0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012
0013
0014
0015
0016
0017
0018
0019
0020
0021
0022
0023
0024
0025
0026
0027 #include <linux/module.h>
0028 #include <linux/debugfs.h>
0029 #include <linux/seq_file.h>
0030 #include <linux/sched/signal.h>
0031
0032 #include <net/bluetooth/bluetooth.h>
0033 #include <net/bluetooth/hci_core.h>
0034 #include <net/bluetooth/sco.h>
0035
0036 static bool disable_esco;
0037
0038 static const struct proto_ops sco_sock_ops;
0039
0040 static struct bt_sock_list sco_sk_list = {
0041 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
0042 };
0043
0044
0045 struct sco_conn {
0046 struct hci_conn *hcon;
0047
0048 spinlock_t lock;
0049 struct sock *sk;
0050
0051 struct delayed_work timeout_work;
0052
0053 unsigned int mtu;
0054 };
0055
0056 #define sco_conn_lock(c) spin_lock(&c->lock)
0057 #define sco_conn_unlock(c) spin_unlock(&c->lock)
0058
0059 static void sco_sock_close(struct sock *sk);
0060 static void sco_sock_kill(struct sock *sk);
0061
0062
0063 #define sco_pi(sk) ((struct sco_pinfo *) sk)
0064
0065 struct sco_pinfo {
0066 struct bt_sock bt;
0067 bdaddr_t src;
0068 bdaddr_t dst;
0069 __u32 flags;
0070 __u16 setting;
0071 __u8 cmsg_mask;
0072 struct bt_codec codec;
0073 struct sco_conn *conn;
0074 };
0075
0076
0077 #define SCO_CONN_TIMEOUT (HZ * 40)
0078 #define SCO_DISCONN_TIMEOUT (HZ * 2)
0079
0080 static void sco_sock_timeout(struct work_struct *work)
0081 {
0082 struct sco_conn *conn = container_of(work, struct sco_conn,
0083 timeout_work.work);
0084 struct sock *sk;
0085
0086 sco_conn_lock(conn);
0087 sk = conn->sk;
0088 if (sk)
0089 sock_hold(sk);
0090 sco_conn_unlock(conn);
0091
0092 if (!sk)
0093 return;
0094
0095 BT_DBG("sock %p state %d", sk, sk->sk_state);
0096
0097 lock_sock(sk);
0098 sk->sk_err = ETIMEDOUT;
0099 sk->sk_state_change(sk);
0100 release_sock(sk);
0101 sock_put(sk);
0102 }
0103
0104 static void sco_sock_set_timer(struct sock *sk, long timeout)
0105 {
0106 if (!sco_pi(sk)->conn)
0107 return;
0108
0109 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
0110 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
0111 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
0112 }
0113
0114 static void sco_sock_clear_timer(struct sock *sk)
0115 {
0116 if (!sco_pi(sk)->conn)
0117 return;
0118
0119 BT_DBG("sock %p state %d", sk, sk->sk_state);
0120 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
0121 }
0122
0123
0124 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
0125 {
0126 struct hci_dev *hdev = hcon->hdev;
0127 struct sco_conn *conn = hcon->sco_data;
0128
0129 if (conn)
0130 return conn;
0131
0132 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
0133 if (!conn)
0134 return NULL;
0135
0136 spin_lock_init(&conn->lock);
0137 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
0138
0139 hcon->sco_data = conn;
0140 conn->hcon = hcon;
0141
0142 if (hdev->sco_mtu > 0)
0143 conn->mtu = hdev->sco_mtu;
0144 else
0145 conn->mtu = 60;
0146
0147 BT_DBG("hcon %p conn %p", hcon, conn);
0148
0149 return conn;
0150 }
0151
0152
0153
0154 static void sco_chan_del(struct sock *sk, int err)
0155 {
0156 struct sco_conn *conn;
0157
0158 conn = sco_pi(sk)->conn;
0159
0160 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
0161
0162 if (conn) {
0163 sco_conn_lock(conn);
0164 conn->sk = NULL;
0165 sco_pi(sk)->conn = NULL;
0166 sco_conn_unlock(conn);
0167
0168 if (conn->hcon)
0169 hci_conn_drop(conn->hcon);
0170 }
0171
0172 sk->sk_state = BT_CLOSED;
0173 sk->sk_err = err;
0174 sk->sk_state_change(sk);
0175
0176 sock_set_flag(sk, SOCK_ZAPPED);
0177 }
0178
0179 static void sco_conn_del(struct hci_conn *hcon, int err)
0180 {
0181 struct sco_conn *conn = hcon->sco_data;
0182 struct sock *sk;
0183
0184 if (!conn)
0185 return;
0186
0187 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
0188
0189
0190 sco_conn_lock(conn);
0191 sk = conn->sk;
0192 if (sk)
0193 sock_hold(sk);
0194 sco_conn_unlock(conn);
0195
0196 if (sk) {
0197 lock_sock(sk);
0198 sco_sock_clear_timer(sk);
0199 sco_chan_del(sk, err);
0200 release_sock(sk);
0201 sock_put(sk);
0202 }
0203
0204
0205 cancel_delayed_work_sync(&conn->timeout_work);
