1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/module.h>
28#include <linux/debugfs.h>
29#include <linux/seq_file.h>
30#include <linux/sched/signal.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/sco.h>
35
36static bool disable_esco;
37
38static const struct proto_ops sco_sock_ops;
39
40static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42};
43
44
45struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 unsigned int mtu;
52};
53
54#define sco_conn_lock(c) spin_lock(&c->lock)
55#define sco_conn_unlock(c) spin_unlock(&c->lock)
56
57static void sco_sock_close(struct sock *sk);
58static void sco_sock_kill(struct sock *sk);
59
60
61#define sco_pi(sk) ((struct sco_pinfo *) sk)
62
63struct sco_pinfo {
64 struct bt_sock bt;
65 bdaddr_t src;
66 bdaddr_t dst;
67 __u32 flags;
68 __u16 setting;
69 __u8 cmsg_mask;
70 struct sco_conn *conn;
71};
72
73
74#define SCO_CONN_TIMEOUT (HZ * 40)
75#define SCO_DISCONN_TIMEOUT (HZ * 2)
76
77static void sco_sock_timeout(struct timer_list *t)
78{
79 struct sock *sk = from_timer(sk, t, sk_timer);
80
81 BT_DBG("sock %p state %d", sk, sk->sk_state);
82
83 bh_lock_sock(sk);
84 sk->sk_err = ETIMEDOUT;
85 sk->sk_state_change(sk);
86 bh_unlock_sock(sk);
87
88 sco_sock_kill(sk);
89 sock_put(sk);
90}
91
92static void sco_sock_set_timer(struct sock *sk, long timeout)
93{
94 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
95 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
96}
97
98static void sco_sock_clear_timer(struct sock *sk)
99{
100 BT_DBG("sock %p state %d", sk, sk->sk_state);
101 sk_stop_timer(sk, &sk->sk_timer);
102}
103
104
105static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
106{
107 struct hci_dev *hdev = hcon->hdev;
108 struct sco_conn *conn = hcon->sco_data;
109
110 if (conn)
111 return conn;
112
113 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
114 if (!conn)
115 return NULL;
116
117 spin_lock_init(&conn->lock);
118
119 hcon->sco_data = conn;
120 conn->hcon = hcon;
121
122 if (hdev->sco_mtu > 0)
123 conn->mtu = hdev->sco_mtu;
124 else
125 conn->mtu = 60;
126
127 BT_DBG("hcon %p conn %p", hcon, conn);
128
129 return conn;
130}
131
132
133
134static void sco_chan_del(struct sock *sk, int err)
135{
136 struct sco_conn *conn;
137
138 conn = sco_pi(sk)->conn;
139
140 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
141
142 if (conn) {
143 sco_conn_lock(conn);
144 conn->sk = NULL;
145 sco_pi(sk)->conn = NULL;
146 sco_conn_unlock(conn);
147
148 if (conn->hcon)
149 hci_conn_drop(conn->hcon);
150 }
151
152 sk->sk_state = BT_CLOSED;
153 sk->sk_err = err;
154 sk->sk_state_change(sk);
155
156 sock_set_flag(sk, SOCK_ZAPPED);
157}
158
159static void sco_conn_del(struct hci_conn *hcon, int err)
160{
161 struct sco_conn *conn = hcon->sco_data;
162 struct sock *sk;
163
164 if (!conn)
165 return;
166
167 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
168
169
170 sco_conn_lock(conn);
171 sk = conn->sk;
172 sco_conn_unlock(conn);
173
174 if (sk) {
175 sock_hold(sk);
176 bh_lock_sock(sk);
177 sco_sock_clear_timer(sk);
178 sco_chan_del(sk, err);
179 bh_unlock_sock(sk);
180 sco_sock_kill(sk);
181 sock_put(sk);
182 }
183
184 hcon->sco_data = NULL;
185 kfree(conn);
186}
187
188static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
189 struct sock *parent)
190{
191 BT_DBG("conn %p", conn);
192
193 sco_pi(sk)->conn = conn;
194 conn->sk = sk;
195
196 if (parent)
197 bt_accept_enqueue(parent, sk, true);
198}
