0001
0002
0003
0004
0005
0006
0007
0008 #include <linux/module.h>
0009 #include <linux/debugfs.h>
0010 #include <linux/seq_file.h>
0011 #include <linux/sched/signal.h>
0012
0013 #include <net/bluetooth/bluetooth.h>
0014 #include <net/bluetooth/hci_core.h>
0015 #include <net/bluetooth/iso.h>
0016
0017 static const struct proto_ops iso_sock_ops;
0018
0019 static struct bt_sock_list iso_sk_list = {
0020 .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock)
0021 };
0022
0023
0024 struct iso_conn {
0025 struct hci_conn *hcon;
0026
0027
0028 spinlock_t lock;
0029 struct sock *sk;
0030
0031 struct delayed_work timeout_work;
0032
0033 struct sk_buff *rx_skb;
0034 __u32 rx_len;
0035 __u16 tx_sn;
0036 };
0037
0038 #define iso_conn_lock(c) spin_lock(&(c)->lock)
0039 #define iso_conn_unlock(c) spin_unlock(&(c)->lock)
0040
0041 static void iso_sock_close(struct sock *sk);
0042 static void iso_sock_kill(struct sock *sk);
0043
0044
0045 #define iso_pi(sk) ((struct iso_pinfo *)sk)
0046
0047 #define EIR_SERVICE_DATA_LENGTH 4
0048 #define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH)
0049
0050 struct iso_pinfo {
0051 struct bt_sock bt;
0052 bdaddr_t src;
0053 __u8 src_type;
0054 bdaddr_t dst;
0055 __u8 dst_type;
0056 __u8 bc_sid;
0057 __u8 bc_num_bis;
0058 __u8 bc_bis[ISO_MAX_NUM_BIS];
0059 __u16 sync_handle;
0060 __u32 flags;
0061 struct bt_iso_qos qos;
0062 __u8 base_len;
0063 __u8 base[BASE_MAX_LENGTH];
0064 struct iso_conn *conn;
0065 };
0066
0067
0068 #define ISO_CONN_TIMEOUT (HZ * 40)
0069 #define ISO_DISCONN_TIMEOUT (HZ * 2)
0070
0071 static void iso_sock_timeout(struct work_struct *work)
0072 {
0073 struct iso_conn *conn = container_of(work, struct iso_conn,
0074 timeout_work.work);
0075 struct sock *sk;
0076
0077 iso_conn_lock(conn);
0078 sk = conn->sk;
0079 if (sk)
0080 sock_hold(sk);
0081 iso_conn_unlock(conn);
0082
0083 if (!sk)
0084 return;
0085
0086 BT_DBG("sock %p state %d", sk, sk->sk_state);
0087
0088 lock_sock(sk);
0089 sk->sk_err = ETIMEDOUT;
0090 sk->sk_state_change(sk);
0091 release_sock(sk);
0092 sock_put(sk);
0093 }
0094
0095 static void iso_sock_set_timer(struct sock *sk, long timeout)
0096 {
0097 if (!iso_pi(sk)->conn)
0098 return;
0099
0100 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
0101 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
0102 schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout);
0103 }
0104
0105 static void iso_sock_clear_timer(struct sock *sk)
0106 {
0107 if (!iso_pi(sk)->conn)
0108 return;
0109
0110 BT_DBG("sock %p state %d", sk, sk->sk_state);
0111 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
0112 }
0113
0114
0115 static struct iso_conn *iso_conn_add(struct hci_conn *hcon)
0116 {
0117 struct iso_conn *conn = hcon->iso_data;
0118
0119 if (conn)
0120 return conn;
0121
0122 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
0123 if (!conn)
0124 return NULL;
0125
0126 spin_lock_init(&conn->lock);
0127 INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout);
0128
0129 hcon->iso_data = conn;
0130 conn->hcon = hcon;
0131 conn->tx_sn = 0;
0132
0133 BT_DBG("hcon %p conn %p", hcon, conn);
0134
0135 return conn;
0136 }
0137
0138
0139 static void iso_chan_del(struct sock *sk, int err)
0140 {
0141 struct iso_conn *conn;
0142 struct sock *parent;
0143
0144 conn = iso_pi(sk)->conn;
0145
0146 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
0147
0148 if (conn) {
0149 iso_conn_lock(conn);
0150 conn->sk = NULL;
0151 iso_pi(sk)->conn = NULL;
0152 iso_conn_unlock(conn);
0153
0154 if (conn->hcon)
0155 hci_conn_drop(conn->hcon);
0156 }
0157
0158 sk->sk_state = BT_CLOSED;
0159 sk->sk_err = err;
0160
0161 parent = bt_sk(sk)->parent;
0162 if (parent) {
0163 bt_accept_unlink(sk);
0164 parent->sk_data_ready(parent);
0165 } else {
0166 sk->sk_state_change(sk);
0167 }
0168
0169 sock_set_flag(sk, SOCK_ZAPPED);
0170 }
0171
0172 static void iso_conn_del(struct hci_conn *hcon, int err)
0173 {
0174 struct iso_conn *conn = hcon->iso_data;
0175 struct sock *sk;
0176
0177 if (!conn)
0178 return;
0179
0180 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
0181
0182
0183 iso_conn_lock(conn);
0184 sk = conn->sk;
0185 if (sk)
0186 sock_hold(sk);
0187 iso_conn_unlock(conn);
0188
0189 if (sk) {
0190 lock_sock(sk);
0191 iso_sock_clear_timer(sk);
0192 iso_chan_del(sk, err);
0193 release_sock(sk);
0194 sock_put(sk);
0195 }
0196
0197
0198 cancel_delayed_work_sync(&conn->timeout_work);
0199
0200 hcon->iso_data = NULL;
0201 kfree(conn);
0202 }
0203
0204 static int __iso_chan_add(struct iso_conn *conn, struct sock *sk,
0205 struct sock *parent)
0206 {
0207 BT_DBG("conn %p", conn);
0208
0209 if (iso_pi(sk)->conn == conn && conn->sk == sk)
0210 return 0;
0211
0212 if (conn->sk) {
0213 BT_ERR("conn->sk already set");
0214 return -EBUSY;
0215 }
0216
0217 iso_pi(sk)->conn = conn;
0218 conn->sk = sk;
0219
0220 if (parent)
0221 bt_accept_enqueue(parent, sk, true);
0222
0223 return 0;
0224 }
0225
0226 static int iso_chan_add(struct iso_conn *conn, struct sock *sk,
0227 struct sock *parent)
0228 {
0229 int err;
0230
0231 iso_conn_lock(conn);
0232 err = __iso_chan_add(conn, sk, parent);