0206
0207 hcon->sco_data = NULL;
0208 kfree(conn);
0209 }
0210
0211 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
0212 struct sock *parent)
0213 {
0214 BT_DBG("conn %p", conn);
0215
0216 sco_pi(sk)->conn = conn;
0217 conn->sk = sk;
0218
0219 if (parent)
0220 bt_accept_enqueue(parent, sk, true);
0221 }
0222
0223 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
0224 struct sock *parent)
0225 {
0226 int err = 0;
0227
0228 sco_conn_lock(conn);
0229 if (conn->sk)
0230 err = -EBUSY;
0231 else
0232 __sco_chan_add(conn, sk, parent);
0233
0234 sco_conn_unlock(conn);
0235 return err;
0236 }
0237
0238 static int sco_connect(struct hci_dev *hdev, struct sock *sk)
0239 {
0240 struct sco_conn *conn;
0241 struct hci_conn *hcon;
0242 int err, type;
0243
0244 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
0245
0246 if (lmp_esco_capable(hdev) && !disable_esco)
0247 type = ESCO_LINK;
0248 else
0249 type = SCO_LINK;
0250
0251 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
0252 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)))
0253 return -EOPNOTSUPP;
0254
0255 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
0256 sco_pi(sk)->setting, &sco_pi(sk)->codec);
0257 if (IS_ERR(hcon))
0258 return PTR_ERR(hcon);
0259
0260 conn = sco_conn_add(hcon);
0261 if (!conn) {
0262 hci_conn_drop(hcon);
0263 return -ENOMEM;
0264 }
0265
0266
0267 bacpy(&sco_pi(sk)->src, &hcon->src);
0268
0269 err = sco_chan_add(conn, sk, NULL);
0270 if (err)
0271 return err;
0272
0273 if (hcon->state == BT_CONNECTED) {
0274 sco_sock_clear_timer(sk);
0275 sk->sk_state = BT_CONNECTED;
0276 } else {
0277 sk->sk_state = BT_CONNECT;
0278 sco_sock_set_timer(sk, sk->sk_sndtimeo);
0279 }
0280
0281 return err;
0282 }
0283
0284 static int sco_send_frame(struct sock *sk, struct sk_buff *skb)
0285 {
0286 struct sco_conn *conn = sco_pi(sk)->conn;
0287 int len = skb->len;
0288
0289
0290 if (len > conn->mtu)
0291 return -EINVAL;
0292
0293 BT_DBG("sk %p len %d", sk, len);
0294
0295 hci_send_sco(conn->hcon, skb);
0296
0297 return len;
0298 }
0299
0300 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
0301 {
0302 struct sock *sk;
0303
0304 sco_conn_lock(conn);
0305 sk = conn->sk;
0306 sco_conn_unlock(conn);
0307
0308 if (!sk)
0309 goto drop;
0310
0311 BT_DBG("sk %p len %u", sk, skb->len);
0312
0313 if (sk->sk_state != BT_CONNECTED)
0314 goto drop;
0315
0316 if (!sock_queue_rcv_skb(sk, skb))
0317 return;
0318
0319 drop:
0320 kfree_skb(skb);
0321 }
0322
0323
0324 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
0325 {
0326 struct sock *sk;
0327
0328 sk_for_each(sk, &sco_sk_list.head) {
0329 if (sk->sk_state != BT_LISTEN)
0330 continue;
0331
0332 if (!bacmp(&sco_pi(sk)->src, ba))
0333 return sk;
0334 }
0335
0336 return NULL;
0337 }
0338
0339
0340
0341
0342 static struct sock *sco_get_sock_listen(bdaddr_t *src)
0343 {
0344 struct sock *sk = NULL, *sk1 = NULL;
0345
0346 read_lock(&sco_sk_list.lock);
0347
0348 sk_for_each(sk, &sco_sk_list.head) {
0349 if (sk->sk_state != BT_LISTEN)
0350 continue;
0351
0352
0353 if (!bacmp(&sco_pi(sk)->src, src))
0354 break;
0355
0356
0357 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
0358 sk1 = sk;
0359 }
0360
0361 read_unlock(&sco_sk_list.lock);
0362
0363 return sk ? sk : sk1;
0364 }
0365
0366 static void sco_sock_destruct(struct sock *sk)
0367 {
0368 BT_DBG("sk %p", sk);
0369
0370 skb_queue_purge(&sk->sk_receive_queue);
0371 skb_queue_purge(&sk->sk_write_queue);
0372 }
0373
0374 static void sco_sock_cleanup_listen(struct sock *parent)
0375 {
0376 struct sock *sk;
0377
0378 BT_DBG("parent %p", parent);
0379
0380
0381 while ((sk = bt_accept_dequeue(parent, NULL))) {
0382 sco_sock_close(sk);
0383 sco_sock_kill(sk);
0384 }
0385
0386 parent->sk_state = BT_CLOSED;
0387 sock_set_flag(parent, SOCK_ZAPPED);
0388 }
0389
0390
0391
0392
0393 static void sco_sock_kill(struct sock *sk)
0394 {
0395 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
0396 return;
0397
0398 BT_DBG("sk %p state %d", sk, sk->sk_state);
0399
0400
0401 bt_sock_unlink(&sco_sk_list, sk);
0402 sock_set_flag(sk, SOCK_DEAD);
0403 sock_put(sk);
0404 }
0405
0406 static void __sco_sock_close(struct sock *sk)
