linux/net/bluetooth/sco.c
<<
>>
Prefs
   1/*
   2   BlueZ - Bluetooth protocol stack for Linux
   3   Copyright (C) 2000-2001 Qualcomm Incorporated
   4
   5   Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
   6
   7   This program is free software; you can redistribute it and/or modify
   8   it under the terms of the GNU General Public License version 2 as
   9   published by the Free Software Foundation;
  10
  11   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  12   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  13   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  14   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  15   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  16   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  17   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  18   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  19
  20   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  21   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  22   SOFTWARE IS DISCLAIMED.
  23*/
  24
  25/* Bluetooth SCO sockets. */
  26
  27#include <linux/module.h>
  28#include <linux/debugfs.h>
  29#include <linux/seq_file.h>
  30#include <linux/sched/signal.h>
  31
  32#include <net/bluetooth/bluetooth.h>
  33#include <net/bluetooth/hci_core.h>
  34#include <net/bluetooth/sco.h>
  35
  36static bool disable_esco;
  37
  38static const struct proto_ops sco_sock_ops;
  39
  40static struct bt_sock_list sco_sk_list = {
  41        .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
  42};
  43
  44/* ---- SCO connections ---- */
  45struct sco_conn {
  46        struct hci_conn *hcon;
  47
  48        spinlock_t      lock;
  49        struct sock     *sk;
  50
  51        unsigned int    mtu;
  52};
  53
  54#define sco_conn_lock(c)        spin_lock(&c->lock)
  55#define sco_conn_unlock(c)      spin_unlock(&c->lock)
  56
  57static void sco_sock_close(struct sock *sk);
  58static void sco_sock_kill(struct sock *sk);
  59
  60/* ----- SCO socket info ----- */
  61#define sco_pi(sk) ((struct sco_pinfo *) sk)
  62
  63struct sco_pinfo {
  64        struct bt_sock  bt;
  65        bdaddr_t        src;
  66        bdaddr_t        dst;
  67        __u32           flags;
  68        __u16           setting;
  69        __u8            cmsg_mask;
  70        struct sco_conn *conn;
  71};
  72
  73/* ---- SCO timers ---- */
  74#define SCO_CONN_TIMEOUT        (HZ * 40)
  75#define SCO_DISCONN_TIMEOUT     (HZ * 2)
  76
  77static void sco_sock_timeout(struct timer_list *t)
  78{
  79        struct sock *sk = from_timer(sk, t, sk_timer);
  80
  81        BT_DBG("sock %p state %d", sk, sk->sk_state);
  82
  83        bh_lock_sock(sk);
  84        sk->sk_err = ETIMEDOUT;
  85        sk->sk_state_change(sk);
  86        bh_unlock_sock(sk);
  87
  88        sock_put(sk);
  89}
  90
  91static void sco_sock_set_timer(struct sock *sk, long timeout)
  92{
  93        BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
  94        sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
  95}
  96
  97static void sco_sock_clear_timer(struct sock *sk)
  98{
  99        BT_DBG("sock %p state %d", sk, sk->sk_state);
 100        sk_stop_timer(sk, &sk->sk_timer);
 101}
 102
 103/* ---- SCO connections ---- */
 104static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
 105{
 106        struct hci_dev *hdev = hcon->hdev;
 107        struct sco_conn *conn = hcon->sco_data;
 108
 109        if (conn)
 110                return conn;
 111
 112        conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
 113        if (!conn)
 114                return NULL;
 115
 116        spin_lock_init(&conn->lock);
 117
 118        hcon->sco_data = conn;
 119        conn->hcon = hcon;
 120
 121        if (hdev->sco_mtu > 0)
 122                conn->mtu = hdev->sco_mtu;
 123        else
 124                conn->mtu = 60;
 125
 126        BT_DBG("hcon %p conn %p", hcon, conn);
 127
 128        return conn;
 129}
 130
 131/* Delete channel.