199
200static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
201 struct sock *parent)
202{
203 int err = 0;
204
205 sco_conn_lock(conn);
206 if (conn->sk)
207 err = -EBUSY;
208 else
209 __sco_chan_add(conn, sk, parent);
210
211 sco_conn_unlock(conn);
212 return err;
213}
214
215static int sco_connect(struct sock *sk)
216{
217 struct sco_conn *conn;
218 struct hci_conn *hcon;
219 struct hci_dev *hdev;
220 int err, type;
221
222 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
223
224 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
225 if (!hdev)
226 return -EHOSTUNREACH;
227
228 hci_dev_lock(hdev);
229
230 if (lmp_esco_capable(hdev) && !disable_esco)
231 type = ESCO_LINK;
232 else
233 type = SCO_LINK;
234
235 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
236 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
237 err = -EOPNOTSUPP;
238 goto done;
239 }
240
241 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
242 sco_pi(sk)->setting);
243 if (IS_ERR(hcon)) {
244 err = PTR_ERR(hcon);
245 goto done;
246 }
247
248 conn = sco_conn_add(hcon);
249 if (!conn) {
250 hci_conn_drop(hcon);
251 err = -ENOMEM;
252 goto done;
253 }
254
255
256 bacpy(&sco_pi(sk)->src, &hcon->src);
257
258 err = sco_chan_add(conn, sk, NULL);
259 if (err)
260 goto done;
261
262 if (hcon->state == BT_CONNECTED) {
263 sco_sock_clear_timer(sk);
264 sk->sk_state = BT_CONNECTED;
265 } else {
266 sk->sk_state = BT_CONNECT;
267 sco_sock_set_timer(sk, sk->sk_sndtimeo);
268 }
269
270done:
271 hci_dev_unlock(hdev);
272 hci_dev_put(hdev);
273 return err;
274}
275
276static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
277{
278 struct sco_conn *conn = sco_pi(sk)->conn;
279 struct sk_buff *skb;
280 int err;
281
282
283 if (len > conn->mtu)
284 return -EINVAL;
285
286 BT_DBG("sk %p len %d", sk, len);
287
288 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
289 if (!skb)
290 return err;
291
292 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
293 kfree_skb(skb);
294 return -EFAULT;
295 }
296
297 hci_send_sco(conn->hcon, skb);
298
299 return len;
300}
301
302static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
303{
304 struct sock *sk;
305
306 sco_conn_lock(conn);
307 sk = conn->sk;
308 sco_conn_unlock(conn);
309
310 if (!sk)
311 goto drop;
312
313 BT_DBG("sk %p len %u", sk, skb->len);
314
315 if (sk->sk_state != BT_CONNECTED)
316 goto drop;
317
318 if (!sock_queue_rcv_skb(sk, skb))
319 return;
320
321drop:
322 kfree_skb(skb);
323}
324
325
326static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
327{
328 struct sock *sk;
329
330 sk_for_each(sk, &sco_sk_list.head) {
331 if (sk->sk_state != BT_LISTEN)
332 continue;
333
334 if (!bacmp(&sco_pi(sk)->src, ba))
335 return sk;
336 }
337
338 return NULL;
339}
340
341
342
343
344static struct sock *sco_get_sock_listen(bdaddr_t *src)
345{
346 struct sock *sk = NULL, *sk1 = NULL;
347
348 read_lock(&sco_sk_list.lock);
349
350 sk_for_each(sk, &sco_sk_list.head) {
351 if (sk->sk_state != BT_LISTEN)
352 continue;
353
354
355 if (!bacmp(&sco_pi(sk)->src, src))
356 break;
357
358
359 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
360 sk1 = sk;
361 }
362
363 read_unlock(&sco_sk_list.lock);
364
365 return sk ? sk : sk1;
366}
367
368static void sco_sock_destruct(struct sock *sk)
369{
370 BT_DBG("sk %p", sk);
371
372 skb_queue_purge(&sk->sk_receive_queue);
373 skb_queue_purge(&sk->sk_write_queue);
374}
375