0233 iso_conn_unlock(conn);
0234
0235 return err;
0236 }
0237
0238 static int iso_connect_bis(struct sock *sk)
0239 {
0240 struct iso_conn *conn;
0241 struct hci_conn *hcon;
0242 struct hci_dev *hdev;
0243 int err;
0244
0245 BT_DBG("%pMR", &iso_pi(sk)->src);
0246
0247 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
0248 iso_pi(sk)->src_type);
0249 if (!hdev)
0250 return -EHOSTUNREACH;
0251
0252 hci_dev_lock(hdev);
0253
0254 if (!bis_capable(hdev)) {
0255 err = -EOPNOTSUPP;
0256 goto done;
0257 }
0258
0259
0260 if (!iso_pi(sk)->qos.out.phy) {
0261 err = -EINVAL;
0262 goto done;
0263 }
0264
0265 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst, iso_pi(sk)->dst_type,
0266 &iso_pi(sk)->qos, iso_pi(sk)->base_len,
0267 iso_pi(sk)->base);
0268 if (IS_ERR(hcon)) {
0269 err = PTR_ERR(hcon);
0270 goto done;
0271 }
0272
0273 conn = iso_conn_add(hcon);
0274 if (!conn) {
0275 hci_conn_drop(hcon);
0276 err = -ENOMEM;
0277 goto done;
0278 }
0279
0280
0281 bacpy(&iso_pi(sk)->src, &hcon->src);
0282
0283 err = iso_chan_add(conn, sk, NULL);
0284 if (err)
0285 goto done;
0286
0287 if (hcon->state == BT_CONNECTED) {
0288 iso_sock_clear_timer(sk);
0289 sk->sk_state = BT_CONNECTED;
0290 } else {
0291 sk->sk_state = BT_CONNECT;
0292 iso_sock_set_timer(sk, sk->sk_sndtimeo);
0293 }
0294
0295 done:
0296 hci_dev_unlock(hdev);
0297 hci_dev_put(hdev);
0298 return err;
0299 }
0300
0301 static int iso_connect_cis(struct sock *sk)
0302 {
0303 struct iso_conn *conn;
0304 struct hci_conn *hcon;
0305 struct hci_dev *hdev;
0306 int err;
0307
0308 BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst);
0309
0310 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
0311 iso_pi(sk)->src_type);
0312 if (!hdev)
0313 return -EHOSTUNREACH;
0314
0315 hci_dev_lock(hdev);
0316
0317 if (!cis_central_capable(hdev)) {
0318 err = -EOPNOTSUPP;
0319 goto done;
0320 }
0321
0322
0323 if (!iso_pi(sk)->qos.in.phy && !iso_pi(sk)->qos.out.phy) {
0324 err = -EINVAL;
0325 goto done;
0326 }
0327
0328
0329 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
0330 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst,
0331 iso_pi(sk)->dst_type, &iso_pi(sk)->qos);
0332 if (IS_ERR(hcon)) {
0333 err = PTR_ERR(hcon);
0334 goto done;
0335 }
0336 } else {
0337 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst,
0338 iso_pi(sk)->dst_type, &iso_pi(sk)->qos);
0339 if (IS_ERR(hcon)) {
0340 err = PTR_ERR(hcon);
0341 goto done;
0342 }
0343 }
0344
0345 conn = iso_conn_add(hcon);
0346 if (!conn) {
0347 hci_conn_drop(hcon);
0348 err = -ENOMEM;
0349 goto done;
0350 }
0351
0352
0353 bacpy(&iso_pi(sk)->src, &hcon->src);
0354
0355 err = iso_chan_add(conn, sk, NULL);
0356 if (err)
0357 goto done;
0358
0359 if (hcon->state == BT_CONNECTED) {
0360 iso_sock_clear_timer(sk);
0361 sk->sk_state = BT_CONNECTED;
0362 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
0363 iso_sock_clear_timer(sk);
0364 sk->sk_state = BT_CONNECT;
0365 } else {
0366 sk->sk_state = BT_CONNECT;
0367 iso_sock_set_timer(sk, sk->sk_sndtimeo);
0368 }
0369
0370 done:
0371 hci_dev_unlock(hdev);
0372 hci_dev_put(hdev);
0373 return err;
0374 }
0375
0376 static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk)
0377 {
0378 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2)
0379 return &iso_pi(sk)->conn->hcon->iso_qos;
0380
0381 return &iso_pi(sk)->qos;
0382 }
0383
0384 static int iso_send_frame(struct sock *sk, struct sk_buff *skb)
0385 {
0386 struct iso_conn *conn = iso_pi(sk)->conn;
0387 struct bt_iso_qos *qos = iso_sock_get_qos(sk);
0388 struct hci_iso_data_hdr *hdr;
0389 int len = 0;
0390
0391 BT_DBG("sk %p len %d", sk, skb->len);
0392
0393 if (skb->len > qos->out.sdu)
0394 return -EMSGSIZE;
0395
0396 len = skb->len;
0397
0398
0399 hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE);
0400 hdr->sn = cpu_to_le16(conn->tx_sn++);
0401 hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len,
0402 HCI_ISO_STATUS_VALID));
0403
0404 if (sk->sk_state == BT_CONNECTED)
0405 hci_send_iso(conn->hcon, skb);
0406 else
0407 len = -ENOTCONN;
0408
0409 return len;
0410 }
0411
0412 static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb)
0413 {
0414 struct sock *sk;
0415
0416 iso_conn_lock(conn);
0417 sk = conn->sk;
0418 iso_conn_unlock(conn);
0419
0420 if (!sk)
0421 goto drop;
0422
0423 BT_DBG("sk %p len %d", sk, skb->len);
0424
0425 if (sk->sk_state != BT_CONNECTED)
0426 goto drop;
0427
0428 if (!sock_queue_rcv_skb(sk, skb))
0429 return;
0430
0431 drop:
0432 kfree_skb(skb);
0433 }
0434
0435
0436 static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *ba)
0437 {
0438 struct sock *sk;
0439
0440 sk_for_each(sk, &iso_sk_list.head) {
0441 if (sk->sk_state != BT_LISTEN)
0442 continue;
0443
0444 if (!bacmp(&iso_pi(sk)->src, ba))
0445 return sk;
0446 }
0447
0448 return NULL;
0449 }
0450
0451 static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc,
0452 __u8 sid)
0453 {
0454 struct sock *sk;
0455
0456 sk_for_each(sk, &iso_sk_list.head) {
0457 if (sk->sk_state != BT_LISTEN)
0458 continue;
0459
0460 if (bacmp(&iso_pi(sk)->src, ba))
0461 continue;
0462
0463 if (bacmp(&iso_pi(sk)->dst, bc))
0464 continue;
0465