 132 * Must be called on the locked socket. */
 133static void sco_chan_del(struct sock *sk, int err)
 134{
 135        struct sco_conn *conn;
 136
 137        conn = sco_pi(sk)->conn;
 138
 139        BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
 140
 141        if (conn) {
 142                sco_conn_lock(conn);
 143                conn->sk = NULL;
 144                sco_pi(sk)->conn = NULL;
 145                sco_conn_unlock(conn);
 146
 147                if (conn->hcon)
 148                        hci_conn_drop(conn->hcon);
 149        }
 150
 151        sk->sk_state = BT_CLOSED;
 152        sk->sk_err   = err;
 153        sk->sk_state_change(sk);
 154
 155        sock_set_flag(sk, SOCK_ZAPPED);
 156}
 157
 158static void sco_conn_del(struct hci_conn *hcon, int err)
 159{
 160        struct sco_conn *conn = hcon->sco_data;
 161        struct sock *sk;
 162
 163        if (!conn)
 164                return;
 165
 166        BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
 167
 168        /* Kill socket */
 169        sco_conn_lock(conn);
 170        sk = conn->sk;
 171        sco_conn_unlock(conn);
 172
 173        if (sk) {
 174                sock_hold(sk);
 175                bh_lock_sock(sk);
 176                sco_sock_clear_timer(sk);
 177                sco_chan_del(sk, err);
 178                bh_unlock_sock(sk);
 179                sock_put(sk);
 180        }
 181
 182        hcon->sco_data = NULL;
 183        kfree(conn);
 184}
 185
 186static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
 187                           struct sock *parent)
 188{
 189        BT_DBG("conn %p", conn);
 190
 191        sco_pi(sk)->conn = conn;
 192        conn->sk = sk;
 193
 194        if (parent)
 195                bt_accept_enqueue(parent, sk, true);
 196}
 197
 198static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
 199                        struct sock *parent)
 200{
 201        int err = 0;
 202
 203        sco_conn_lock(conn);
 204        if (conn->sk)
 205                err = -EBUSY;
 206        else
 207                __sco_chan_add(conn, sk, parent);
 208
 209        sco_conn_unlock(conn);
 210        return err;
 211}
 212
 213static int sco_connect(struct sock *sk)
 214{
 215        struct sco_conn *conn;
 216        struct hci_conn *hcon;
 217        struct hci_dev  *hdev;
 218        int err, type;
 219
 220        BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
 221
 222        hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
 223        if (!hdev)
 224                return -EHOSTUNREACH;
 225
 226        hci_dev_lock(hdev);
 227
 228        if (lmp_esco_capable(hdev) && !disable_esco)
 229                type = ESCO_LINK;
 230        else
 231                type = SCO_LINK;
 232
 233        if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
 234            (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
 235                err = -EOPNOTSUPP;
 236                goto done;
 237        }
 238
 239        hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
 240                               sco_pi(sk)->setting);
 241        if (IS_ERR(hcon)) {
 242                err = PTR_ERR(hcon);
 243                goto done;
 244        }
 245
 246        conn = sco_conn_add(hcon);
 247        if (!conn) {
 248                hci_conn_drop(hcon);
 249                err = -ENOMEM;
 250                goto done;
 251        }
 252
 253        /* Update source addr of the socket */
 254        bacpy(&sco_pi(sk)->src, &hcon->src);
 255
 256        err = sco_chan_add(conn, sk, NULL);
 257        if (err)
 258                goto done;
 259
 260        if (hcon->state == BT_CONNECTED) {
 261                sco_sock_clear_timer(sk);
 262                sk->sk_state = BT_CONNECTED;
 263        } else {
 264                sk->sk_state = BT_CONNECT;
 265                sco_sock_set_timer(sk, sk->sk_sndtimeo);
 266        }
 267
 268done:
 269        hci_dev_unlock(hdev);
 270        hci_dev_put(hdev);
 271        return err;
 272}
 273
 274static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
 275{
 276        struct sco_conn *conn = sco_pi(sk)->conn;
 277        struct sk_buff *skb;
 278        int err;
 279
 280        /* Check outgoing MTU */
 281        if (len > conn->mtu)
 282                return -EINVAL;
 283
 284        BT_DBG("sk %p len %d", sk, len);
 285
 286        skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
 287        if (!skb)
 288                return err;
 289
 290        if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
 291                kfree_skb(skb);
 292                return -EFAULT;
 293        }
 294
 295        hci_send_sco(conn->hcon, skb);
 296
 297        return len;
 298}
 299
 300static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
 301{
 302        struct sock *sk;
 303
 304        sco_conn_lock(conn);
 305        sk = conn->sk;
 306        sco_conn_unlock(conn);
 307
 308        if (!sk)
 309                goto drop;
 310
 311        BT_DBG("sk %p len %u", sk, skb->len);
 312
 313        if (sk->sk_state != BT_CONNECTED)
 314                goto drop;
 315
 316        if (!sock_queue_rcv_skb(sk, skb))
 317                return;
 318
 319drop:
 320        kfree_skb(skb);
 321}
 322
 323/* -------- Socket interface ---------- */
 324static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
 325{
 326        struct sock *sk;
 327
 328        sk_for_each(sk, &sco_sk_list.head) {
 329                if (sk->sk_state != BT_LISTEN)
 330                        continue;
 331
 332                if (!bacmp(&sco_pi(sk)->src, ba))
 333                        return sk;
 334        }
 335
 336        return NULL;
 337}
 338
 339/* Find socket listening on source bdaddr.