376static void sco_sock_cleanup_listen(struct sock *parent)
377{
378 struct sock *sk;
379
380 BT_DBG("parent %p", parent);
381
382
383 while ((sk = bt_accept_dequeue(parent, NULL))) {
384 sco_sock_close(sk);
385 sco_sock_kill(sk);
386 }
387
388 parent->sk_state = BT_CLOSED;
389 sock_set_flag(parent, SOCK_ZAPPED);
390}
391
392
393
394
395static void sco_sock_kill(struct sock *sk)
396{
397 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
398 sock_flag(sk, SOCK_DEAD))
399 return;
400
401 BT_DBG("sk %p state %d", sk, sk->sk_state);
402
403
404 bt_sock_unlink(&sco_sk_list, sk);
405 sock_set_flag(sk, SOCK_DEAD);
406 sock_put(sk);
407}
408
409static void __sco_sock_close(struct sock *sk)
410{
411 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
412
413 switch (sk->sk_state) {
414 case BT_LISTEN:
415 sco_sock_cleanup_listen(sk);
416 break;
417
418 case BT_CONNECTED:
419 case BT_CONFIG:
420 if (sco_pi(sk)->conn->hcon) {
421 sk->sk_state = BT_DISCONN;
422 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
423 sco_conn_lock(sco_pi(sk)->conn);
424 hci_conn_drop(sco_pi(sk)->conn->hcon);
425 sco_pi(sk)->conn->hcon = NULL;
426 sco_conn_unlock(sco_pi(sk)->conn);
427 } else
428 sco_chan_del(sk, ECONNRESET);
429 break;
430
431 case BT_CONNECT2:
432 case BT_CONNECT:
433 case BT_DISCONN:
434 sco_chan_del(sk, ECONNRESET);
435 break;
436
437 default:
438 sock_set_flag(sk, SOCK_ZAPPED);
439 break;
440 }
441}
442
443
444static void sco_sock_close(struct sock *sk)
445{
446 sco_sock_clear_timer(sk);
447 lock_sock(sk);
448 __sco_sock_close(sk);
449 release_sock(sk);
450 sco_sock_kill(sk);
451}
452
453static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg,
454 struct sock *sk)
455{
456 if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS)
457 put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS,
458 sizeof(bt_cb(skb)->sco.pkt_status),
459 &bt_cb(skb)->sco.pkt_status);
460}
461
462static void sco_sock_init(struct sock *sk, struct sock *parent)
463{
464 BT_DBG("sk %p", sk);
465
466 if (parent) {
467 sk->sk_type = parent->sk_type;
468 bt_sk(sk)->flags = bt_sk(parent)->flags;
469 security_sk_clone(parent, sk);
470 } else {
471 bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg;
472 }
473}
474
475static struct proto sco_proto = {
476 .name = "SCO",
477 .owner = THIS_MODULE,
478 .obj_size = sizeof(struct sco_pinfo)
479};
480
481static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
482 int proto, gfp_t prio, int kern)
483{
484 struct sock *sk;
485
486 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
487 if (!sk)
488 return NULL;
489
490 sock_init_data(sock, sk);
491 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
492
493 sk->sk_destruct = sco_sock_destruct;
494 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
495
496 sock_reset_flag(sk, SOCK_ZAPPED);
497
498 sk->sk_protocol = proto;
499 sk->sk_state = BT_OPEN;
500
501 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
502
503 timer_setup(&sk->sk_timer, sco_sock_timeout, 0);
504
505 bt_sock_link(&sco_sk_list, sk);
506 return sk;
507}
508
509static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
510 int kern)
511{
512 struct sock *sk;
513
514 BT_DBG("sock %p", sock);
515
516 sock->state = SS_UNCONNECTED;
517
518 if (sock->type != SOCK_SEQPACKET)
519 return -ESOCKTNOSUPPORT;
520
521 sock->ops = &sco_sock_ops;
522
523 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
524 if (!sk)
525 return -ENOMEM;
526
527 sco_sock_init(sk, NULL);