0466 if (iso_pi(sk)->bc_sid == sid)
0467 return sk;
0468 }
0469
0470 return NULL;
0471 }
0472
0473 typedef bool (*iso_sock_match_t)(struct sock *sk, void *data);
0474
0475
0476
0477
0478
0479
0480
0481
0482 static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst,
0483 iso_sock_match_t match, void *data)
0484 {
0485 struct sock *sk = NULL, *sk1 = NULL;
0486
0487 read_lock(&iso_sk_list.lock);
0488
0489 sk_for_each(sk, &iso_sk_list.head) {
0490 if (sk->sk_state != BT_LISTEN)
0491 continue;
0492
0493
0494 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst))
0495 continue;
0496
0497
0498 if (match && !match(sk, data))
0499 continue;
0500
0501
0502 if (!bacmp(&iso_pi(sk)->src, src))
0503 break;
0504
0505
0506 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY))
0507 sk1 = sk;
0508 }
0509
0510 read_unlock(&iso_sk_list.lock);
0511
0512 return sk ? sk : sk1;
0513 }
0514
0515 static void iso_sock_destruct(struct sock *sk)
0516 {
0517 BT_DBG("sk %p", sk);
0518
0519 skb_queue_purge(&sk->sk_receive_queue);
0520 skb_queue_purge(&sk->sk_write_queue);
0521 }
0522
0523 static void iso_sock_cleanup_listen(struct sock *parent)
0524 {
0525 struct sock *sk;
0526
0527 BT_DBG("parent %p", parent);
0528
0529
0530 while ((sk = bt_accept_dequeue(parent, NULL))) {
0531 iso_sock_close(sk);
0532 iso_sock_kill(sk);
0533 }
0534
0535 parent->sk_state = BT_CLOSED;
0536 sock_set_flag(parent, SOCK_ZAPPED);
0537 }
0538
0539
0540
0541
0542 static void iso_sock_kill(struct sock *sk)
0543 {
0544 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
0545 sock_flag(sk, SOCK_DEAD))
0546 return;
0547
0548 BT_DBG("sk %p state %d", sk, sk->sk_state);
0549
0550
0551 bt_sock_unlink(&iso_sk_list, sk);
0552 sock_set_flag(sk, SOCK_DEAD);
0553 sock_put(sk);
0554 }
0555
0556 static void iso_conn_defer_reject(struct hci_conn *conn)
0557 {
0558 struct hci_cp_le_reject_cis cp;
0559
0560 BT_DBG("conn %p", conn);
0561
0562 memset(&cp, 0, sizeof(cp));
0563 cp.handle = cpu_to_le16(conn->handle);
0564 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
0565 hci_send_cmd(conn->hdev, HCI_OP_LE_REJECT_CIS, sizeof(cp), &cp);
0566 }
0567
0568 static void __iso_sock_close(struct sock *sk)
0569 {
0570 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
0571
0572 switch (sk->sk_state) {
0573 case BT_LISTEN:
0574 iso_sock_cleanup_listen(sk);
0575 break;
0576
0577 case BT_CONNECTED:
0578 case BT_CONFIG:
0579 if (iso_pi(sk)->conn->hcon) {
0580 sk->sk_state = BT_DISCONN;
0581 iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT);
0582 iso_conn_lock(iso_pi(sk)->conn);
0583 hci_conn_drop(iso_pi(sk)->conn->hcon);
0584 iso_pi(sk)->conn->hcon = NULL;
0585 iso_conn_unlock(iso_pi(sk)->conn);
0586 } else {
0587 iso_chan_del(sk, ECONNRESET);
0588 }
0589 break;
0590
0591 case BT_CONNECT2:
0592 if (iso_pi(sk)->conn->hcon)
0593 iso_conn_defer_reject(iso_pi(sk)->conn->hcon);
0594 iso_chan_del(sk, ECONNRESET);
0595 break;
0596 case BT_CONNECT:
0597
0598
0599
0600
0601 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) &&
0602 iso_pi(sk)->conn->hcon) {
0603 hci_conn_del(iso_pi(sk)->conn->hcon);
0604 iso_pi(sk)->conn->hcon = NULL;
0605 }
0606
0607 iso_chan_del(sk, ECONNRESET);
0608 break;
0609 case BT_DISCONN:
0610 iso_chan_del(sk, ECONNRESET);
0611 break;
0612
0613 default:
0614 sock_set_flag(sk, SOCK_ZAPPED);
0615 break;
0616 }
0617 }
0618
0619
0620 static void iso_sock_close(struct sock *sk)
0621 {
0622 iso_sock_clear_timer(sk);
0623 lock_sock(sk);
0624 __iso_sock_close(sk);
0625 release_sock(sk);
0626 iso_sock_kill(sk);
0627 }
0628
0629 static void iso_sock_init(struct sock *sk, struct sock *parent)
0630 {
0631 BT_DBG("sk %p", sk);
0632
0633 if (parent) {
0634 sk->sk_type = parent->sk_type;
0635 bt_sk(sk)->flags = bt_sk(parent)->flags;
0636 security_sk_clone(parent, sk);
0637 }
0638 }
0639
0640 static struct proto iso_proto = {
0641 .name = "ISO",
0642 .owner = THIS_MODULE,
0643 .obj_size = sizeof(struct iso_pinfo)
0644 };
0645
0646 #define DEFAULT_IO_QOS \
0647 { \
0648 .interval = 10000u, \
0649 .latency = 10u, \
0650 .sdu = 40u, \
0651 .phy = BT_ISO_PHY_2M, \
0652 .rtn = 2u, \
0653 }
0654
0655 static struct bt_iso_qos default_qos = {
0656 .cig = BT_ISO_QOS_CIG_UNSET,
0657 .cis = BT_ISO_QOS_CIS_UNSET,
0658 .sca = 0x00,
0659 .packing = 0x00,
0660 .framing = 0x00,
0661 .in = DEFAULT_IO_QOS,
0662 .out = DEFAULT_IO_QOS,
0663 };
0664
0665 static struct sock *iso_sock_alloc(struct net *net, struct socket *sock,
0666 int proto, gfp_t prio, int kern)
0667 {
0668 struct sock *sk;
0669
0670 sk = sk_alloc(net, PF_BLUETOOTH, prio, &iso_proto, kern);
0671 if (!sk)
0672 return NULL;
0673
0674 sock_init_data(sock, sk);
0675 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
0676
0677 sk->sk_destruct = iso_sock_destruct;
0678 sk->sk_sndtimeo = ISO_CONN_TIMEOUT;
0679
0680 sock_reset_flag(sk, SOCK_ZAPPED);
0681
0682 sk->sk_protocol = proto;
0683 sk->sk_state = BT_OPEN;
0684
0685
0686 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
0687
0688 iso_pi(sk)->qos = default_qos;
0689
0690 bt_sock_link(&iso_sk_list, sk);
0691 return sk;
0692 }
0693
0694 static int iso_sock_create(struct net *net, struct socket *sock, int protocol,