 340 * Returns closest match.
 341 */
 342static struct sock *sco_get_sock_listen(bdaddr_t *src)
 343{
 344        struct sock *sk = NULL, *sk1 = NULL;
 345
 346        read_lock(&sco_sk_list.lock);
 347
 348        sk_for_each(sk, &sco_sk_list.head) {
 349                if (sk->sk_state != BT_LISTEN)
 350                        continue;
 351
 352                /* Exact match. */
 353                if (!bacmp(&sco_pi(sk)->src, src))
 354                        break;
 355
 356                /* Closest match */
 357                if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
 358                        sk1 = sk;
 359        }
 360
 361        read_unlock(&sco_sk_list.lock);
 362
 363        return sk ? sk : sk1;
 364}
 365
 366static void sco_sock_destruct(struct sock *sk)
 367{
 368        BT_DBG("sk %p", sk);
 369
 370        skb_queue_purge(&sk->sk_receive_queue);
 371        skb_queue_purge(&sk->sk_write_queue);
 372}
 373
 374static void sco_sock_cleanup_listen(struct sock *parent)
 375{
 376        struct sock *sk;
 377
 378        BT_DBG("parent %p", parent);
 379
 380        /* Close not yet accepted channels */
 381        while ((sk = bt_accept_dequeue(parent, NULL))) {
 382                sco_sock_close(sk);
 383                sco_sock_kill(sk);
 384        }
 385
 386        parent->sk_state  = BT_CLOSED;
 387        sock_set_flag(parent, SOCK_ZAPPED);
 388}
 389
 390/* Kill socket (only if zapped and orphan)
 391 * Must be called on unlocked socket.
 392 */
 393static void sco_sock_kill(struct sock *sk)
 394{
 395        if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
 396                return;
 397
 398        BT_DBG("sk %p state %d", sk, sk->sk_state);
 399
 400        /* Kill poor orphan */
 401        bt_sock_unlink(&sco_sk_list, sk);
 402        sock_set_flag(sk, SOCK_DEAD);
 403        sock_put(sk);
 404}
 405
 406static void __sco_sock_close(struct sock *sk)
 407{
 408        BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
 409
 410        switch (sk->sk_state) {
 411        case BT_LISTEN:
 412                sco_sock_cleanup_listen(sk);
 413                break;
 414
 415        case BT_CONNECTED:
 416        case BT_CONFIG:
 417                if (sco_pi(sk)->conn->hcon) {
 418                        sk->sk_state = BT_DISCONN;
 419                        sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
 420                        sco_conn_lock(sco_pi(sk)->conn);
 421                        hci_conn_drop(sco_pi(sk)->conn->hcon);
 422                        sco_pi(sk)->conn->hcon = NULL;
 423                        sco_conn_unlock(sco_pi(sk)->conn);
 424                } else
 425                        sco_chan_del(sk, ECONNRESET);
 426                break;
 427
 428        case BT_CONNECT2:
 429        case BT_CONNECT:
 430        case BT_DISCONN:
 431                sco_chan_del(sk, ECONNRESET);
 432                break;
 433
 434        default:
 435                sock_set_flag(sk, SOCK_ZAPPED);
 436                break;
 437        }
 438}
 439
 440/* Must be called on unlocked socket. */
 441static void sco_sock_close(struct sock *sk)
 442{
 443        sco_sock_clear_timer(sk);
 444        lock_sock(sk);
 445        __sco_sock_close(sk);
 446        release_sock(sk);
 447}
 448
 449static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg,
 450                             struct sock *sk)
 451{
 452        if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS)
 453                put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS,
 454                         sizeof(bt_cb(skb)->sco.pkt_status),
 455                         &bt_cb(skb)->sco.pkt_status);
 456}
 457
 458static void sco_sock_init(struct sock *sk, struct sock *parent)
 459{
 460        BT_DBG("sk %p", sk);
 461
 462        if (parent) {
 463                sk->sk_type = parent->sk_type;
 464                bt_sk(sk)->flags = bt_sk(parent)->flags;
 465                security_sk_clone(parent, sk);
 466        } else {
 467                bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg;
 468        }
 469}
 470
 471static struct proto sco_proto = {
 472        .name           = "SCO",
 473        .owner          = THIS_MODULE,
 474        .obj_size       = sizeof(struct sco_pinfo)
 475};
 476
 477static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
 478                                   int proto, gfp_t prio, int kern)
 479{
 480        struct sock *sk;
 481
 482        sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
 483        if (!sk)
 484                return NULL;
 485
 486        sock_init_data(sock, sk);
 487        INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
 488
 489        sk->sk_destruct = sco_sock_destruct;
 490        sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
 491
 492        sock_reset_flag(sk, SOCK_ZAPPED);
 493
 494        sk->sk_protocol = proto;
 495        sk->sk_state    = BT_OPEN;
 496
 497        sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
 498
 499        timer_setup(&sk->sk_timer, sco_sock_timeout, 0);
