506module_param(disable_esco, bool, 0644); 1507MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");