Gitiles
Code Review Sign In
192.168.1.100 / T108 / 50f43abd51b98a89a2ec2d51cd2725a28869fae6 / . / marvell / linux / net / bluetooth / sco.c
blob: 4c81883ba25e38bdbc5fde823b59bfce1764af4d [file] [log] [blame]
b.liue9582032025-04-17 19:18:16 +0800[diff] [blame]1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth SCO sockets. */
26
27#include <linux/module.h>
28#include <linux/debugfs.h>
29#include <linux/seq_file.h>
30#include <linux/sched/signal.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/sco.h>
35
36static bool disable_esco;
37
38static const struct proto_ops sco_sock_ops;
39
40static struct bt_sock_list sco_sk_list = {
41 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
42};
43
44/* ---- SCO connections ---- */
45struct sco_conn {
46 struct hci_conn *hcon;
47
48 spinlock_t lock;
49 struct sock *sk;
50
51 struct delayed_work timeout_work;
52
53 unsigned int mtu;
54};
55
56#define sco_conn_lock(c) spin_lock(&c->lock);
57#define sco_conn_unlock(c) spin_unlock(&c->lock);
58
59static void sco_sock_close(struct sock *sk);
60static void sco_sock_kill(struct sock *sk);
61
62/* ----- SCO socket info ----- */
63#define sco_pi(sk) ((struct sco_pinfo *) sk)
64
65struct sco_pinfo {
66 struct bt_sock bt;
67 bdaddr_t src;
68 bdaddr_t dst;
69 __u32 flags;
70 __u16 setting;
71 struct sco_conn *conn;
72};
73
74/* ---- SCO timers ---- */
75#define SCO_CONN_TIMEOUT (HZ * 40)
76#define SCO_DISCONN_TIMEOUT (HZ * 2)
77
78static void sco_sock_timeout(struct work_struct *work)
79{
80 struct sco_conn *conn = container_of(work, struct sco_conn,
81 timeout_work.work);
82 struct sock *sk;
83
84 sco_conn_lock(conn);
85 if (!conn->hcon) {
86 sco_conn_unlock(conn);
87 return;
88 }
89 sk = conn->sk;
90 if (sk)
91 sock_hold(sk);
92 sco_conn_unlock(conn);
93
94 if (!sk)
95 return;
96
97 BT_DBG("sock %p state %d", sk, sk->sk_state);
98
99 bh_lock_sock(sk);
100 sk->sk_err = ETIMEDOUT;
101 sk->sk_state_change(sk);
102 bh_unlock_sock(sk);
103
104 sock_put(sk);
105}
106
107static void sco_sock_set_timer(struct sock *sk, long timeout)
108{
109 if (!sco_pi(sk)->conn)
110 return;
111
112 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
113 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
114 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
115}
116
117static void sco_sock_clear_timer(struct sock *sk)
118{
119 if (!sco_pi(sk)->conn)
120 return;
121
122 BT_DBG("sock %p state %d", sk, sk->sk_state);
123 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
124}
125
126/* ---- SCO connections ---- */
127static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
128{
129 struct hci_dev *hdev = hcon->hdev;
130 struct sco_conn *conn = hcon->sco_data;
131
132 if (conn)
133 return conn;
134
135 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
136 if (!conn)
137 return NULL;
138
139 spin_lock_init(&conn->lock);
140 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
141
142 hcon->sco_data = conn;
143 conn->hcon = hcon;
144
145 if (hdev->sco_mtu > 0)
146 conn->mtu = hdev->sco_mtu;
147 else
148 conn->mtu = 60;
149
150 BT_DBG("hcon %p conn %p", hcon, conn);
151
152 return conn;
153}
154
155/* Delete channel.