0407 {
0408 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
0409
0410 switch (sk->sk_state) {
0411 case BT_LISTEN:
0412 sco_sock_cleanup_listen(sk);
0413 break;
0414
0415 case BT_CONNECTED:
0416 case BT_CONFIG:
0417 if (sco_pi(sk)->conn->hcon) {
0418 sk->sk_state = BT_DISCONN;
0419 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
0420 sco_conn_lock(sco_pi(sk)->conn);
0421 hci_conn_drop(sco_pi(sk)->conn->hcon);
0422 sco_pi(sk)->conn->hcon = NULL;
0423 sco_conn_unlock(sco_pi(sk)->conn);
0424 } else
0425 sco_chan_del(sk, ECONNRESET);
0426 break;
0427
0428 case BT_CONNECT2:
0429 case BT_CONNECT:
0430 case BT_DISCONN:
0431 sco_chan_del(sk, ECONNRESET);
0432 break;
0433
0434 default:
0435 sock_set_flag(sk, SOCK_ZAPPED);
0436 break;
0437 }
0438
0439 }
0440
0441
0442 static void sco_sock_close(struct sock *sk)
0443 {
0444 lock_sock(sk);
0445 sco_sock_clear_timer(sk);
0446 __sco_sock_close(sk);
0447 release_sock(sk);
0448 }
0449
0450 static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg,
0451 struct sock *sk)
0452 {
0453 if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS)
0454 put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS,
0455 sizeof(bt_cb(skb)->sco.pkt_status),
0456 &bt_cb(skb)->sco.pkt_status);
0457 }
0458
0459 static void sco_sock_init(struct sock *sk, struct sock *parent)
0460 {
0461 BT_DBG("sk %p", sk);
0462
0463 if (parent) {
0464 sk->sk_type = parent->sk_type;
0465 bt_sk(sk)->flags = bt_sk(parent)->flags;
0466 security_sk_clone(parent, sk);
0467 } else {
0468 bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg;
0469 }
0470 }
0471
0472 static struct proto sco_proto = {
0473 .name = "SCO",
0474 .owner = THIS_MODULE,
0475 .obj_size = sizeof(struct sco_pinfo)
0476 };
0477
0478 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
0479 int proto, gfp_t prio, int kern)
0480 {
0481 struct sock *sk;
0482
0483 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
0484 if (!sk)
0485 return NULL;
0486
0487 sock_init_data(sock, sk);
0488 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
0489
0490 sk->sk_destruct = sco_sock_destruct;
0491 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
0492
0493 sock_reset_flag(sk, SOCK_ZAPPED);
0494
0495 sk->sk_protocol = proto;
0496 sk->sk_state = BT_OPEN;
0497
0498 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
0499 sco_pi(sk)->codec.id = BT_CODEC_CVSD;
0500 sco_pi(sk)->codec.cid = 0xffff;
0501 sco_pi(sk)->codec.vid = 0xffff;
0502 sco_pi(sk)->codec.data_path = 0x00;
0503
0504 bt_sock_link(&sco_sk_list, sk);
0505 return sk;
0506 }
0507
0508 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
0509 int kern)
0510 {
0511 struct sock *sk;
0512
0513 BT_DBG("sock %p", sock);
0514
0515 sock->state = SS_UNCONNECTED;
0516
0517 if (sock->type != SOCK_SEQPACKET)
0518 return -ESOCKTNOSUPPORT;
0519
0520 sock->ops = &sco_sock_ops;
0521
0522 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
0523 if (!sk)
0524 return -ENOMEM;
0525
0526 sco_sock_init(sk, NULL);
0527 return 0;
0528 }
0529
0530 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
0531 int addr_len)
0532 {
0533 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
0534 struct sock *sk = sock->sk;
0535 int err = 0;
0536
0537 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
0538 addr->sa_family != AF_BLUETOOTH)
0539 return -EINVAL;
0540
0541 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
0542
0543 lock_sock(sk);
0544
0545 if (sk->sk_state != BT_OPEN) {
0546 err = -EBADFD;
0547 goto done;
0548 }
0549
0550 if (sk->sk_type != SOCK_SEQPACKET) {
0551 err = -EINVAL;
0552 goto done;
0553 }
0554
0555 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
0556
0557 sk->sk_state = BT_BOUND;
0558
0559 done:
0560 release_sock(sk);
0561 return err;
0562 }
0563
0564 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
0565 {
0566 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
0567 struct sock *sk = sock->sk;
0568 struct hci_dev *hdev;
0569 int err;
0570
0571 BT_DBG("sk %p", sk);
0572
0573 if (alen < sizeof(struct sockaddr_sco) ||
0574 addr->sa_family != AF_BLUETOOTH)
0575 return -EINVAL;
0576
0577 lock_sock(sk);