528 return 0;
529}
530
531static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
532 int addr_len)
533{
534 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
535 struct sock *sk = sock->sk;
536 int err = 0;
537
538 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
539 addr->sa_family != AF_BLUETOOTH)
540 return -EINVAL;
541
542 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
543
544 lock_sock(sk);
545
546 if (sk->sk_state != BT_OPEN) {
547 err = -EBADFD;
548 goto done;
549 }
550
551 if (sk->sk_type != SOCK_SEQPACKET) {
552 err = -EINVAL;
553 goto done;
554 }
555
556 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
557
558 sk->sk_state = BT_BOUND;
559
560done:
561 release_sock(sk);
562 return err;
563}
564
565static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
566{
567 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
568 struct sock *sk = sock->sk;
569 int err;
570
571 BT_DBG("sk %p", sk);
572
573 if (alen < sizeof(struct sockaddr_sco) ||
574 addr->sa_family != AF_BLUETOOTH)
575 return -EINVAL;
576
577 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
578 return -EBADFD;
579
580 if (sk->sk_type != SOCK_SEQPACKET)
581 return -EINVAL;
582
583 lock_sock(sk);
584
585
586 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
587
588 err = sco_connect(sk);
589 if (err)
590 goto done;
591
592 err = bt_sock_wait_state(sk, BT_CONNECTED,
593 sock_sndtimeo(sk, flags & O_NONBLOCK));
594
595done:
596 release_sock(sk);
597 return err;
598}
599
600static int sco_sock_listen(struct socket *sock, int backlog)
601{
602 struct sock *sk = sock->sk;
603 bdaddr_t *src = &sco_pi(sk)->src;
604 int err = 0;
605
606 BT_DBG("sk %p backlog %d", sk, backlog);
607
608 lock_sock(sk);
609
610 if (sk->sk_state != BT_BOUND) {
611 err = -EBADFD;
612 goto done;
613 }
614
615 if (sk->sk_type != SOCK_SEQPACKET) {
616 err = -EINVAL;
617 goto done;
618 }
619
620 write_lock(&sco_sk_list.lock);
621
622 if (__sco_get_sock_listen_by_addr(src)) {
623 err = -EADDRINUSE;
624 goto unlock;
625 }
626
627 sk->sk_max_ack_backlog = backlog;
628 sk->sk_ack_backlog = 0;
629
630 sk->sk_state = BT_LISTEN;
631
632unlock:
633 write_unlock(&sco_sk_list.lock);
634
635done:
636 release_sock(sk);
637 return err;
638}
639
640static int sco_sock_accept(struct socket *sock, struct socket *newsock,
641 int flags, bool kern)
642{
643 DEFINE_WAIT_FUNC(wait, woken_wake_function);
644 struct sock *sk = sock->sk, *ch;
645 long timeo;
646 int err = 0;
647
648 lock_sock(sk);
649
650 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
651
652 BT_DBG("sk %p timeo %ld", sk, timeo);
653
654
655 add_wait_queue_exclusive(sk_sleep(sk), &wait);
656 while (1) {
657 if (sk->sk_state != BT_LISTEN) {
658 err = -EBADFD;
659 break;
660 }
661
662 ch = bt_accept_dequeue(sk, newsock);
663 if (ch)
664 break;
665
666 if (!timeo) {
667 err = -EAGAIN;
668 break;
669 }
670
671 if (signal_pending(current)) {
672 err = sock_intr_errno(timeo);
673 break;
674 }
675
676 release_sock(sk);
677
678 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
679 lock_sock(sk);
680 }
681 remove_wait_queue(sk_sleep(sk), &wait);
682
683 if (err)
684 goto done;
685
686 newsock->state = SS_CONNECTED;
687
688 BT_DBG("new socket %p", ch);
689
690done:
691 release_sock(sk);
692 return err;
693}
694
695static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
696 int peer)
697{
698 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
699 struct sock *sk = sock->sk;