156 * Must be called on the locked socket. */
157static void sco_chan_del(struct sock *sk, int err)
158{
159 struct sco_conn *conn;
160
161 conn = sco_pi(sk)->conn;
162
163 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
164
165 if (conn) {
166 sco_conn_lock(conn);
167 conn->sk = NULL;
168 sco_pi(sk)->conn = NULL;
169 sco_conn_unlock(conn);
170
171 if (conn->hcon)
172 hci_conn_drop(conn->hcon);
173 }
174
175 sk->sk_state = BT_CLOSED;
176 sk->sk_err = err;
177 sk->sk_state_change(sk);
178
179 sock_set_flag(sk, SOCK_ZAPPED);
180}
181
182static void sco_conn_del(struct hci_conn *hcon, int err)
183{
184 struct sco_conn *conn = hcon->sco_data;
185 struct sock *sk;
186
187 if (!conn)
188 return;
189
190 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
191
192 /* Kill socket */
193 sco_conn_lock(conn);
194 sk = conn->sk;
195 sco_conn_unlock(conn);
196
197 if (sk) {
198 sock_hold(sk);
199 bh_lock_sock(sk);
200 sco_sock_clear_timer(sk);
201 sco_chan_del(sk, err);
202 bh_unlock_sock(sk);
203 sock_put(sk);
204 }
205
206 /* Ensure no more work items will run before freeing conn. */
207 cancel_delayed_work_sync(&conn->timeout_work);
208
209 hcon->sco_data = NULL;
210 kfree(conn);
211}
212
213static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
214 struct sock *parent)
215{
216 BT_DBG("conn %p", conn);
217
218 sco_pi(sk)->conn = conn;
219 conn->sk = sk;
220
221 if (parent)
222 bt_accept_enqueue(parent, sk, true);
223}
224
225static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
226 struct sock *parent)
227{
228 int err = 0;
229
230 sco_conn_lock(conn);
231 if (conn->sk)
232 err = -EBUSY;
233 else
234 __sco_chan_add(conn, sk, parent);
235
236 sco_conn_unlock(conn);
237 return err;
238}
239
240static int sco_connect(struct hci_dev *hdev, struct sock *sk)
241{
242 struct sco_conn *conn;
243 struct hci_conn *hcon;
244 int err, type;
245
246 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
247
248 if (lmp_esco_capable(hdev) && !disable_esco)
249 type = ESCO_LINK;
250 else
251 type = SCO_LINK;
252
253 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
254 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev)))
255 return -EOPNOTSUPP;
256
257 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
258 sco_pi(sk)->setting);
259 if (IS_ERR(hcon))
260 return PTR_ERR(hcon);
261
262 conn = sco_conn_add(hcon);
263 if (!conn) {
264 hci_conn_drop(hcon);
265 return -ENOMEM;
266 }
267
268 /* Update source addr of the socket */
269 bacpy(&sco_pi(sk)->src, &hcon->src);
270
271 err = sco_chan_add(conn, sk, NULL);
272 if (err)
273 return err;
274
275 if (hcon->state == BT_CONNECTED) {
276 sco_sock_clear_timer(sk);
277 sk->sk_state = BT_CONNECTED;
278 } else {
279 sk->sk_state = BT_CONNECT;
280 sco_sock_set_timer(sk, sk->sk_sndtimeo);
281 }
282
283 return err;
284}
285
286static int sco_send_frame(struct sock *sk, struct sk_buff *skb)
287{
288 struct sco_conn *conn = sco_pi(sk)->conn;
289 int len = skb->len;
290
291 /* Check outgoing MTU */
292 if (len > conn->mtu)
293 return -EINVAL;
294
295 BT_DBG("sk %p len %d", sk, len);
296
297 hci_send_sco(conn->hcon, skb);
298
299 return len;
300}
301
302static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
303{
304 struct sock *sk;
305
306 sco_conn_lock(conn);
307 sk = conn->sk;
308 sco_conn_unlock(conn);
309
310 if (!sk)
311 goto drop;
312
313 BT_DBG("sk %p len %d", sk, skb->len);
314
315 if (sk->sk_state != BT_CONNECTED)
316 goto drop;
317
318 if (!sock_queue_rcv_skb(sk, skb))
319 return;
320
321drop:
322 kfree_skb(skb);
323}
324
325/* -------- Socket interface ---------- */
326static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
327{
328 struct sock *sk;
329
330 sk_for_each(sk, &sco_sk_list.head) {
331 if (sk->sk_state != BT_LISTEN)
332 continue;
333
334 if (!bacmp(&sco_pi(sk)->src, ba))
335 return sk;
336 }
337
338 return NULL;
339}
340
341/* Find socket listening on source bdaddr.