 500
 501        bt_sock_link(&sco_sk_list, sk);
 502        return sk;
 503}
 504
 505static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
 506                           int kern)
 507{
 508        struct sock *sk;
 509
 510        BT_DBG("sock %p", sock);
 511
 512        sock->state = SS_UNCONNECTED;
 513
 514        if (sock->type != SOCK_SEQPACKET)
 515                return -ESOCKTNOSUPPORT;
 516
 517        sock->ops = &sco_sock_ops;
 518
 519        sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
 520        if (!sk)
 521                return -ENOMEM;
 522
 523        sco_sock_init(sk, NULL);
 524        return 0;
 525}
 526
 527static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
 528                         int addr_len)
 529{
 530        struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
 531        struct sock *sk = sock->sk;
 532        int err = 0;
 533
 534        if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
 535            addr->sa_family != AF_BLUETOOTH)
 536                return -EINVAL;
 537
 538        BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
 539
 540        lock_sock(sk);
 541
 542        if (sk->sk_state != BT_OPEN) {
 543                err = -EBADFD;
 544                goto done;
 545        }
 546
 547        if (sk->sk_type != SOCK_SEQPACKET) {
 548                err = -EINVAL;
 549                goto done;
 550        }
 551
 552        bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
 553
 554        sk->sk_state = BT_BOUND;
 555
 556done:
 557        release_sock(sk);
 558        return err;
 559}
 560
 561static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
 562{
 563        struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
 564        struct sock *sk = sock->sk;
 565        int err;
 566
 567        BT_DBG("sk %p", sk);
 568
 569        if (alen < sizeof(struct sockaddr_sco) ||
 570            addr->sa_family != AF_BLUETOOTH)
 571                return -EINVAL;
 572
 573        if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
 574                return -EBADFD;
 575
 576        if (sk->sk_type != SOCK_SEQPACKET)
 577                return -EINVAL;
 578
 579        lock_sock(sk);
 580
 581        /* Set destination address and psm */
 582        bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
 583
 584        err = sco_connect(sk);
 585        if (err)
 586                goto done;
 587
 588        err = bt_sock_wait_state(sk, BT_CONNECTED,
 589                                 sock_sndtimeo(sk, flags & O_NONBLOCK));
 590
 591done:
 592        release_sock(sk);
 593        return err;
 594}
 595
 596static int sco_sock_listen(struct socket *sock, int backlog)
 597{
 598        struct sock *sk = sock->sk;
 599        bdaddr_t *src = &sco_pi(sk)->src;
 600        int err = 0;
 601
 602        BT_DBG("sk %p backlog %d", sk, backlog);
 603
 604        lock_sock(sk);
 605
 606        if (sk->sk_state != BT_BOUND) {
 607                err = -EBADFD;
 608                goto done;
 609        }
 610
 611        if (sk->sk_type != SOCK_SEQPACKET) {
 612                err = -EINVAL;
 613                goto done;
 614        }
 615
 616        write_lock(&sco_sk_list.lock);
 617
 618        if (__sco_get_sock_listen_by_addr(src)) {
 619                err = -EADDRINUSE;
 620                goto unlock;
 621        }
 622
 623        sk->sk_max_ack_backlog = backlog;
 624        sk->sk_ack_backlog = 0;
 625
 626        sk->sk_state = BT_LISTEN;
 627
 628unlock:
 629        write_unlock(&sco_sk_list.lock);
 630
 631done:
 632        release_sock(sk);
 633        return err;
 634}
 635
 636static int sco_sock_accept(struct socket *sock, struct socket *newsock,
 637                           int flags, bool kern)
 638{
 639        DEFINE_WAIT_FUNC(wait, woken_wake_function);
 640        struct sock *sk = sock->sk, *ch;
 641        long timeo;
 642        int err = 0;
 643
 644        lock_sock(sk);
 645
 646        timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
 647
 648        BT_DBG("sk %p timeo %ld", sk, timeo);
 649
 650        /* Wait for an incoming connection. (wake-one). */
 651        add_wait_queue_exclusive(sk_sleep(sk), &wait);
 652        while (1) {
 653                if (sk->sk_state != BT_LISTEN) {
 654                        err = -EBADFD;
 655                        break;
 656                }
 657
 658                ch = bt_accept_dequeue(sk, newsock);
 659                if (ch)
 660                        break;
 661
 662                if (!timeo) {
 663                        err = -EAGAIN;
 664                        break;
 665                }
 666
 667                if (signal_pending(current)) {
 668                        err = sock_intr_errno(timeo);
 669                        break;
 670                }
 671
 672                release_sock(sk);
 673
 674                timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
 675                lock_sock(sk);
 676        }
 677        remove_wait_queue(sk_sleep(sk), &wait);
 678
 679        if (err)