700
701 BT_DBG("sock %p, sk %p", sock, sk);
702
703 addr->sa_family = AF_BLUETOOTH;
704
705 if (peer)
706 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
707 else
708 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
709
710 return sizeof(struct sockaddr_sco);
711}
712
713static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
714 size_t len)
715{
716 struct sock *sk = sock->sk;
717 int err;
718
719 BT_DBG("sock %p, sk %p", sock, sk);
720
721 err = sock_error(sk);
722 if (err)
723 return err;
724
725 if (msg->msg_flags & MSG_OOB)
726 return -EOPNOTSUPP;
727
728 lock_sock(sk);
729
730 if (sk->sk_state == BT_CONNECTED)
731 err = sco_send_frame(sk, msg, len);
732 else
733 err = -ENOTCONN;
734
735 release_sock(sk);
736 return err;
737}
738
739static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
740{
741 struct hci_dev *hdev = conn->hdev;
742
743 BT_DBG("conn %p", conn);
744
745 conn->state = BT_CONFIG;
746
747 if (!lmp_esco_capable(hdev)) {
748 struct hci_cp_accept_conn_req cp;
749
750 bacpy(&cp.bdaddr, &conn->dst);
751 cp.role = 0x00;
752
753 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
754 } else {
755 struct hci_cp_accept_sync_conn_req cp;
756
757 bacpy(&cp.bdaddr, &conn->dst);
758 cp.pkt_type = cpu_to_le16(conn->pkt_type);
759
760 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
761 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
762 cp.content_format = cpu_to_le16(setting);
763
764 switch (setting & SCO_AIRMODE_MASK) {
765 case SCO_AIRMODE_TRANSP:
766 if (conn->pkt_type & ESCO_2EV3)
767 cp.max_latency = cpu_to_le16(0x0008);
768 else
769 cp.max_latency = cpu_to_le16(0x000D);
770 cp.retrans_effort = 0x02;
771 break;
772 case SCO_AIRMODE_CVSD:
773 cp.max_latency = cpu_to_le16(0xffff);
774 cp.retrans_effort = 0xff;
775 break;
776 }
777
778 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
779 sizeof(cp), &cp);
780 }
781}
782
783static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
784 size_t len, int flags)
785{
786 struct sock *sk = sock->sk;
787 struct sco_pinfo *pi = sco_pi(sk);
788
789 lock_sock(sk);
790
791 if (sk->sk_state == BT_CONNECT2 &&
792 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
793 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
794 sk->sk_state = BT_CONFIG;
795
796 release_sock(sk);
797 return 0;
798 }
799
800 release_sock(sk);
801
802 return bt_sock_recvmsg(sock, msg, len, flags);
803}
804
805static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
806 sockptr_t optval, unsigned int optlen)
807{
808 struct sock *sk = sock->sk;
809 int len, err = 0;
810 struct bt_voice voice;
811 u32 opt;
812
813 BT_DBG("sk %p", sk);
814
815 lock_sock(sk);
816
817 switch (optname) {
818
819 case BT_DEFER_SETUP:
820 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
821 err = -EINVAL;
822 break;
823 }
824
825 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
826 err = -EFAULT;
827 break;
828 }
829
830 if (opt)
831 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
832 else
833 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
834 break;
835
836 case BT_VOICE:
837 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
838 sk->sk_state != BT_CONNECT2) {
839 err = -EINVAL;
840 break;
841 }
842
843 voice.setting = sco_pi(sk)->setting;
844
845 len = min_t(unsigned int, sizeof(voice), optlen);
846 if (copy_from_sockptr(&voice, optval, len)) {
847 err = -EFAULT;
848 break;
849 }
850
851