0695 int kern)
0696 {
0697 struct sock *sk;
0698
0699 BT_DBG("sock %p", sock);
0700
0701 sock->state = SS_UNCONNECTED;
0702
0703 if (sock->type != SOCK_SEQPACKET)
0704 return -ESOCKTNOSUPPORT;
0705
0706 sock->ops = &iso_sock_ops;
0707
0708 sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
0709 if (!sk)
0710 return -ENOMEM;
0711
0712 iso_sock_init(sk, NULL);
0713 return 0;
0714 }
0715
0716 static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr,
0717 int addr_len)
0718 {
0719 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
0720 struct sock *sk = sock->sk;
0721 int i;
0722
0723 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid,
0724 sa->iso_bc->bc_num_bis);
0725
0726 if (addr_len > sizeof(*sa) + sizeof(*sa->iso_bc) ||
0727 sa->iso_bc->bc_num_bis < 0x01 || sa->iso_bc->bc_num_bis > 0x1f)
0728 return -EINVAL;
0729
0730 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr);
0731 iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type;
0732 iso_pi(sk)->sync_handle = -1;
0733 iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid;
0734 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis;
0735
0736 for (i = 0; i < iso_pi(sk)->bc_num_bis; i++) {
0737 if (sa->iso_bc->bc_bis[i] < 0x01 ||
0738 sa->iso_bc->bc_bis[i] > 0x1f)
0739 return -EINVAL;
0740
0741 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis,
0742 iso_pi(sk)->bc_num_bis);
0743 }
0744
0745 return 0;
0746 }
0747
0748 static int iso_sock_bind(struct socket *sock, struct sockaddr *addr,
0749 int addr_len)
0750 {
0751 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
0752 struct sock *sk = sock->sk;
0753 int err = 0;
0754
0755 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type);
0756
0757 if (!addr || addr_len < sizeof(struct sockaddr_iso) ||
0758 addr->sa_family != AF_BLUETOOTH)
0759 return -EINVAL;
0760
0761 lock_sock(sk);
0762
0763 if (sk->sk_state != BT_OPEN) {
0764 err = -EBADFD;
0765 goto done;
0766 }
0767
0768 if (sk->sk_type != SOCK_SEQPACKET) {
0769 err = -EINVAL;
0770 goto done;
0771 }
0772
0773
0774 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) {
0775 err = -EINVAL;
0776 goto done;
0777 }
0778
0779 bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr);
0780 iso_pi(sk)->src_type = sa->iso_bdaddr_type;
0781
0782
0783 if (addr_len > sizeof(*sa)) {
0784 err = iso_sock_bind_bc(sock, addr, addr_len);
0785 if (err)
0786 goto done;
0787 }
0788
0789 sk->sk_state = BT_BOUND;
0790
0791 done:
0792 release_sock(sk);
0793 return err;
0794 }
0795
0796 static int iso_sock_connect(struct socket *sock, struct sockaddr *addr,
0797 int alen, int flags)
0798 {
0799 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
0800 struct sock *sk = sock->sk;
0801 int err;
0802
0803 BT_DBG("sk %p", sk);
0804
0805 if (alen < sizeof(struct sockaddr_iso) ||
0806 addr->sa_family != AF_BLUETOOTH)
0807 return -EINVAL;
0808
0809 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
0810 return -EBADFD;
0811
0812 if (sk->sk_type != SOCK_SEQPACKET)
0813 return -EINVAL;
0814
0815
0816 if (!bdaddr_type_is_le(sa->iso_bdaddr_type))
0817 return -EINVAL;
0818
0819 lock_sock(sk);
0820
0821 bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr);
0822 iso_pi(sk)->dst_type = sa->iso_bdaddr_type;
0823
0824 if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
0825 err = iso_connect_cis(sk);
0826 else
0827 err = iso_connect_bis(sk);
0828
0829 if (err)
0830 goto done;
0831
0832 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
0833 err = bt_sock_wait_state(sk, BT_CONNECTED,
0834 sock_sndtimeo(sk, flags & O_NONBLOCK));
0835 }
0836
0837 done:
0838 release_sock(sk);
0839 return err;
0840 }
0841
0842 static int iso_listen_bis(struct sock *sk)
0843 {
0844 struct hci_dev *hdev;
0845 int err = 0;
0846
0847 BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src,
0848 &iso_pi(sk)->dst, iso_pi(sk)->bc_sid);
0849
0850 write_lock(&iso_sk_list.lock);
0851
0852 if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst,
0853 iso_pi(sk)->bc_sid))
0854 err = -EADDRINUSE;
0855
0856 write_unlock(&iso_sk_list.lock);
0857
0858 if (err)
0859 return err;
0860
0861 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
0862 iso_pi(sk)->src_type);
0863 if (!hdev)
0864 return -EHOSTUNREACH;
0865
0866 hci_dev_lock(hdev);
0867
0868 err = hci_pa_create_sync(hdev, &iso_pi(sk)->dst, iso_pi(sk)->dst_type,
0869 iso_pi(sk)->bc_sid);
0870
0871 hci_dev_unlock(hdev);
0872
0873 return err;
0874 }
0875
0876 static int iso_listen_cis(struct sock *sk)
0877 {
0878 int err = 0;
0879
0880 BT_DBG("%pMR", &iso_pi(sk)->src);
0881
0882 write_lock(&iso_sk_list.lock);
0883
0884 if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src))
0885 err = -EADDRINUSE;
0886
0887 write_unlock(&iso_sk_list.lock);
0888
0889 return err;
0890 }
0891
0892 static int iso_sock_listen(struct socket *sock, int backlog)
0893 {
0894 struct sock *sk = sock->sk;
0895 int err = 0;
0896
0897 BT_DBG("sk %p backlog %d", sk, backlog);
0898
0899 lock_sock(sk);
0900
0901 if (sk->sk_state != BT_BOUND) {
0902 err = -EBADFD;
0903 goto done;
0904 }
0905
0906 if (sk->sk_type != SOCK_SEQPACKET) {
0907 err = -EINVAL;