342 * Returns closest match.
343 */
344static struct sock *sco_get_sock_listen(bdaddr_t *src)
345{
346 struct sock *sk = NULL, *sk1 = NULL;
347
348 read_lock(&sco_sk_list.lock);
349
350 sk_for_each(sk, &sco_sk_list.head) {
351 if (sk->sk_state != BT_LISTEN)
352 continue;
353
354 /* Exact match. */
355 if (!bacmp(&sco_pi(sk)->src, src))
356 break;
357
358 /* Closest match */
359 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
360 sk1 = sk;
361 }
362
363 read_unlock(&sco_sk_list.lock);
364
365 return sk ? sk : sk1;
366}
367
368static void sco_sock_destruct(struct sock *sk)
369{
370 BT_DBG("sk %p", sk);
371
372 skb_queue_purge(&sk->sk_receive_queue);
373 skb_queue_purge(&sk->sk_write_queue);
374}
375
376static void sco_sock_cleanup_listen(struct sock *parent)
377{
378 struct sock *sk;
379
380 BT_DBG("parent %p", parent);
381
382 /* Close not yet accepted channels */
383 while ((sk = bt_accept_dequeue(parent, NULL))) {
384 sco_sock_close(sk);
385 sco_sock_kill(sk);
386 }
387
388 parent->sk_state = BT_CLOSED;
389 sock_set_flag(parent, SOCK_ZAPPED);
390}
391
392/* Kill socket (only if zapped and orphan)
393 * Must be called on unlocked socket.
394 */
395static void sco_sock_kill(struct sock *sk)
396{
397 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
398 return;
399
400 BT_DBG("sk %p state %d", sk, sk->sk_state);
401
402 /* Kill poor orphan */
403 bt_sock_unlink(&sco_sk_list, sk);
404 sock_set_flag(sk, SOCK_DEAD);
405 sock_put(sk);
406}
407
408static void __sco_sock_close(struct sock *sk)
409{
410 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
411
412 switch (sk->sk_state) {
413 case BT_LISTEN:
414 sco_sock_cleanup_listen(sk);
415 break;
416
417 case BT_CONNECTED:
418 case BT_CONFIG:
419 if (sco_pi(sk)->conn->hcon) {
420 sk->sk_state = BT_DISCONN;
421 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
422 sco_conn_lock(sco_pi(sk)->conn);
423 hci_conn_drop(sco_pi(sk)->conn->hcon);
424 sco_pi(sk)->conn->hcon = NULL;
425 sco_conn_unlock(sco_pi(sk)->conn);
426 } else
427 sco_chan_del(sk, ECONNRESET);
428 break;
429
430 case BT_CONNECT2:
431 case BT_CONNECT:
432 case BT_DISCONN:
433 sco_chan_del(sk, ECONNRESET);
434 break;
435
436 default:
437 sock_set_flag(sk, SOCK_ZAPPED);
438 break;
439 }
440}
441
442/* Must be called on unlocked socket. */
443static void sco_sock_close(struct sock *sk)
444{
445 sco_sock_clear_timer(sk);
446 lock_sock(sk);
447 __sco_sock_close(sk);
448 release_sock(sk);
449}
450
451static void sco_sock_init(struct sock *sk, struct sock *parent)
452{
453 BT_DBG("sk %p", sk);
454
455 if (parent) {
456 sk->sk_type = parent->sk_type;
457 bt_sk(sk)->flags = bt_sk(parent)->flags;
458 security_sk_clone(parent, sk);
459 }
460}
461
462static struct proto sco_proto = {
463 .name = "SCO",
464 .owner = THIS_MODULE,
465 .obj_size = sizeof(struct sco_pinfo)
466};
467
468static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
469 int proto, gfp_t prio, int kern)
470{
471 struct sock *sk;
472
473 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
474 if (!sk)
475 return NULL;
476
477 sock_init_data(sock, sk);
478 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
479
480 sk->sk_destruct = sco_sock_destruct;
481 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
482
483 sock_reset_flag(sk, SOCK_ZAPPED);
484
485 sk->sk_protocol = proto;
486 sk->sk_state = BT_OPEN;