852 if (voice.setting != BT_VOICE_TRANSPARENT &&
853 voice.setting != BT_VOICE_CVSD_16BIT) {
854 err = -EINVAL;
855 break;
856 }
857
858 sco_pi(sk)->setting = voice.setting;
859 break;
860
861 case BT_PKT_STATUS:
862 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
863 err = -EFAULT;
864 break;
865 }
866
867 if (opt)
868 sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS;
869 else
870 sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS;
871 break;
872
873 default:
874 err = -ENOPROTOOPT;
875 break;
876 }
877
878 release_sock(sk);
879 return err;
880}
881
882static int sco_sock_getsockopt_old(struct socket *sock, int optname,
883 char __user *optval, int __user *optlen)
884{
885 struct sock *sk = sock->sk;
886 struct sco_options opts;
887 struct sco_conninfo cinfo;
888 int len, err = 0;
889
890 BT_DBG("sk %p", sk);
891
892 if (get_user(len, optlen))
893 return -EFAULT;
894
895 lock_sock(sk);
896
897 switch (optname) {
898 case SCO_OPTIONS:
899 if (sk->sk_state != BT_CONNECTED &&
900 !(sk->sk_state == BT_CONNECT2 &&
901 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
902 err = -ENOTCONN;
903 break;
904 }
905
906 opts.mtu = sco_pi(sk)->conn->mtu;
907
908 BT_DBG("mtu %u", opts.mtu);
909
910 len = min_t(unsigned int, len, sizeof(opts));
911 if (copy_to_user(optval, (char *)&opts, len))
912 err = -EFAULT;
913
914 break;
915
916 case SCO_CONNINFO:
917 if (sk->sk_state != BT_CONNECTED &&
918 !(sk->sk_state == BT_CONNECT2 &&
919 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
920 err = -ENOTCONN;
921 break;
922 }
923
924 memset(&cinfo, 0, sizeof(cinfo));
925 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
926 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
927
928 len = min_t(unsigned int, len, sizeof(cinfo));
929 if (copy_to_user(optval, (char *)&cinfo, len))
930 err = -EFAULT;
931
932 break;
933
934 default:
935 err = -ENOPROTOOPT;
936 break;
937 }
938
939 release_sock(sk);
940 return err;
941}
942
943static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
944 char __user *optval, int __user *optlen)
945{
946 struct sock *sk = sock->sk;
947 int len, err = 0;
948 struct bt_voice voice;
949 u32 phys;
950 int pkt_status;
951
952 BT_DBG("sk %p", sk);
953
954 if (level == SOL_SCO)
955 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
956
957 if (get_user(len, optlen))
958 return -EFAULT;
959
960 lock_sock(sk);
961
962 switch (optname) {
963
964 case BT_DEFER_SETUP:
965 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
966 err = -EINVAL;
967 break;
968 }
969
970 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
971 (u32 __user *)optval))
972 err = -EFAULT;
973
974 break;
975
976 case BT_VOICE:
977 voice.setting = sco_pi(sk)->setting;
978
979 len = min_t(unsigned int, len, sizeof(voice));
980 if (copy_to_user(optval, (char *)&voice, len))
981 err = -EFAULT;
982
983 break;
984
985 case BT_PHY:
986 if (sk->sk_state != BT_CONNECTED) {
987 err = -ENOTCONN;
988 break;
989 }
990
991 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
992
993 if (put_user(phys, (u32 __user *) optval))
994 err = -EFAULT;
995 break;
996
997 case BT_PKT_STATUS:
998 pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS);
999
1000 if (put_user(pkt_status, (int __user *)optval))
1001 err = -EFAULT;
1002 break;
1003
1004 case BT_SNDMTU:
1005 case BT_RCVMTU:
1006 if (sk->sk_state != BT_CONNECTED) {
1007 err = -ENOTCONN;
1008 break;
1009 }
1010