0578 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
0579 err = -EBADFD;
0580 goto done;
0581 }
0582
0583 if (sk->sk_type != SOCK_SEQPACKET) {
0584 err = -EINVAL;
0585 goto done;
0586 }
0587
0588 hdev = hci_get_route(&sa->sco_bdaddr, &sco_pi(sk)->src, BDADDR_BREDR);
0589 if (!hdev) {
0590 err = -EHOSTUNREACH;
0591 goto done;
0592 }
0593 hci_dev_lock(hdev);
0594
0595
0596 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
0597
0598 err = sco_connect(hdev, sk);
0599 hci_dev_unlock(hdev);
0600 hci_dev_put(hdev);
0601 if (err)
0602 goto done;
0603
0604 err = bt_sock_wait_state(sk, BT_CONNECTED,
0605 sock_sndtimeo(sk, flags & O_NONBLOCK));
0606
0607 done:
0608 release_sock(sk);
0609 return err;
0610 }
0611
0612 static int sco_sock_listen(struct socket *sock, int backlog)
0613 {
0614 struct sock *sk = sock->sk;
0615 bdaddr_t *src = &sco_pi(sk)->src;
0616 int err = 0;
0617
0618 BT_DBG("sk %p backlog %d", sk, backlog);
0619
0620 lock_sock(sk);
0621
0622 if (sk->sk_state != BT_BOUND) {
0623 err = -EBADFD;
0624 goto done;
0625 }
0626
0627 if (sk->sk_type != SOCK_SEQPACKET) {
0628 err = -EINVAL;
0629 goto done;
0630 }
0631
0632 write_lock(&sco_sk_list.lock);
0633
0634 if (__sco_get_sock_listen_by_addr(src)) {
0635 err = -EADDRINUSE;
0636 goto unlock;
0637 }
0638
0639 sk->sk_max_ack_backlog = backlog;
0640 sk->sk_ack_backlog = 0;
0641
0642 sk->sk_state = BT_LISTEN;
0643
0644 unlock:
0645 write_unlock(&sco_sk_list.lock);
0646
0647 done:
0648 release_sock(sk);
0649 return err;
0650 }
0651
0652 static int sco_sock_accept(struct socket *sock, struct socket *newsock,
0653 int flags, bool kern)
0654 {
0655 DEFINE_WAIT_FUNC(wait, woken_wake_function);
0656 struct sock *sk = sock->sk, *ch;
0657 long timeo;
0658 int err = 0;
0659
0660 lock_sock(sk);
0661
0662 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
0663
0664 BT_DBG("sk %p timeo %ld", sk, timeo);
0665
0666
0667 add_wait_queue_exclusive(sk_sleep(sk), &wait);
0668 while (1) {
0669 if (sk->sk_state != BT_LISTEN) {
0670 err = -EBADFD;
0671 break;
0672 }
0673
0674 ch = bt_accept_dequeue(sk, newsock);
0675 if (ch)
0676 break;
0677
0678 if (!timeo) {
0679 err = -EAGAIN;
0680 break;
0681 }
0682
0683 if (signal_pending(current)) {
0684 err = sock_intr_errno(timeo);
0685 break;
0686 }
0687
0688 release_sock(sk);
0689
0690 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
0691 lock_sock(sk);
0692 }
0693 remove_wait_queue(sk_sleep(sk), &wait);
0694
0695 if (err)
0696 goto done;
0697
0698 newsock->state = SS_CONNECTED;
0699
0700 BT_DBG("new socket %p", ch);
0701
0702 done:
0703 release_sock(sk);
0704 return err;
0705 }
0706
0707 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
0708 int peer)
0709 {
0710 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
0711 struct sock *sk = sock->sk;
0712
0713 BT_DBG("sock %p, sk %p", sock, sk);
0714
0715 addr->sa_family = AF_BLUETOOTH;
0716
0717 if (peer)
0718 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
0719 else
0720 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
0721
0722 return sizeof(struct sockaddr_sco);
0723 }
0724
0725 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
0726 size_t len)
0727 {
0728 struct sock *sk = sock->sk;
0729 struct sk_buff *skb;
0730 int err;
0731
0732 BT_DBG("sock %p, sk %p", sock, sk);
0733
0734 err = sock_error(sk);
0735 if (err)
0736 return err;
0737
0738 if (msg->msg_flags & MSG_OOB)
0739 return -EOPNOTSUPP;
0740
0741 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0);
0742 if (IS_ERR(skb))
0743 return PTR_ERR(skb);
0744
0745 lock_sock(sk);
0746
0747 if (sk->sk_state == BT_CONNECTED)
0748 err = sco_send_frame(sk, skb);
0749 else
0750 err = -ENOTCONN;
0751
0752 release_sock(sk);
0753
0754 if (err < 0)
0755 kfree_skb(skb);
0756 return err;
0757 }
0758
0759 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
0760 {
0761 struct hci_dev *hdev = conn->hdev;
0762
0763 BT_DBG("conn %p", conn);
0764
0765 conn->state = BT_CONFIG;
0766
0767 if (!lmp_esco_capable(hdev)) {
0768 struct hci_cp_accept_conn_req cp;
0769
0770 bacpy(&cp.bdaddr, &conn->dst);
0771 cp.role = 0x00;
0772
0773 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
0774 } else {