487
488 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
489
490 bt_sock_link(&sco_sk_list, sk);
491 return sk;
492}
493
494static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
495 int kern)
496{
497 struct sock *sk;
498
499 BT_DBG("sock %p", sock);
500
501 sock->state = SS_UNCONNECTED;
502
503 if (sock->type != SOCK_SEQPACKET)
504 return -ESOCKTNOSUPPORT;
505
506 sock->ops = &sco_sock_ops;
507
508 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
509 if (!sk)
510 return -ENOMEM;
511
512 sco_sock_init(sk, NULL);
513 return 0;
514}
515
516static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
517 int addr_len)
518{
519 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
520 struct sock *sk = sock->sk;
521 int err = 0;
522
523 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
524 addr->sa_family != AF_BLUETOOTH)
525 return -EINVAL;
526
527 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
528
529 lock_sock(sk);
530
531 if (sk->sk_state != BT_OPEN) {
532 err = -EBADFD;
533 goto done;
534 }
535
536 if (sk->sk_type != SOCK_SEQPACKET) {
537 err = -EINVAL;
538 goto done;
539 }
540
541 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
542
543 sk->sk_state = BT_BOUND;
544
545done:
546 release_sock(sk);
547 return err;
548}
549
550static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
551{
552 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
553 struct sock *sk = sock->sk;
554 struct hci_dev *hdev;
555 int err;
556
557 BT_DBG("sk %p", sk);
558
559 if (alen < sizeof(struct sockaddr_sco) ||
560 addr->sa_family != AF_BLUETOOTH)
561 return -EINVAL;
562
563 lock_sock(sk);
564 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
565 err = -EBADFD;
566 goto done;
567 }
568
569 if (sk->sk_type != SOCK_SEQPACKET) {
570 err = -EINVAL;
571 goto done;
572 }
573
574 hdev = hci_get_route(&sa->sco_bdaddr, &sco_pi(sk)->src, BDADDR_BREDR);
575 if (!hdev) {
576 err = -EHOSTUNREACH;
577 goto done;
578 }
579 hci_dev_lock(hdev);
580
581 /* Set destination address and psm */
582 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
583
584 err = sco_connect(hdev, sk);
585 hci_dev_unlock(hdev);
586 hci_dev_put(hdev);
587 if (err)
588 goto done;
589
590 err = bt_sock_wait_state(sk, BT_CONNECTED,
591 sock_sndtimeo(sk, flags & O_NONBLOCK));
592
593done:
594 release_sock(sk);
595 return err;
596}
597
598static int sco_sock_listen(struct socket *sock, int backlog)
599{
600 struct sock *sk = sock->sk;
601 bdaddr_t *src = &sco_pi(sk)->src;
602 int err = 0;
603
604 BT_DBG("sk %p backlog %d", sk, backlog);
605
606 lock_sock(sk);
607
608 if (sk->sk_state != BT_BOUND) {
609 err = -EBADFD;
610 goto done;
611 }
612
613 if (sk->sk_type != SOCK_SEQPACKET) {
614 err = -EINVAL;
615 goto done;
616 }
617
618 write_lock(&sco_sk_list.lock);
619
620 if (__sco_get_sock_listen_by_addr(src)) {
621 err = -EADDRINUSE;
622 goto unlock;
623 }
624
625 sk->sk_max_ack_backlog = backlog;
626 sk->sk_ack_backlog = 0;
627
628 sk->sk_state = BT_LISTEN;
629
630unlock:
631 write_unlock(&sco_sk_list.lock);
632
633done:
634 release_sock(sk);
635 return err;
636}
637
638static int sco_sock_accept(struct socket *sock, struct socket *newsock,
639 int flags, bool kern)
640{
641 DEFINE_WAIT_FUNC(wait, woken_wake_function);
642 struct sock *sk = sock->sk, *ch;
643 long timeo;
644 int err = 0;
645
646 lock_sock(sk);