 680                goto done;
 681
 682        newsock->state = SS_CONNECTED;
 683
 684        BT_DBG("new socket %p", ch);
 685
 686done:
 687        release_sock(sk);
 688        return err;
 689}
 690
 691static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
 692                            int peer)
 693{
 694        struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
 695        struct sock *sk = sock->sk;
 696
 697        BT_DBG("sock %p, sk %p", sock, sk);
 698
 699        addr->sa_family = AF_BLUETOOTH;
 700
 701        if (peer)
 702                bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
 703        else
 704                bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
 705
 706        return sizeof(struct sockaddr_sco);
 707}
 708
 709static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
 710                            size_t len)
 711{
 712        struct sock *sk = sock->sk;
 713        int err;
 714
 715        BT_DBG("sock %p, sk %p", sock, sk);
 716
 717        err = sock_error(sk);
 718        if (err)
 719                return err;
 720
 721        if (msg->msg_flags & MSG_OOB)
 722                return -EOPNOTSUPP;
 723
 724        lock_sock(sk);
 725
 726        if (sk->sk_state == BT_CONNECTED)
 727                err = sco_send_frame(sk, msg, len);
 728        else
 729                err = -ENOTCONN;
 730
 731        release_sock(sk);
 732        return err;
 733}
 734
 735static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
 736{
 737        struct hci_dev *hdev = conn->hdev;
 738
 739        BT_DBG("conn %p", conn);
 740
 741        conn->state = BT_CONFIG;
 742
 743        if (!lmp_esco_capable(hdev)) {
 744                struct hci_cp_accept_conn_req cp;
 745
 746                bacpy(&cp.bdaddr, &conn->dst);
 747                cp.role = 0x00; /* Ignored */
 748
 749                hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
 750        } else {
 751                struct hci_cp_accept_sync_conn_req cp;
 752
 753                bacpy(&cp.bdaddr, &conn->dst);
 754                cp.pkt_type = cpu_to_le16(conn->pkt_type);
 755
 756                cp.tx_bandwidth   = cpu_to_le32(0x00001f40);
 757                cp.rx_bandwidth   = cpu_to_le32(0x00001f40);
 758                cp.content_format = cpu_to_le16(setting);
 759
 760                switch (setting & SCO_AIRMODE_MASK) {
 761                case SCO_AIRMODE_TRANSP:
 762                        if (conn->pkt_type & ESCO_2EV3)
 763                                cp.max_latency = cpu_to_le16(0x0008);
 764                        else
 765                                cp.max_latency = cpu_to_le16(0x000D);
 766                        cp.retrans_effort = 0x02;
 767                        break;
 768                case SCO_AIRMODE_CVSD:
 769                        cp.max_latency = cpu_to_le16(0xffff);
 770                        cp.retrans_effort = 0xff;
 771                        break;
 772                default:
 773                        /* use CVSD settings as fallback */
 774                        cp.max_latency = cpu_to_le16(0xffff);
 775                        cp.retrans_effort = 0xff;
 776                        break;
 777                }
 778
 779                hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
 780                             sizeof(cp), &cp);
 781        }
 782}
 783
 784static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
 785                            size_t len, int flags)
 786{
 787        struct sock *sk = sock->sk;
 788        struct sco_pinfo *pi = sco_pi(sk);
 789
 790        lock_sock(sk);
 791
 792        if (sk->sk_state == BT_CONNECT2 &&
 793            test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
 794                sco_conn_defer_accept(pi->conn->hcon, pi->setting);
 795                sk->sk_state = BT_CONFIG;
 796
 797                release_sock(sk);
 798                return 0;
 799        }
 800
 801        release_sock(sk);
 802
 803        return bt_sock_recvmsg(sock, msg, len, flags);
 804}
 805
 806static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
 807                               sockptr_t optval, unsigned int optlen)
 808{
 809        struct sock *sk = sock->sk;
 810        int len, err = 0;
 811        struct bt_voice voice;
 812        u32 opt;
 813
 814        BT_DBG("sk %p", sk);
 815
 816        lock_sock(sk);
 817
 818        switch (optname) {
 819
 820        case BT_DEFER_SETUP:
 821                if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
 822                        err = -EINVAL;
 823                        break;
 824                }
 825
 826                if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
 827                        err = -EFAULT;
 828                        break;
 829                }
 830
 831                if (opt)
 832                        set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
 833                else
 834                        clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
 835                break;