1011 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1012 err = -EFAULT;
1013 break;
1014
1015 default:
1016 err = -ENOPROTOOPT;
1017 break;
1018 }
1019
1020 release_sock(sk);
1021 return err;
1022}
1023
1024static int sco_sock_shutdown(struct socket *sock, int how)
1025{
1026 struct sock *sk = sock->sk;
1027 int err = 0;
1028
1029 BT_DBG("sock %p, sk %p", sock, sk);
1030
1031 if (!sk)
1032 return 0;
1033
1034 sock_hold(sk);
1035 lock_sock(sk);
1036
1037 if (!sk->sk_shutdown) {
1038 sk->sk_shutdown = SHUTDOWN_MASK;
1039 sco_sock_clear_timer(sk);
1040 __sco_sock_close(sk);
1041
1042 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1043 !(current->flags & PF_EXITING))
1044 err = bt_sock_wait_state(sk, BT_CLOSED,
1045 sk->sk_lingertime);
1046 }
1047
1048 release_sock(sk);
1049 sock_put(sk);
1050
1051 return err;
1052}
1053
1054static int sco_sock_release(struct socket *sock)
1055{
1056 struct sock *sk = sock->sk;
1057 int err = 0;
1058
1059 BT_DBG("sock %p, sk %p", sock, sk);
1060
1061 if (!sk)
1062 return 0;
1063
1064 sco_sock_close(sk);
1065
1066 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1067 !(current->flags & PF_EXITING)) {
1068 lock_sock(sk);
1069 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1070 release_sock(sk);
1071 }
1072
1073 sock_orphan(sk);
1074 sco_sock_kill(sk);
1075 return err;
1076}
1077
1078static void sco_conn_ready(struct sco_conn *conn)
1079{
1080 struct sock *parent;
1081 struct sock *sk = conn->sk;
1082
1083 BT_DBG("conn %p", conn);
1084
1085 if (sk) {
1086 sco_sock_clear_timer(sk);
1087 bh_lock_sock(sk);
1088 sk->sk_state = BT_CONNECTED;
1089 sk->sk_state_change(sk);
1090 bh_unlock_sock(sk);
1091 } else {
1092 sco_conn_lock(conn);
1093
1094 if (!conn->hcon) {
1095 sco_conn_unlock(conn);
1096 return;
1097 }
1098
1099 parent = sco_get_sock_listen(&conn->hcon->src);
1100 if (!parent) {
1101 sco_conn_unlock(conn);
1102 return;
1103 }
1104
1105 bh_lock_sock(parent);
1106
1107 sk = sco_sock_alloc(sock_net(parent), NULL,
1108 BTPROTO_SCO, GFP_ATOMIC, 0);
1109 if (!sk) {
1110 bh_unlock_sock(parent);
1111 sco_conn_unlock(conn);
1112 return;
1113 }
1114
1115 sco_sock_init(sk, parent);
1116
1117 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1118 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1119
1120 hci_conn_hold(conn->hcon);
1121 __sco_chan_add(conn, sk, parent);
1122
1123 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1124 sk->sk_state = BT_CONNECT2;
1125 else
1126 sk->sk_state = BT_CONNECTED;
1127
1128
1129 parent->sk_data_ready(parent);
1130
1131 bh_unlock_sock(parent);
1132
1133 sco_conn_unlock(conn);
1134 }
1135}
1136
1137
1138int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1139{
1140 struct sock *sk;
1141 int lm = 0;
1142
1143 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1144
1145
1146 read_lock(&sco_sk_list.lock);
1147 sk_for_each(sk, &sco_sk_list.head) {
1148 if (sk->sk_state != BT_LISTEN)
1149 continue;
1150
1151 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1152 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1153 lm |= HCI_LM_ACCEPT;
1154
1155 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1156 *flags |= HCI_PROTO_DEFER;
1157 break;
1158 }
1159 }
1160 read_unlock(&sco_sk_list.lock);
1161
1162 return lm;
1163}
1164
1165static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1166{
1167 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1168 return;
1169
1170 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status);