647
648 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
649
650 BT_DBG("sk %p timeo %ld", sk, timeo);
651
652 /* Wait for an incoming connection. (wake-one). */
653 add_wait_queue_exclusive(sk_sleep(sk), &wait);
654 while (1) {
655 if (sk->sk_state != BT_LISTEN) {
656 err = -EBADFD;
657 break;
658 }
659
660 ch = bt_accept_dequeue(sk, newsock);
661 if (ch)
662 break;
663
664 if (!timeo) {
665 err = -EAGAIN;
666 break;
667 }
668
669 if (signal_pending(current)) {
670 err = sock_intr_errno(timeo);
671 break;
672 }
673
674 release_sock(sk);
675
676 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
677 lock_sock(sk);
678 }
679 remove_wait_queue(sk_sleep(sk), &wait);
680
681 if (err)
682 goto done;
683
684 newsock->state = SS_CONNECTED;
685
686 BT_DBG("new socket %p", ch);
687
688done:
689 release_sock(sk);
690 return err;
691}
692
693static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
694 int peer)
695{
696 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
697 struct sock *sk = sock->sk;
698
699 BT_DBG("sock %p, sk %p", sock, sk);
700
701 addr->sa_family = AF_BLUETOOTH;
702
703 if (peer)
704 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
705 else
706 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
707
708 return sizeof(struct sockaddr_sco);
709}
710
711static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
712 size_t len)
713{
714 struct sock *sk = sock->sk;
715 struct sk_buff *skb;
716 int err;
717
718 BT_DBG("sock %p, sk %p", sock, sk);
719
720 err = sock_error(sk);
721 if (err)
722 return err;
723
724 if (msg->msg_flags & MSG_OOB)
725 return -EOPNOTSUPP;
726
727 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0);
728 if (IS_ERR(skb))
729 return PTR_ERR(skb);
730
731 lock_sock(sk);
732
733 if (sk->sk_state == BT_CONNECTED)
734 err = sco_send_frame(sk, skb);
735 else
736 err = -ENOTCONN;
737
738 release_sock(sk);
739
740 if (err < 0)
741 kfree_skb(skb);
742 return err;
743}
744
745static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
746{
747 struct hci_dev *hdev = conn->hdev;
748
749 BT_DBG("conn %p", conn);
750
751 conn->state = BT_CONFIG;
752
753 if (!lmp_esco_capable(hdev)) {
754 struct hci_cp_accept_conn_req cp;
755
756 bacpy(&cp.bdaddr, &conn->dst);
757 cp.role = 0x00; /* Ignored */
758
759 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
760 } else {
761 struct hci_cp_accept_sync_conn_req cp;
762
763 bacpy(&cp.bdaddr, &conn->dst);
764 cp.pkt_type = cpu_to_le16(conn->pkt_type);
765
766 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
767 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
768 cp.content_format = cpu_to_le16(setting);
769
770 switch (setting & SCO_AIRMODE_MASK) {
771 case SCO_AIRMODE_TRANSP:
772 if (conn->pkt_type & ESCO_2EV3)
773 cp.max_latency = cpu_to_le16(0x0008);
774 else
775 cp.max_latency = cpu_to_le16(0x000D);
776 cp.retrans_effort = 0x02;
777 break;
778 case SCO_AIRMODE_CVSD:
779 cp.max_latency = cpu_to_le16(0xffff);
780 cp.retrans_effort = 0xff;
781 break;
782 default:
783 /* use CVSD settings as fallback */
784 cp.max_latency = cpu_to_le16(0xffff);
785 cp.retrans_effort = 0xff;
786 break;
787 }
788
789 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
790 sizeof(cp), &cp);
791 }
792}
793
794static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
795 size_t len, int flags)
796{