 836
 837        case BT_VOICE:
 838                if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
 839                    sk->sk_state != BT_CONNECT2) {
 840                        err = -EINVAL;
 841                        break;
 842                }
 843
 844                voice.setting = sco_pi(sk)->setting;
 845
 846                len = min_t(unsigned int, sizeof(voice), optlen);
 847                if (copy_from_sockptr(&voice, optval, len)) {
 848                        err = -EFAULT;
 849                        break;
 850                }
 851
 852                /* Explicitly check for these values */
 853                if (voice.setting != BT_VOICE_TRANSPARENT &&
 854                    voice.setting != BT_VOICE_CVSD_16BIT) {
 855                        err = -EINVAL;
 856                        break;
 857                }
 858
 859                sco_pi(sk)->setting = voice.setting;
 860                break;
 861
 862        case BT_PKT_STATUS:
 863                if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
 864                        err = -EFAULT;
 865                        break;
 866                }
 867
 868                if (opt)
 869                        sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS;
 870                else
 871                        sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS;
 872                break;
 873
 874        default:
 875                err = -ENOPROTOOPT;
 876                break;
 877        }
 878
 879        release_sock(sk);
 880        return err;
 881}
 882
 883static int sco_sock_getsockopt_old(struct socket *sock, int optname,
 884                                   char __user *optval, int __user *optlen)
 885{
 886        struct sock *sk = sock->sk;
 887        struct sco_options opts;
 888        struct sco_conninfo cinfo;
 889        int len, err = 0;
 890
 891        BT_DBG("sk %p", sk);
 892
 893        if (get_user(len, optlen))
 894                return -EFAULT;
 895
 896        lock_sock(sk);
 897
 898        switch (optname) {
 899        case SCO_OPTIONS:
 900                if (sk->sk_state != BT_CONNECTED &&
 901                    !(sk->sk_state == BT_CONNECT2 &&
 902                      test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
 903                        err = -ENOTCONN;
 904                        break;
 905                }
 906
 907                opts.mtu = sco_pi(sk)->conn->mtu;
 908
 909                BT_DBG("mtu %u", opts.mtu);
 910
 911                len = min_t(unsigned int, len, sizeof(opts));
 912                if (copy_to_user(optval, (char *)&opts, len))
 913                        err = -EFAULT;
 914
 915                break;
 916
 917        case SCO_CONNINFO:
 918                if (sk->sk_state != BT_CONNECTED &&
 919                    !(sk->sk_state == BT_CONNECT2 &&
 920                      test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
 921                        err = -ENOTCONN;
 922                        break;
 923                }
 924
 925                memset(&cinfo, 0, sizeof(cinfo));
 926                cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
 927                memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
 928
 929                len = min_t(unsigned int, len, sizeof(cinfo));
 930                if (copy_to_user(optval, (char *)&cinfo, len))
 931                        err = -EFAULT;
 932
 933                break;
 934
 935        default:
 936                err = -ENOPROTOOPT;
 937                break;
 938        }
 939
 940        release_sock(sk);
 941        return err;
 942}
 943
 944static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
 945                               char __user *optval, int __user *optlen)
 946{
 947        struct sock *sk = sock->sk;
 948        int len, err = 0;
 949        struct bt_voice voice;
 950        u32 phys;
 951        int pkt_status;
 952
 953        BT_DBG("sk %p", sk);
 954
 955        if (level == SOL_SCO)
 956                return sco_sock_getsockopt_old(sock, optname, optval, optlen);
 957
 958        if (get_user(len, optlen))
 959                return -EFAULT;
 960
 961        lock_sock(sk);
 962
 963        switch (optname) {
 964
 965        case BT_DEFER_SETUP:
 966                if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
 967                        err = -EINVAL;
 968                        break;
 969                }
 970
 971                if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
 972                             (u32 __user *)optval))
 973                        err = -EFAULT;
 974
 975                break;
 976
 977        case BT_VOICE:
 978                voice.setting = sco_pi(sk)->setting;
 979
 980                len = min_t(unsigned int, len, sizeof(voice));
 981                if (copy_to_user(optval, (char *)&voice, len))
 982                        err = -EFAULT;
 983
 984                break;
 985
 986        case BT_PHY:
 987                if (sk->sk_state != BT_CONNECTED) {