0775 struct hci_cp_accept_sync_conn_req cp;
0776
0777 bacpy(&cp.bdaddr, &conn->dst);
0778 cp.pkt_type = cpu_to_le16(conn->pkt_type);
0779
0780 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
0781 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
0782 cp.content_format = cpu_to_le16(setting);
0783
0784 switch (setting & SCO_AIRMODE_MASK) {
0785 case SCO_AIRMODE_TRANSP:
0786 if (conn->pkt_type & ESCO_2EV3)
0787 cp.max_latency = cpu_to_le16(0x0008);
0788 else
0789 cp.max_latency = cpu_to_le16(0x000D);
0790 cp.retrans_effort = 0x02;
0791 break;
0792 case SCO_AIRMODE_CVSD:
0793 cp.max_latency = cpu_to_le16(0xffff);
0794 cp.retrans_effort = 0xff;
0795 break;
0796 default:
0797
0798 cp.max_latency = cpu_to_le16(0xffff);
0799 cp.retrans_effort = 0xff;
0800 break;
0801 }
0802
0803 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
0804 sizeof(cp), &cp);
0805 }
0806 }
0807
0808 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
0809 size_t len, int flags)
0810 {
0811 struct sock *sk = sock->sk;
0812 struct sco_pinfo *pi = sco_pi(sk);
0813
0814 lock_sock(sk);
0815
0816 if (sk->sk_state == BT_CONNECT2 &&
0817 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
0818 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
0819 sk->sk_state = BT_CONFIG;
0820
0821 release_sock(sk);
0822 return 0;
0823 }
0824
0825 release_sock(sk);
0826
0827 return bt_sock_recvmsg(sock, msg, len, flags);
0828 }
0829
0830 static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
0831 sockptr_t optval, unsigned int optlen)
0832 {
0833 struct sock *sk = sock->sk;
0834 int len, err = 0;
0835 struct bt_voice voice;
0836 u32 opt;
0837 struct bt_codecs *codecs;
0838 struct hci_dev *hdev;
0839 __u8 buffer[255];
0840
0841 BT_DBG("sk %p", sk);
0842
0843 lock_sock(sk);
0844
0845 switch (optname) {
0846
0847 case BT_DEFER_SETUP:
0848 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
0849 err = -EINVAL;
0850 break;
0851 }
0852
0853 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
0854 err = -EFAULT;
0855 break;
0856 }
0857
0858 if (opt)
0859 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
0860 else
0861 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
0862 break;
0863
0864 case BT_VOICE:
0865 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
0866 sk->sk_state != BT_CONNECT2) {
0867 err = -EINVAL;
0868 break;
0869 }
0870
0871 voice.setting = sco_pi(sk)->setting;
0872
0873 len = min_t(unsigned int, sizeof(voice), optlen);
0874 if (copy_from_sockptr(&voice, optval, len)) {
0875 err = -EFAULT;
0876 break;
0877 }
0878
0879
0880 if (voice.setting != BT_VOICE_TRANSPARENT &&
0881 voice.setting != BT_VOICE_CVSD_16BIT) {
0882 err = -EINVAL;
0883 break;
0884 }
0885
0886 sco_pi(sk)->setting = voice.setting;
0887 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
0888 BDADDR_BREDR);
0889 if (!hdev) {
0890 err = -EBADFD;
0891 break;
0892 }
0893 if (enhanced_sync_conn_capable(hdev) &&
0894 voice.setting == BT_VOICE_TRANSPARENT)
0895 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT;
0896 hci_dev_put(hdev);
0897 break;
0898
0899 case BT_PKT_STATUS:
0900 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
0901 err = -EFAULT;
0902 break;
0903 }
0904
0905 if (opt)
0906 sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS;
0907 else
0908 sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS;
0909 break;
0910
0911 case BT_CODEC:
0912 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
0913 sk->sk_state != BT_CONNECT2) {
0914 err = -EINVAL;
0915 break;
0916 }
0917
0918 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
0919 BDADDR_BREDR);
0920 if (!hdev) {
0921 err = -EBADFD;
0922 break;
0923 }
0924
0925 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
0926 hci_dev_put(hdev);
0927 err = -EOPNOTSUPP;
0928 break;
0929 }
0930
0931 if (!hdev->get_data_path_id) {
0932 hci_dev_put(hdev);
0933 err = -EOPNOTSUPP;
0934 break;
0935 }
0936
0937 if (optlen < sizeof(struct bt_codecs) ||
0938 optlen > sizeof(buffer)) {
0939 hci_dev_put(hdev);
0940 err = -EINVAL;
0941 break;
0942 }
0943
0944 if (copy_from_sockptr(buffer, optval, optlen)) {
0945 hci_dev_put(hdev);
0946 err = -EFAULT;
0947 break;