797 struct sock *sk = sock->sk;
798 struct sco_pinfo *pi = sco_pi(sk);
799
800 lock_sock(sk);
801
802 if (sk->sk_state == BT_CONNECT2 &&
803 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
804 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
805 sk->sk_state = BT_CONFIG;
806
807 release_sock(sk);
808 return 0;
809 }
810
811 release_sock(sk);
812
813 return bt_sock_recvmsg(sock, msg, len, flags);
814}
815
816static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
817 char __user *optval, unsigned int optlen)
818{
819 struct sock *sk = sock->sk;
820 int len, err = 0;
821 struct bt_voice voice;
822 u32 opt;
823
824 BT_DBG("sk %p", sk);
825
826 lock_sock(sk);
827
828 switch (optname) {
829
830 case BT_DEFER_SETUP:
831 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
832 err = -EINVAL;
833 break;
834 }
835
836 if (get_user(opt, (u32 __user *) optval)) {
837 err = -EFAULT;
838 break;
839 }
840
841 if (opt)
842 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
843 else
844 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
845 break;
846
847 case BT_VOICE:
848 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
849 sk->sk_state != BT_CONNECT2) {
850 err = -EINVAL;
851 break;
852 }
853
854 voice.setting = sco_pi(sk)->setting;
855
856 len = min_t(unsigned int, sizeof(voice), optlen);
857 if (copy_from_user((char *)&voice, optval, len)) {
858 err = -EFAULT;
859 break;
860 }
861
862 /* Explicitly check for these values */
863 if (voice.setting != BT_VOICE_TRANSPARENT &&
864 voice.setting != BT_VOICE_CVSD_16BIT) {
865 err = -EINVAL;
866 break;
867 }
868
869 sco_pi(sk)->setting = voice.setting;
870 break;
871
872 default:
873 err = -ENOPROTOOPT;
874 break;
875 }
876
877 release_sock(sk);
878 return err;
879}
880
881static int sco_sock_getsockopt_old(struct socket *sock, int optname,
882 char __user *optval, int __user *optlen)
883{
884 struct sock *sk = sock->sk;
885 struct sco_options opts;
886 struct sco_conninfo cinfo;
887 int err = 0;
888 size_t len;
889
890 BT_DBG("sk %p", sk);
891
892 if (get_user(len, optlen))
893 return -EFAULT;
894
895 lock_sock(sk);
896
897 switch (optname) {
898 case SCO_OPTIONS:
899 if (sk->sk_state != BT_CONNECTED &&
900 !(sk->sk_state == BT_CONNECT2 &&
901 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
902 err = -ENOTCONN;
903 break;
904 }
905
906 opts.mtu = sco_pi(sk)->conn->mtu;
907
908 BT_DBG("mtu %d", opts.mtu);
909
910 len = min(len, sizeof(opts));
911 if (copy_to_user(optval, (char *)&opts, len))
912 err = -EFAULT;
913
914 break;
915
916 case SCO_CONNINFO:
917 if (sk->sk_state != BT_CONNECTED &&
918 !(sk->sk_state == BT_CONNECT2 &&
919 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
920 err = -ENOTCONN;
921 break;
922 }
923
924 memset(&cinfo, 0, sizeof(cinfo));
925 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
926 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
927
928 len = min(len, sizeof(cinfo));
929 if (copy_to_user(optval, (char *)&cinfo, len))
930 err = -EFAULT;
931
932 break;
933
934 default:
935 err = -ENOPROTOOPT;
936 break;
937 }
938
939 release_sock(sk);
940 return err;
941}
942
943static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
944 char __user *optval, int __user *optlen)
945{
946 struct sock *sk = sock->sk;
947 int len, err = 0;
948 struct bt_voice voice;
949
950 BT_DBG("sk %p", sk);
951