0908 goto done;
0909 }
0910
0911 if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
0912 err = iso_listen_cis(sk);
0913 else
0914 err = iso_listen_bis(sk);
0915
0916 if (err)
0917 goto done;
0918
0919 sk->sk_max_ack_backlog = backlog;
0920 sk->sk_ack_backlog = 0;
0921
0922 sk->sk_state = BT_LISTEN;
0923
0924 done:
0925 release_sock(sk);
0926 return err;
0927 }
0928
0929 static int iso_sock_accept(struct socket *sock, struct socket *newsock,
0930 int flags, bool kern)
0931 {
0932 DEFINE_WAIT_FUNC(wait, woken_wake_function);
0933 struct sock *sk = sock->sk, *ch;
0934 long timeo;
0935 int err = 0;
0936
0937 lock_sock(sk);
0938
0939 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
0940
0941 BT_DBG("sk %p timeo %ld", sk, timeo);
0942
0943
0944 add_wait_queue_exclusive(sk_sleep(sk), &wait);
0945 while (1) {
0946 if (sk->sk_state != BT_LISTEN) {
0947 err = -EBADFD;
0948 break;
0949 }
0950
0951 ch = bt_accept_dequeue(sk, newsock);
0952 if (ch)
0953 break;
0954
0955 if (!timeo) {
0956 err = -EAGAIN;
0957 break;
0958 }
0959
0960 if (signal_pending(current)) {
0961 err = sock_intr_errno(timeo);
0962 break;
0963 }
0964
0965 release_sock(sk);
0966
0967 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
0968 lock_sock(sk);
0969 }
0970 remove_wait_queue(sk_sleep(sk), &wait);
0971
0972 if (err)
0973 goto done;
0974
0975 newsock->state = SS_CONNECTED;
0976
0977 BT_DBG("new socket %p", ch);
0978
0979 done:
0980 release_sock(sk);
0981 return err;
0982 }
0983
0984 static int iso_sock_getname(struct socket *sock, struct sockaddr *addr,
0985 int peer)
0986 {
0987 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
0988 struct sock *sk = sock->sk;
0989
0990 BT_DBG("sock %p, sk %p", sock, sk);
0991
0992 addr->sa_family = AF_BLUETOOTH;
0993
0994 if (peer) {
0995 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst);
0996 sa->iso_bdaddr_type = iso_pi(sk)->dst_type;
0997 } else {
0998 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src);
0999 sa->iso_bdaddr_type = iso_pi(sk)->src_type;
1000 }
1001
1002 return sizeof(struct sockaddr_iso);
1003 }
1004
1005 static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1006 size_t len)
1007 {
1008 struct sock *sk = sock->sk;
1009 struct iso_conn *conn = iso_pi(sk)->conn;
1010 struct sk_buff *skb, **frag;
1011 int err;
1012
1013 BT_DBG("sock %p, sk %p", sock, sk);
1014
1015 err = sock_error(sk);
1016 if (err)
1017 return err;
1018
1019 if (msg->msg_flags & MSG_OOB)
1020 return -EOPNOTSUPP;
1021
1022 if (sk->sk_state != BT_CONNECTED)
1023 return -ENOTCONN;
1024
1025 skb = bt_skb_sendmsg(sk, msg, len, conn->hcon->hdev->iso_mtu,
1026 HCI_ISO_DATA_HDR_SIZE, 0);
1027 if (IS_ERR(skb))
1028 return PTR_ERR(skb);
1029
1030 len -= skb->len;
1031
1032 BT_DBG("skb %p len %d", sk, skb->len);
1033
1034
1035 frag = &skb_shinfo(skb)->frag_list;
1036 while (len) {
1037 struct sk_buff *tmp;
1038
1039 tmp = bt_skb_sendmsg(sk, msg, len, conn->hcon->hdev->iso_mtu,
1040 0, 0);
1041 if (IS_ERR(tmp)) {
1042 kfree_skb(skb);
1043 return PTR_ERR(tmp);
1044 }
1045
1046 *frag = tmp;
1047
1048 len -= tmp->len;
1049
1050 skb->len += tmp->len;
1051 skb->data_len += tmp->len;
1052
1053 BT_DBG("frag %p len %d", *frag, tmp->len);
1054
1055 frag = &(*frag)->next;
1056 }
1057
1058 lock_sock(sk);
1059
1060 if (sk->sk_state == BT_CONNECTED)
1061 err = iso_send_frame(sk, skb);
1062 else
1063 err = -ENOTCONN;
1064
1065 release_sock(sk);
1066
1067 if (err < 0)
1068 kfree_skb(skb);
1069 return err;
1070 }
1071
1072 static void iso_conn_defer_accept(struct hci_conn *conn)
1073 {
1074 struct hci_cp_le_accept_cis cp;
1075 struct hci_dev *hdev = conn->hdev;
1076
1077 BT_DBG("conn %p", conn);
1078
1079 conn->state = BT_CONFIG;
1080
1081 cp.handle = cpu_to_le16(conn->handle);
1082
1083 hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp);
1084 }
1085
1086 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1087 size_t len, int flags)
1088 {
1089 struct sock *sk = sock->sk;
1090 struct iso_pinfo *pi = iso_pi(sk);
1091 int err;
1092
1093 BT_DBG("sk %p", sk);
1094
1095 lock_sock(sk);
1096
1097 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1098 switch (sk->sk_state) {
1099 case BT_CONNECT2:
1100 iso_conn_defer_accept(pi->conn->hcon);
1101 sk->sk_state = BT_CONFIG;
1102 release_sock(sk);
1103 return 0;
1104 case BT_CONNECT:
1105 err = iso_connect_cis(sk);
1106 release_sock(sk);
1107 return err;
1108 }
1109 }
1110
1111 release_sock(sk);
1112
1113 return bt_sock_recvmsg(sock, msg, len, flags);
1114 }
1115
1116 static bool check_io_qos(struct bt_iso_io_qos *qos)
1117 {
1118
1119 if (!qos->phy && qos->sdu)
1120 return false;
1121
1122 if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff))
1123 return false;
1124
1125 if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0))
1126 return false;
1127
1128 if (qos->phy > BT_ISO_PHY_ANY)
1129 return false;
1130
1131 return true;
1132 }
1133
1134 static bool check_qos(struct bt_iso_qos *qos)
1135 {
1136 if (qos->sca > 0x07)
1137 return false;
1138
1139 if (qos->packing > 0x01)
1140 return false;
1141
1142 if (qos->framing > 0x01)
1143 return false;
1144
1145 if (!check_io_qos(&qos->in))