0948 }
0949
0950 codecs = (void *)buffer;
0951
0952 if (codecs->num_codecs > 1) {
0953 hci_dev_put(hdev);
0954 err = -EINVAL;
0955 break;
0956 }
0957
0958 sco_pi(sk)->codec = codecs->codecs[0];
0959 hci_dev_put(hdev);
0960 break;
0961
0962 default:
0963 err = -ENOPROTOOPT;
0964 break;
0965 }
0966
0967 release_sock(sk);
0968 return err;
0969 }
0970
0971 static int sco_sock_getsockopt_old(struct socket *sock, int optname,
0972 char __user *optval, int __user *optlen)
0973 {
0974 struct sock *sk = sock->sk;
0975 struct sco_options opts;
0976 struct sco_conninfo cinfo;
0977 int len, err = 0;
0978
0979 BT_DBG("sk %p", sk);
0980
0981 if (get_user(len, optlen))
0982 return -EFAULT;
0983
0984 lock_sock(sk);
0985
0986 switch (optname) {
0987 case SCO_OPTIONS:
0988 if (sk->sk_state != BT_CONNECTED &&
0989 !(sk->sk_state == BT_CONNECT2 &&
0990 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
0991 err = -ENOTCONN;
0992 break;
0993 }
0994
0995 opts.mtu = sco_pi(sk)->conn->mtu;
0996
0997 BT_DBG("mtu %u", opts.mtu);
0998
0999 len = min_t(unsigned int, len, sizeof(opts));
1000 if (copy_to_user(optval, (char *)&opts, len))
1001 err = -EFAULT;
1002
1003 break;
1004
1005 case SCO_CONNINFO:
1006 if (sk->sk_state != BT_CONNECTED &&
1007 !(sk->sk_state == BT_CONNECT2 &&
1008 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
1009 err = -ENOTCONN;
1010 break;
1011 }
1012
1013 memset(&cinfo, 0, sizeof(cinfo));
1014 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
1015 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
1016
1017 len = min_t(unsigned int, len, sizeof(cinfo));
1018 if (copy_to_user(optval, (char *)&cinfo, len))
1019 err = -EFAULT;
1020
1021 break;
1022
1023 default:
1024 err = -ENOPROTOOPT;
1025 break;
1026 }
1027
1028 release_sock(sk);
1029 return err;
1030 }
1031
1032 static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
1033 char __user *optval, int __user *optlen)
1034 {
1035 struct sock *sk = sock->sk;
1036 int len, err = 0;
1037 struct bt_voice voice;
1038 u32 phys;
1039 int pkt_status;
1040 int buf_len;
1041 struct codec_list *c;
1042 u8 num_codecs, i, __user *ptr;
1043 struct hci_dev *hdev;
1044 struct hci_codec_caps *caps;
1045 struct bt_codec codec;
1046
1047 BT_DBG("sk %p", sk);
1048
1049 if (level == SOL_SCO)
1050 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
1051
1052 if (get_user(len, optlen))
1053 return -EFAULT;
1054
1055 lock_sock(sk);
1056
1057 switch (optname) {
1058
1059 case BT_DEFER_SETUP:
1060 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1061 err = -EINVAL;
1062 break;
1063 }
1064
1065 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1066 (u32 __user *)optval))
1067 err = -EFAULT;
1068
1069 break;
1070
1071 case BT_VOICE:
1072 voice.setting = sco_pi(sk)->setting;
1073
1074 len = min_t(unsigned int, len, sizeof(voice));
1075 if (copy_to_user(optval, (char *)&voice, len))
1076 err = -EFAULT;
1077
1078 break;
1079
1080 case BT_PHY:
1081 if (sk->sk_state != BT_CONNECTED) {
1082 err = -ENOTCONN;
1083 break;
1084 }
1085
1086 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1087
1088 if (put_user(phys, (u32 __user *) optval))
1089 err = -EFAULT;
1090 break;
1091
1092 case BT_PKT_STATUS:
1093 pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS);
1094
1095 if (put_user(pkt_status, (int __user *)optval))
1096 err = -EFAULT;
1097 break;
1098
1099 case BT_SNDMTU:
1100 case BT_RCVMTU:
1101 if (sk->sk_state != BT_CONNECTED) {
1102 err = -ENOTCONN;
1103 break;
1104 }
1105
1106 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1107 err = -EFAULT;
1108 break;
1109
1110 case BT_CODEC:
1111 num_codecs = 0;
1112 buf_len = 0;
1113
1114 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
1115 if (!hdev) {
1116 err = -EBADFD;
1117 break;
1118 }
1119
1120 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
1121 hci_dev_put(hdev);
1122 err = -EOPNOTSUPP;
1123 break;
1124 }
1125
1126 if (!hdev->get_data_path_id) {
1127 hci_dev_put(hdev);
1128 err = -EOPNOTSUPP;
1129 break;
1130 }
1131
1132
1133 hci_dev_lock(hdev);
1134 list_for_each_entry(c, &hdev->local_codecs, list) {
1135 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1136 continue;