1171
1172 if (!status) {
1173 struct sco_conn *conn;
1174
1175 conn = sco_conn_add(hcon);
1176 if (conn)
1177 sco_conn_ready(conn);
1178 } else
1179 sco_conn_del(hcon, bt_to_errno(status));
1180}
1181
1182static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1183{
1184 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1185 return;
1186
1187 BT_DBG("hcon %p reason %d", hcon, reason);
1188
1189 sco_conn_del(hcon, bt_to_errno(reason));
1190}
1191
1192void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1193{
1194 struct sco_conn *conn = hcon->sco_data;
1195
1196 if (!conn)
1197 goto drop;
1198
1199 BT_DBG("conn %p len %u", conn, skb->len);
1200
1201 if (skb->len) {
1202 sco_recv_frame(conn, skb);
1203 return;
1204 }
1205
1206drop:
1207 kfree_skb(skb);
1208}
1209
1210static struct hci_cb sco_cb = {
1211 .name = "SCO",
1212 .connect_cfm = sco_connect_cfm,
1213 .disconn_cfm = sco_disconn_cfm,
1214};
1215
1216static int sco_debugfs_show(struct seq_file *f, void *p)
1217{
1218 struct sock *sk;
1219
1220 read_lock(&sco_sk_list.lock);
1221
1222 sk_for_each(sk, &sco_sk_list.head) {
1223 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1224 &sco_pi(sk)->dst, sk->sk_state);
1225 }
1226
1227 read_unlock(&sco_sk_list.lock);
1228
1229 return 0;
1230}
1231
1232DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1233
1234static struct dentry *sco_debugfs;
1235
1236static const struct proto_ops sco_sock_ops = {
1237 .family = PF_BLUETOOTH,
1238 .owner = THIS_MODULE,
1239 .release = sco_sock_release,
1240 .bind = sco_sock_bind,
1241 .connect = sco_sock_connect,
1242 .listen = sco_sock_listen,
1243 .accept = sco_sock_accept,
1244 .getname = sco_sock_getname,
1245 .sendmsg = sco_sock_sendmsg,
1246 .recvmsg = sco_sock_recvmsg,
1247 .poll = bt_sock_poll,
1248 .ioctl = bt_sock_ioctl,
1249 .gettstamp = sock_gettstamp,
1250 .mmap = sock_no_mmap,
1251 .socketpair = sock_no_socketpair,
1252 .shutdown = sco_sock_shutdown,
1253 .setsockopt = sco_sock_setsockopt,
1254 .getsockopt = sco_sock_getsockopt
1255};
1256
1257static const struct net_proto_family sco_sock_family_ops = {
1258 .family = PF_BLUETOOTH,
1259 .owner = THIS_MODULE,
1260 .create = sco_sock_create,
1261};
1262
1263int __init sco_init(void)
1264{
1265 int err;
1266
1267 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1268
1269 err = proto_register(&sco_proto, 0);
1270 if (err < 0)
1271 return err;
1272
1273 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1274 if (err < 0) {
1275 BT_ERR("SCO socket registration failed");
1276 goto error;
1277 }
1278
1279 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1280 if (err < 0) {
1281 BT_ERR("Failed to create SCO proc file");
1282 bt_sock_unregister(BTPROTO_SCO);
1283 goto error;
1284 }
1285
1286 BT_INFO("SCO socket layer initialized");
1287
1288 hci_register_cb(&sco_cb);
1289
1290 if (IS_ERR_OR_NULL(bt_debugfs))
1291 return 0;
1292
1293 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1294 NULL, &sco_debugfs_fops);
1295
1296 return 0;
1297
1298error:
1299 proto_unregister(&sco_proto);
1300 return err;
1301}
1302
1303void sco_exit(void)
1304{
1305 bt_procfs_cleanup(&init_net, "sco");
1306
1307 debugfs_remove(sco_debugfs);
1308
1309 hci_unregister_cb(&sco_cb);
1310
1311 bt_sock_unregister(BTPROTO_SCO);
1312
1313 proto_unregister(&sco_proto);
1314}
1315
1316module_param(disable_esco, bool, 0644);
1317MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1318