1146 return false;
1147
1148 if (!check_io_qos(&qos->out))
1149 return false;
1150
1151 return true;
1152 }
1153
1154 static int iso_sock_setsockopt(struct socket *sock, int level, int optname,
1155 sockptr_t optval, unsigned int optlen)
1156 {
1157 struct sock *sk = sock->sk;
1158 int len, err = 0;
1159 struct bt_iso_qos qos;
1160 u32 opt;
1161
1162 BT_DBG("sk %p", sk);
1163
1164 lock_sock(sk);
1165
1166 switch (optname) {
1167 case BT_DEFER_SETUP:
1168 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1169 err = -EINVAL;
1170 break;
1171 }
1172
1173 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
1174 err = -EFAULT;
1175 break;
1176 }
1177
1178 if (opt)
1179 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1180 else
1181 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1182 break;
1183
1184 case BT_ISO_QOS:
1185 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1186 sk->sk_state != BT_CONNECT2) {
1187 err = -EINVAL;
1188 break;
1189 }
1190
1191 len = min_t(unsigned int, sizeof(qos), optlen);
1192 if (len != sizeof(qos)) {
1193 err = -EINVAL;
1194 break;
1195 }
1196
1197 memset(&qos, 0, sizeof(qos));
1198
1199 if (copy_from_sockptr(&qos, optval, len)) {
1200 err = -EFAULT;
1201 break;
1202 }
1203
1204 if (!check_qos(&qos)) {
1205 err = -EINVAL;
1206 break;
1207 }
1208
1209 iso_pi(sk)->qos = qos;
1210
1211 break;
1212
1213 case BT_ISO_BASE:
1214 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1215 sk->sk_state != BT_CONNECT2) {
1216 err = -EINVAL;
1217 break;
1218 }
1219
1220 if (optlen > sizeof(iso_pi(sk)->base)) {
1221 err = -EOVERFLOW;
1222 break;
1223 }
1224
1225 len = min_t(unsigned int, sizeof(iso_pi(sk)->base), optlen);
1226
1227 if (copy_from_sockptr(iso_pi(sk)->base, optval, len)) {
1228 err = -EFAULT;
1229 break;
1230 }
1231
1232 iso_pi(sk)->base_len = len;
1233
1234 break;
1235
1236 default:
1237 err = -ENOPROTOOPT;
1238 break;
1239 }
1240
1241 release_sock(sk);
1242 return err;
1243 }
1244
1245 static int iso_sock_getsockopt(struct socket *sock, int level, int optname,
1246 char __user *optval, int __user *optlen)
1247 {
1248 struct sock *sk = sock->sk;
1249 int len, err = 0;
1250 struct bt_iso_qos *qos;
1251 u8 base_len;
1252 u8 *base;
1253
1254 BT_DBG("sk %p", sk);
1255
1256 if (get_user(len, optlen))
1257 return -EFAULT;
1258
1259 lock_sock(sk);
1260
1261 switch (optname) {
1262 case BT_DEFER_SETUP:
1263 if (sk->sk_state == BT_CONNECTED) {
1264 err = -EINVAL;
1265 break;
1266 }
1267
1268 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1269 (u32 __user *)optval))
1270 err = -EFAULT;
1271
1272 break;
1273
1274 case BT_ISO_QOS:
1275 qos = iso_sock_get_qos(sk);
1276
1277 len = min_t(unsigned int, len, sizeof(*qos));
1278 if (copy_to_user(optval, qos, len))
1279 err = -EFAULT;
1280
1281 break;
1282
1283 case BT_ISO_BASE:
1284 if (sk->sk_state == BT_CONNECTED) {
1285 base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len;
1286 base = iso_pi(sk)->conn->hcon->le_per_adv_data;
1287 } else {
1288 base_len = iso_pi(sk)->base_len;
1289 base = iso_pi(sk)->base;
1290 }
1291
1292 len = min_t(unsigned int, len, base_len);
1293 if (copy_to_user(optval, base, len))
1294 err = -EFAULT;
1295
1296 break;
1297
1298 default:
1299 err = -ENOPROTOOPT;
1300 break;
1301 }
1302
1303 release_sock(sk);
1304 return err;
1305 }
1306
1307 static int iso_sock_shutdown(struct socket *sock, int how)
1308 {
1309 struct sock *sk = sock->sk;
1310 int err = 0;
1311
1312 BT_DBG("sock %p, sk %p, how %d", sock, sk, how);
1313
1314 if (!sk)
1315 return 0;
1316
1317 sock_hold(sk);
1318 lock_sock(sk);
1319
1320 switch (how) {
1321 case SHUT_RD:
1322 if (sk->sk_shutdown & RCV_SHUTDOWN)
1323 goto unlock;
1324 sk->sk_shutdown |= RCV_SHUTDOWN;
1325 break;
1326 case SHUT_WR:
1327 if (sk->sk_shutdown & SEND_SHUTDOWN)
1328 goto unlock;
1329 sk->sk_shutdown |= SEND_SHUTDOWN;
1330 break;
1331 case SHUT_RDWR:
1332 if (sk->sk_shutdown & SHUTDOWN_MASK)
1333 goto unlock;
1334 sk->sk_shutdown |= SHUTDOWN_MASK;
1335 break;
1336 }
1337
1338 iso_sock_clear_timer(sk);
1339 __iso_sock_close(sk);
1340
1341 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1342 !(current->flags & PF_EXITING))
1343 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1344
1345 unlock:
1346 release_sock(sk);
1347 sock_put(sk);
1348
1349 return err;
1350 }
1351
1352 static int iso_sock_release(struct socket *sock)
1353 {
1354 struct sock *sk = sock->sk;
1355 int err = 0;
1356
1357 BT_DBG("sock %p, sk %p", sock, sk);
1358
1359 if (!sk)
1360 return 0;
1361
1362 iso_sock_close(sk);
1363
1364 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1365 !(current->flags & PF_EXITING)) {
1366 lock_sock(sk);
1367 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1368 release_sock(sk);
1369 }
1370
1371 sock_orphan(sk);
1372 iso_sock_kill(sk);
1373 return err;
1374 }
1375
1376 static void iso_sock_ready(struct sock *sk)
1377 {
1378 BT_DBG("sk %p", sk);
1379
1380 if (!sk)
1381 return;
1382
1383 lock_sock(sk);
1384 iso_sock_clear_timer(sk);
1385 sk->sk_state = BT_CONNECTED;
1386 sk->sk_state_change(sk);
1387 release_sock(sk);
1388 }
1389
1390 struct iso_list_data {