1137 num_codecs++;
1138 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1139 buf_len += 1 + caps->len;
1140 caps = (void *)&caps->data[caps->len];
1141 }
1142 buf_len += sizeof(struct bt_codec);
1143 }
1144 hci_dev_unlock(hdev);
1145
1146 buf_len += sizeof(struct bt_codecs);
1147 if (buf_len > len) {
1148 hci_dev_put(hdev);
1149 err = -ENOBUFS;
1150 break;
1151 }
1152 ptr = optval;
1153
1154 if (put_user(num_codecs, ptr)) {
1155 hci_dev_put(hdev);
1156 err = -EFAULT;
1157 break;
1158 }
1159 ptr += sizeof(num_codecs);
1160
1161
1162
1163
1164 hci_dev_lock(hdev);
1165 list_for_each_entry(c, &hdev->local_codecs, list) {
1166 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1167 continue;
1168
1169 codec.id = c->id;
1170 codec.cid = c->cid;
1171 codec.vid = c->vid;
1172 err = hdev->get_data_path_id(hdev, &codec.data_path);
1173 if (err < 0)
1174 break;
1175 codec.num_caps = c->num_caps;
1176 if (copy_to_user(ptr, &codec, sizeof(codec))) {
1177 err = -EFAULT;
1178 break;
1179 }
1180 ptr += sizeof(codec);
1181
1182
1183 len = 0;
1184 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1185 len += 1 + caps->len;
1186 caps = (void *)&caps->data[caps->len];
1187 }
1188
1189
1190 if (len && copy_to_user(ptr, c->caps, len)) {
1191 err = -EFAULT;
1192 break;
1193 }
1194 ptr += len;
1195 }
1196
1197 if (!err && put_user(buf_len, optlen))
1198 err = -EFAULT;
1199
1200 hci_dev_unlock(hdev);
1201 hci_dev_put(hdev);
1202
1203 break;
1204
1205 default:
1206 err = -ENOPROTOOPT;
1207 break;
1208 }
1209
1210 release_sock(sk);
1211 return err;
1212 }
1213
1214 static int sco_sock_shutdown(struct socket *sock, int how)
1215 {
1216 struct sock *sk = sock->sk;
1217 int err = 0;
1218
1219 BT_DBG("sock %p, sk %p", sock, sk);
1220
1221 if (!sk)
1222 return 0;
1223
1224 sock_hold(sk);
1225 lock_sock(sk);
1226
1227 if (!sk->sk_shutdown) {
1228 sk->sk_shutdown = SHUTDOWN_MASK;
1229 sco_sock_clear_timer(sk);
1230 __sco_sock_close(sk);
1231
1232 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1233 !(current->flags & PF_EXITING))
1234 err = bt_sock_wait_state(sk, BT_CLOSED,
1235 sk->sk_lingertime);
1236 }
1237
1238 release_sock(sk);
1239 sock_put(sk);
1240
1241 return err;
1242 }
1243
1244 static int sco_sock_release(struct socket *sock)
1245 {
1246 struct sock *sk = sock->sk;
1247 int err = 0;
1248
1249 BT_DBG("sock %p, sk %p", sock, sk);
1250
1251 if (!sk)
1252 return 0;
1253
1254 sco_sock_close(sk);
1255
1256 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1257 !(current->flags & PF_EXITING)) {
1258 lock_sock(sk);
1259 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1260 release_sock(sk);
1261 }
1262
1263 sock_orphan(sk);
1264 sco_sock_kill(sk);
1265 return err;
1266 }
1267
1268 static void sco_conn_ready(struct sco_conn *conn)
1269 {
1270 struct sock *parent;
1271 struct sock *sk = conn->sk;
1272
1273 BT_DBG("conn %p", conn);
1274
1275 if (sk) {
1276 lock_sock(sk);
1277 sco_sock_clear_timer(sk);
1278 sk->sk_state = BT_CONNECTED;
1279 sk->sk_state_change(sk);
1280 release_sock(sk);
1281 } else {
1282 sco_conn_lock(conn);
1283
1284 if (!conn->hcon) {
1285 sco_conn_unlock(conn);
1286 return;
1287 }
1288
1289 parent = sco_get_sock_listen(&conn->hcon->src);
1290 if (!parent) {
1291 sco_conn_unlock(conn);
1292 return;
1293 }
1294
1295 lock_sock(parent);
1296
1297 sk = sco_sock_alloc(sock_net(parent), NULL,
1298 BTPROTO_SCO, GFP_ATOMIC, 0);
1299 if (!sk) {
1300 release_sock(parent);
1301 sco_conn_unlock(conn);
1302 return;
1303 }
1304
1305 sco_sock_init(sk, parent);
1306
1307 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1308 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1309
1310 hci_conn_hold(conn->hcon);
1311 __sco_chan_add(conn, sk, parent);
1312
1313 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1314 sk->sk_state = BT_CONNECT2;
1315 else
1316 sk->sk_state = BT_CONNECTED;
1317
1318
1319 parent->sk_data_ready(parent);
1320
1321 release_sock(parent);
1322
1323 sco_conn_unlock(conn);
1324 }
1325 }
1326
1327
1328 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1329 {
1330 struct sock *sk;
1331 int lm = 0;
1332
1333 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1334