 988                        err = -ENOTCONN;
 989                        break;
 990                }
 991
 992                phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
 993
 994                if (put_user(phys, (u32 __user *) optval))
 995                        err = -EFAULT;
 996                break;
 997
 998        case BT_PKT_STATUS:
 999                pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS);
1000
1001                if (put_user(pkt_status, (int __user *)optval))
1002                        err = -EFAULT;
1003                break;
1004
1005        case BT_SNDMTU:
1006        case BT_RCVMTU:
1007                if (sk->sk_state != BT_CONNECTED) {
1008                        err = -ENOTCONN;
1009                        break;
1010                }
1011
1012                if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1013                        err = -EFAULT;
1014                break;
1015
1016        default:
1017                err = -ENOPROTOOPT;
1018                break;
1019        }
1020
1021        release_sock(sk);
1022        return err;
1023}
1024
1025static int sco_sock_shutdown(struct socket *sock, int how)
1026{
1027        struct sock *sk = sock->sk;
1028        int err = 0;
1029
1030        BT_DBG("sock %p, sk %p", sock, sk);
1031
1032        if (!sk)
1033                return 0;
1034
1035        sock_hold(sk);
1036        lock_sock(sk);
1037
1038        if (!sk->sk_shutdown) {
1039                sk->sk_shutdown = SHUTDOWN_MASK;
1040                sco_sock_clear_timer(sk);
1041                __sco_sock_close(sk);
1042
1043                if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1044                    !(current->flags & PF_EXITING))
1045                        err = bt_sock_wait_state(sk, BT_CLOSED,
1046                                                 sk->sk_lingertime);
1047        }
1048
1049        release_sock(sk);
1050        sock_put(sk);
1051
1052        return err;
1053}
1054
1055static int sco_sock_release(struct socket *sock)
1056{
1057        struct sock *sk = sock->sk;
1058        int err = 0;
1059
1060        BT_DBG("sock %p, sk %p", sock, sk);
1061
1062        if (!sk)
1063                return 0;
1064
1065        sco_sock_close(sk);
1066
1067        if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1068            !(current->flags & PF_EXITING)) {
1069                lock_sock(sk);
1070                err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1071                release_sock(sk);
1072        }
1073
1074        sock_orphan(sk);
1075        sco_sock_kill(sk);
1076        return err;
1077}
1078
1079static void sco_conn_ready(struct sco_conn *conn)
1080{
1081        struct sock *parent;
1082        struct sock *sk = conn->sk;
1083
1084        BT_DBG("conn %p", conn);
1085
1086        if (sk) {
1087                sco_sock_clear_timer(sk);
1088                bh_lock_sock(sk);
1089                sk->sk_state = BT_CONNECTED;
1090                sk->sk_state_change(sk);
1091                bh_unlock_sock(sk);
1092        } else {
1093                sco_conn_lock(conn);
1094
1095                if (!conn->hcon) {
1096                        sco_conn_unlock(conn);
1097                        return;
1098                }
1099
1100                parent = sco_get_sock_listen(&conn->hcon->src);
1101                if (!parent) {
1102                        sco_conn_unlock(conn);
1103                        return;
1104                }
1105
1106                bh_lock_sock(parent);
1107
1108                sk = sco_sock_alloc(sock_net(parent), NULL,
1109                                    BTPROTO_SCO, GFP_ATOMIC, 0);
1110                if (!sk) {
1111                        bh_unlock_sock(parent);
1112                        sco_conn_unlock(conn);
1113                        return;
1114                }
1115
1116                sco_sock_init(sk, parent);
1117
1118                bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1119                bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1120
1121                hci_conn_hold(conn->hcon);
1122                __sco_chan_add(conn, sk, parent);
1123
1124                if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1125                        sk->sk_state = BT_CONNECT2;
1126                else
1127                        sk->sk_state = BT_CONNECTED;
1128
1129                /* Wake up parent */
1130                parent->sk_data_ready(parent);
1131
1132                bh_unlock_sock(parent);
1133
1134                sco_conn_unlock(conn);
1135        }
1136}
1137
1138/* ----- SCO interface with lower layer (HCI) ----- */
1139int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1140{
1141        struct sock *sk;
1142        int lm = 0;
1143
1144        BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1145
1146        /* Find listening sockets */
1147        read_lock(&sco_sk_list.lock);
1148        sk_for_each(sk, &sco_sk_list.head) {
1149                if (sk->sk_state != BT_LISTEN)
1150                        continue;
1151