1391 struct hci_conn *hcon;
1392 int count;
1393 };
1394
1395 static bool iso_match_big(struct sock *sk, void *data)
1396 {
1397 struct hci_evt_le_big_sync_estabilished *ev = data;
1398
1399 return ev->handle == iso_pi(sk)->qos.big;
1400 }
1401
1402 static void iso_conn_ready(struct iso_conn *conn)
1403 {
1404 struct sock *parent;
1405 struct sock *sk = conn->sk;
1406 struct hci_ev_le_big_sync_estabilished *ev;
1407
1408 BT_DBG("conn %p", conn);
1409
1410 if (sk) {
1411 iso_sock_ready(conn->sk);
1412 } else {
1413 iso_conn_lock(conn);
1414
1415 if (!conn->hcon) {
1416 iso_conn_unlock(conn);
1417 return;
1418 }
1419
1420 ev = hci_recv_event_data(conn->hcon->hdev,
1421 HCI_EVT_LE_BIG_SYNC_ESTABILISHED);
1422 if (ev)
1423 parent = iso_get_sock_listen(&conn->hcon->src,
1424 &conn->hcon->dst,
1425 iso_match_big, ev);
1426 else
1427 parent = iso_get_sock_listen(&conn->hcon->src,
1428 BDADDR_ANY, NULL, NULL);
1429
1430 if (!parent) {
1431 iso_conn_unlock(conn);
1432 return;
1433 }
1434
1435 lock_sock(parent);
1436
1437 sk = iso_sock_alloc(sock_net(parent), NULL,
1438 BTPROTO_ISO, GFP_ATOMIC, 0);
1439 if (!sk) {
1440 release_sock(parent);
1441 iso_conn_unlock(conn);
1442 return;
1443 }
1444
1445 iso_sock_init(sk, parent);
1446
1447 bacpy(&iso_pi(sk)->src, &conn->hcon->src);
1448 iso_pi(sk)->src_type = conn->hcon->src_type;
1449
1450
1451
1452
1453
1454 if (!bacmp(&conn->hcon->dst, BDADDR_ANY)) {
1455 bacpy(&conn->hcon->dst, &iso_pi(parent)->dst);
1456 conn->hcon->dst_type = iso_pi(parent)->dst_type;
1457 conn->hcon->sync_handle = iso_pi(parent)->sync_handle;
1458 }
1459
1460 bacpy(&iso_pi(sk)->dst, &conn->hcon->dst);
1461 iso_pi(sk)->dst_type = conn->hcon->dst_type;
1462
1463 hci_conn_hold(conn->hcon);
1464 __iso_chan_add(conn, sk, parent);
1465
1466 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1467 sk->sk_state = BT_CONNECT2;
1468 else
1469 sk->sk_state = BT_CONNECTED;
1470
1471
1472 parent->sk_data_ready(parent);
1473
1474 release_sock(parent);
1475
1476 iso_conn_unlock(conn);
1477 }
1478 }
1479
1480 static bool iso_match_sid(struct sock *sk, void *data)
1481 {
1482 struct hci_ev_le_pa_sync_established *ev = data;
1483
1484 return ev->sid == iso_pi(sk)->bc_sid;
1485 }
1486
1487 static bool iso_match_sync_handle(struct sock *sk, void *data)
1488 {
1489 struct hci_evt_le_big_info_adv_report *ev = data;
1490
1491 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
1492 }
1493
1494
1495
1496 int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1497 {
1498 struct hci_ev_le_pa_sync_established *ev1;
1499 struct hci_evt_le_big_info_adv_report *ev2;
1500 struct sock *sk;
1501 int lm = 0;
1502
1503 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516 ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED);
1517 if (ev1) {
1518 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, iso_match_sid,
1519 ev1);
1520 if (sk)
1521 iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle);
1522
1523 goto done;
1524 }
1525
1526 ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT);
1527 if (ev2) {
1528 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr,
1529 iso_match_sync_handle, ev2);
1530 if (sk) {
1531 int err;
1532
1533 if (ev2->num_bis < iso_pi(sk)->bc_num_bis)
1534 iso_pi(sk)->bc_num_bis = ev2->num_bis;
1535
1536 err = hci_le_big_create_sync(hdev,
1537 &iso_pi(sk)->qos,
1538 iso_pi(sk)->sync_handle,
1539 iso_pi(sk)->bc_num_bis,
1540 iso_pi(sk)->bc_bis);
1541 if (err) {
1542 bt_dev_err(hdev, "hci_le_big_create_sync: %d",
1543 err);
1544 sk = NULL;
1545 }
1546 }
1547 } else {
1548 sk = iso_get_sock_listen(&hdev->bdaddr, BDADDR_ANY, NULL, NULL);
1549 }
1550
1551 done:
1552 if (!sk)
1553 return lm;
1554
1555 lm |= HCI_LM_ACCEPT;
1556
1557 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1558 *flags |= HCI_PROTO_DEFER;
1559
1560 return lm;
1561 }
1562
1563 static void iso_connect_cfm(struct hci_conn *hcon, __u8 status)
1564 {
1565 if (hcon->type != ISO_LINK) {
1566 if (hcon->type != LE_LINK)
1567 return;
1568
1569
1570 if (status) {
1571 if (hcon->link)
1572 iso_conn_del(hcon->link, bt_to_errno(status));
1573 return;
1574 }
1575
1576
1577 hci_le_create_cis(hcon);
1578 return;
1579 }
1580
1581 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1582
1583 if (!status) {
1584 struct iso_conn *conn;
1585
1586 conn = iso_conn_add(hcon);
1587 if (conn)
1588 iso_conn_ready(conn);
1589 } else {
1590 iso_conn_del(hcon, bt_to_errno(status));
1591 }
1592 }
1593
1594 static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1595 {
1596 if (hcon->type != ISO_LINK)
1597 return;
1598
1599 BT_DBG("hcon %p reason %d", hcon, reason);
1600
1601 iso_conn_del(hcon, bt_to_errno(reason));
1602 }
1603
1604 void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
1605 {
1606 struct iso_conn *conn = hcon->iso_data;
1607 struct hci_iso_data_hdr *hdr;
1608 __u16 pb, ts, len;
1609
1610 if (!conn)
1611 goto drop;
1612
1613 pb = hci_iso_flags_pb(flags);
1614 ts = hci_iso_flags_ts(flags);
1615
1616 BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts);
1617
1618 switch (pb) {
1619 case ISO_START:
1620 case ISO_SINGLE:
1621 if (conn->rx_len) {