1335
1336 read_lock(&sco_sk_list.lock);
1337 sk_for_each(sk, &sco_sk_list.head) {
1338 if (sk->sk_state != BT_LISTEN)
1339 continue;
1340
1341 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1342 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1343 lm |= HCI_LM_ACCEPT;
1344
1345 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1346 *flags |= HCI_PROTO_DEFER;
1347 break;
1348 }
1349 }
1350 read_unlock(&sco_sk_list.lock);
1351
1352 return lm;
1353 }
1354
1355 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1356 {
1357 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1358 return;
1359
1360 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status);
1361
1362 if (!status) {
1363 struct sco_conn *conn;
1364
1365 conn = sco_conn_add(hcon);
1366 if (conn)
1367 sco_conn_ready(conn);
1368 } else
1369 sco_conn_del(hcon, bt_to_errno(status));
1370 }
1371
1372 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1373 {
1374 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1375 return;
1376
1377 BT_DBG("hcon %p reason %d", hcon, reason);
1378
1379 sco_conn_del(hcon, bt_to_errno(reason));
1380 }
1381
1382 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1383 {
1384 struct sco_conn *conn = hcon->sco_data;
1385
1386 if (!conn)
1387 goto drop;
1388
1389 BT_DBG("conn %p len %u", conn, skb->len);
1390
1391 if (skb->len) {
1392 sco_recv_frame(conn, skb);
1393 return;
1394 }
1395
1396 drop:
1397 kfree_skb(skb);
1398 }
1399
1400 static struct hci_cb sco_cb = {
1401 .name = "SCO",
1402 .connect_cfm = sco_connect_cfm,
1403 .disconn_cfm = sco_disconn_cfm,
1404 };
1405
1406 static int sco_debugfs_show(struct seq_file *f, void *p)
1407 {
1408 struct sock *sk;
1409
1410 read_lock(&sco_sk_list.lock);
1411
1412 sk_for_each(sk, &sco_sk_list.head) {
1413 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1414 &sco_pi(sk)->dst, sk->sk_state);
1415 }
1416
1417 read_unlock(&sco_sk_list.lock);
1418
1419 return 0;
1420 }
1421
1422 DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1423
1424 static struct dentry *sco_debugfs;
1425
1426 static const struct proto_ops sco_sock_ops = {
1427 .family = PF_BLUETOOTH,
1428 .owner = THIS_MODULE,
1429 .release = sco_sock_release,
1430 .bind = sco_sock_bind,
1431 .connect = sco_sock_connect,
1432 .listen = sco_sock_listen,
1433 .accept = sco_sock_accept,
1434 .getname = sco_sock_getname,
1435 .sendmsg = sco_sock_sendmsg,
1436 .recvmsg = sco_sock_recvmsg,
1437 .poll = bt_sock_poll,
1438 .ioctl = bt_sock_ioctl,
1439 .gettstamp = sock_gettstamp,
1440 .mmap = sock_no_mmap,
1441 .socketpair = sock_no_socketpair,
1442 .shutdown = sco_sock_shutdown,
1443 .setsockopt = sco_sock_setsockopt,
1444 .getsockopt = sco_sock_getsockopt
1445 };
1446
1447 static const struct net_proto_family sco_sock_family_ops = {
1448 .family = PF_BLUETOOTH,
1449 .owner = THIS_MODULE,
1450 .create = sco_sock_create,
1451 };
1452
1453 int __init sco_init(void)
1454 {
1455 int err;
1456
1457 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1458
1459 err = proto_register(&sco_proto, 0);
1460 if (err < 0)
1461 return err;
1462
1463 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1464 if (err < 0) {
1465 BT_ERR("SCO socket registration failed");
1466 goto error;
1467 }
1468
1469 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1470 if (err < 0) {
1471 BT_ERR("Failed to create SCO proc file");
1472 bt_sock_unregister(BTPROTO_SCO);
1473 goto error;
1474 }
1475
1476 BT_INFO("SCO socket layer initialized");
1477
1478 hci_register_cb(&sco_cb);
1479
1480 if (IS_ERR_OR_NULL(bt_debugfs))
1481 return 0;
1482
1483 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1484 NULL, &sco_debugfs_fops);
1485
1486 return 0;
1487
1488 error:
1489 proto_unregister(&sco_proto);
1490 return err;
1491 }
1492
1493 void sco_exit(void)
1494 {
1495 bt_procfs_cleanup(&init_net, "sco");
1496
1497 debugfs_remove(sco_debugfs);
1498
1499 hci_unregister_cb(&sco_cb);
1500
1501 bt_sock_unregister(BTPROTO_SCO);
1502
1503 proto_unregister(&sco_proto);
1504 }
1505
1506 module_param(disable_esco, bool, 0644);
1507 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