1152                if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1153                    !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1154                        lm |= HCI_LM_ACCEPT;
1155
1156                        if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1157                                *flags |= HCI_PROTO_DEFER;
1158                        break;
1159                }
1160        }
1161        read_unlock(&sco_sk_list.lock);
1162
1163        return lm;
1164}
1165
1166static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1167{
1168        if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1169                return;
1170
1171        BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status);
1172
1173        if (!status) {
1174                struct sco_conn *conn;
1175
1176                conn = sco_conn_add(hcon);
1177                if (conn)
1178                        sco_conn_ready(conn);
1179        } else
1180                sco_conn_del(hcon, bt_to_errno(status));
1181}
1182
1183static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1184{
1185        if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1186                return;
1187
1188        BT_DBG("hcon %p reason %d", hcon, reason);
1189
1190        sco_conn_del(hcon, bt_to_errno(reason));
1191}
1192
1193void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1194{
1195        struct sco_conn *conn = hcon->sco_data;
1196
1197        if (!conn)
1198                goto drop;
1199
1200        BT_DBG("conn %p len %u", conn, skb->len);
1201
1202        if (skb->len) {
1203                sco_recv_frame(conn, skb);
1204                return;
1205        }
1206
1207drop:
1208        kfree_skb(skb);
1209}
1210
1211static struct hci_cb sco_cb = {
1212        .name           = "SCO",
1213        .connect_cfm    = sco_connect_cfm,
1214        .disconn_cfm    = sco_disconn_cfm,
1215};
1216
1217static int sco_debugfs_show(struct seq_file *f, void *p)
1218{
1219        struct sock *sk;
1220
1221        read_lock(&sco_sk_list.lock);
1222
1223        sk_for_each(sk, &sco_sk_list.head) {
1224                seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1225                           &sco_pi(sk)->dst, sk->sk_state);
1226        }
1227
1228        read_unlock(&sco_sk_list.lock);
1229
1230        return 0;
1231}
1232
1233DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1234
1235static struct dentry *sco_debugfs;
1236
1237static const struct proto_ops sco_sock_ops = {
1238        .family         = PF_BLUETOOTH,
1239        .owner          = THIS_MODULE,
1240        .release        = sco_sock_release,
1241        .bind           = sco_sock_bind,
1242        .connect        = sco_sock_connect,
1243        .listen         = sco_sock_listen,
1244        .accept         = sco_sock_accept,
1245        .getname        = sco_sock_getname,
1246        .sendmsg        = sco_sock_sendmsg,
1247        .recvmsg        = sco_sock_recvmsg,
1248        .poll           = bt_sock_poll,
1249        .ioctl          = bt_sock_ioctl,
1250        .gettstamp      = sock_gettstamp,
1251        .mmap           = sock_no_mmap,
1252        .socketpair     = sock_no_socketpair,
1253        .shutdown       = sco_sock_shutdown,
1254        .setsockopt     = sco_sock_setsockopt,
1255        .getsockopt     = sco_sock_getsockopt
1256};
1257
1258static const struct net_proto_family sco_sock_family_ops = {
1259        .family = PF_BLUETOOTH,
1260        .owner  = THIS_MODULE,
1261        .create = sco_sock_create,
1262};
1263
1264int __init sco_init(void)
1265{
1266        int err;
1267
1268        BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1269
1270        err = proto_register(&sco_proto, 0);
1271        if (err < 0)
1272                return err;
1273
1274        err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1275        if (err < 0) {
1276                BT_ERR("SCO socket registration failed");
1277                goto error;
1278        }
1279
1280        err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1281        if (err < 0) {
1282                BT_ERR("Failed to create SCO proc file");
1283                bt_sock_unregister(BTPROTO_SCO);
1284                goto error;
1285        }
1286
1287        BT_INFO("SCO socket layer initialized");
1288
1289        hci_register_cb(&sco_cb);
1290
1291        if (IS_ERR_OR_NULL(bt_debugfs))
1292                return 0;
1293
1294        sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1295                                          NULL, &sco_debugfs_fops);
1296
1297        return 0;
1298
1299error:
1300        proto_unregister(&sco_proto);
1301        return err;
1302}
1303
1304void sco_exit(void)
1305{
1306        bt_procfs_cleanup(&init_net, "sco");
1307
1308        debugfs_remove(sco_debugfs);
1309
1310        hci_unregister_cb(&sco_cb);
1311
1312        bt_sock_unregister(BTPROTO_SCO);
1313
1314        proto_unregister(&sco_proto);
1315}
1316
1317module_param(disable_esco, bool, 0644);
1318MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1319