1622 BT_ERR("Unexpected start frame (len %d)", skb->len);
1623 kfree_skb(conn->rx_skb);
1624 conn->rx_skb = NULL;
1625 conn->rx_len = 0;
1626 }
1627
1628 if (ts) {
1629
1630 hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE);
1631 if (!hdr) {
1632 BT_ERR("Frame is too short (len %d)", skb->len);
1633 goto drop;
1634 }
1635
1636 } else {
1637 hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE);
1638 if (!hdr) {
1639 BT_ERR("Frame is too short (len %d)", skb->len);
1640 goto drop;
1641 }
1642 }
1643
1644 len = __le16_to_cpu(hdr->slen);
1645 flags = hci_iso_data_flags(len);
1646 len = hci_iso_data_len(len);
1647
1648 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len,
1649 skb->len, flags);
1650
1651 if (len == skb->len) {
1652
1653 iso_recv_frame(conn, skb);
1654 return;
1655 }
1656
1657 if (pb == ISO_SINGLE) {
1658 BT_ERR("Frame malformed (len %d, expected len %d)",
1659 skb->len, len);
1660 goto drop;
1661 }
1662
1663 if (skb->len > len) {
1664 BT_ERR("Frame is too long (len %d, expected len %d)",
1665 skb->len, len);
1666 goto drop;
1667 }
1668
1669
1670 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL);
1671 if (!conn->rx_skb)
1672 goto drop;
1673
1674 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
1675 skb->len);
1676 conn->rx_len = len - skb->len;
1677 break;
1678
1679 case ISO_CONT:
1680 BT_DBG("Cont: frag len %d (expecting %d)", skb->len,
1681 conn->rx_len);
1682
1683 if (!conn->rx_len) {
1684 BT_ERR("Unexpected continuation frame (len %d)",
1685 skb->len);
1686 goto drop;
1687 }
1688
1689 if (skb->len > conn->rx_len) {
1690 BT_ERR("Fragment is too long (len %d, expected %d)",
1691 skb->len, conn->rx_len);
1692 kfree_skb(conn->rx_skb);
1693 conn->rx_skb = NULL;
1694 conn->rx_len = 0;
1695 goto drop;
1696 }
1697
1698 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
1699 skb->len);
1700 conn->rx_len -= skb->len;
1701 return;
1702
1703 case ISO_END:
1704 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
1705 skb->len);
1706 conn->rx_len -= skb->len;
1707
1708 if (!conn->rx_len) {
1709 struct sk_buff *rx_skb = conn->rx_skb;
1710
1711
1712
1713
1714
1715 conn->rx_skb = NULL;
1716 iso_recv_frame(conn, rx_skb);
1717 }
1718 break;
1719 }
1720
1721 drop:
1722 kfree_skb(skb);
1723 }
1724
1725 static struct hci_cb iso_cb = {
1726 .name = "ISO",
1727 .connect_cfm = iso_connect_cfm,
1728 .disconn_cfm = iso_disconn_cfm,
1729 };
1730
1731 static int iso_debugfs_show(struct seq_file *f, void *p)
1732 {
1733 struct sock *sk;
1734
1735 read_lock(&iso_sk_list.lock);
1736
1737 sk_for_each(sk, &iso_sk_list.head) {
1738 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src,
1739 &iso_pi(sk)->dst, sk->sk_state);
1740 }
1741
1742 read_unlock(&iso_sk_list.lock);
1743
1744 return 0;
1745 }
1746
1747 DEFINE_SHOW_ATTRIBUTE(iso_debugfs);
1748
1749 static struct dentry *iso_debugfs;
1750
1751 static const struct proto_ops iso_sock_ops = {
1752 .family = PF_BLUETOOTH,
1753 .owner = THIS_MODULE,
1754 .release = iso_sock_release,
1755 .bind = iso_sock_bind,
1756 .connect = iso_sock_connect,
1757 .listen = iso_sock_listen,
1758 .accept = iso_sock_accept,
1759 .getname = iso_sock_getname,
1760 .sendmsg = iso_sock_sendmsg,
1761 .recvmsg = iso_sock_recvmsg,
1762 .poll = bt_sock_poll,
1763 .ioctl = bt_sock_ioctl,
1764 .mmap = sock_no_mmap,
1765 .socketpair = sock_no_socketpair,
1766 .shutdown = iso_sock_shutdown,
1767 .setsockopt = iso_sock_setsockopt,
1768 .getsockopt = iso_sock_getsockopt
1769 };
1770
1771 static const struct net_proto_family iso_sock_family_ops = {
1772 .family = PF_BLUETOOTH,
1773 .owner = THIS_MODULE,
1774 .create = iso_sock_create,
1775 };
1776
1777 static bool iso_inited;
1778
1779 bool iso_enabled(void)
1780 {
1781 return iso_inited;
1782 }
1783
1784 int iso_init(void)
1785 {
1786 int err;
1787
1788 BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr));
1789
1790 if (iso_inited)
1791 return -EALREADY;
1792
1793 err = proto_register(&iso_proto, 0);
1794 if (err < 0)
1795 return err;
1796
1797 err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops);
1798 if (err < 0) {
1799 BT_ERR("ISO socket registration failed");
1800 goto error;
1801 }
1802
1803 err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL);
1804 if (err < 0) {
1805 BT_ERR("Failed to create ISO proc file");
1806 bt_sock_unregister(BTPROTO_ISO);
1807 goto error;
1808 }
1809
1810 BT_INFO("ISO socket layer initialized");
1811
1812 hci_register_cb(&iso_cb);
1813
1814 if (IS_ERR_OR_NULL(bt_debugfs))
1815 return 0;
1816
1817 if (!iso_debugfs) {
1818 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs,
1819 NULL, &iso_debugfs_fops);
1820 }
1821
1822 iso_inited = true;
1823
1824 return 0;
1825
1826 error:
1827 proto_unregister(&iso_proto);
1828 return err;
1829 }
1830
1831 int iso_exit(void)
1832 {
1833 if (!iso_inited)
1834 return -EALREADY;
1835
1836 bt_procfs_cleanup(&init_net, "iso");
1837
1838 debugfs_remove(iso_debugfs);
1839 iso_debugfs = NULL;
1840
1841 hci_unregister_cb(&iso_cb);
1842
1843 bt_sock_unregister(BTPROTO_ISO);
1844
1845 proto_unregister(&iso_proto);
1846
1847 iso_inited = false;
1848
1849 return 0;
1850 }