952 if (level == SOL_SCO)
953 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
954
955 if (get_user(len, optlen))
956 return -EFAULT;
957
958 lock_sock(sk);
959
960 switch (optname) {
961
962 case BT_DEFER_SETUP:
963 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
964 err = -EINVAL;
965 break;
966 }
967
968 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
969 (u32 __user *)optval))
970 err = -EFAULT;
971
972 break;
973
974 case BT_VOICE:
975 voice.setting = sco_pi(sk)->setting;
976
977 len = min_t(unsigned int, len, sizeof(voice));
978 if (copy_to_user(optval, (char *)&voice, len))
979 err = -EFAULT;
980
981 break;
982
983 default:
984 err = -ENOPROTOOPT;
985 break;
986 }
987
988 release_sock(sk);
989 return err;
990}
991
992static int sco_sock_shutdown(struct socket *sock, int how)
993{
994 struct sock *sk = sock->sk;
995 int err = 0;
996
997 BT_DBG("sock %p, sk %p", sock, sk);
998
999 if (!sk)
1000 return 0;
1001
1002 sock_hold(sk);
1003 lock_sock(sk);
1004
1005 if (!sk->sk_shutdown) {
1006 sk->sk_shutdown = SHUTDOWN_MASK;
1007 sco_sock_clear_timer(sk);
1008 __sco_sock_close(sk);
1009
1010 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1011 !(current->flags & PF_EXITING))
1012 err = bt_sock_wait_state(sk, BT_CLOSED,
1013 sk->sk_lingertime);
1014 }
1015
1016 release_sock(sk);
1017 sock_put(sk);
1018
1019 return err;
1020}
1021
1022static int sco_sock_release(struct socket *sock)
1023{
1024 struct sock *sk = sock->sk;
1025 int err = 0;
1026
1027 BT_DBG("sock %p, sk %p", sock, sk);
1028
1029 if (!sk)
1030 return 0;
1031
1032 sco_sock_close(sk);
1033
1034 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1035 !(current->flags & PF_EXITING)) {
1036 lock_sock(sk);
1037 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1038 release_sock(sk);
1039 }
1040
1041 sock_orphan(sk);
1042 sco_sock_kill(sk);
1043 return err;
1044}
1045
1046static void sco_conn_ready(struct sco_conn *conn)
1047{
1048 struct sock *parent;
1049 struct sock *sk = conn->sk;
1050
1051 BT_DBG("conn %p", conn);
1052
1053 if (sk) {
1054 sco_sock_clear_timer(sk);
1055 bh_lock_sock(sk);
1056 sk->sk_state = BT_CONNECTED;
1057 sk->sk_state_change(sk);
1058 bh_unlock_sock(sk);
1059 } else {
1060 sco_conn_lock(conn);
1061
1062 if (!conn->hcon) {
1063 sco_conn_unlock(conn);
1064 return;
1065 }
1066
1067 parent = sco_get_sock_listen(&conn->hcon->src);
1068 if (!parent) {
1069 sco_conn_unlock(conn);
1070 return;
1071 }
1072
1073 bh_lock_sock(parent);
1074
1075 sk = sco_sock_alloc(sock_net(parent), NULL,
1076 BTPROTO_SCO, GFP_ATOMIC, 0);
1077 if (!sk) {
1078 bh_unlock_sock(parent);
1079 sco_conn_unlock(conn);
1080 return;
1081 }
1082
1083 sco_sock_init(sk, parent);
1084
1085 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1086 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1087
1088 hci_conn_hold(conn->hcon);
1089 __sco_chan_add(conn, sk, parent);
1090
1091 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1092 sk->sk_state = BT_CONNECT2;
1093 else
1094 sk->sk_state = BT_CONNECTED;
1095
1096 /* Wake up parent */
1097 parent->sk_data_ready(parent);
1098
1099 bh_unlock_sock(parent);
1100
1101 sco_conn_unlock(conn);
1102 }
1103}
1104
1105/* ----- SCO interface with lower layer (HCI) ----- */
1106int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1107{
1108 struct sock *sk;
1109 int lm = 0;
1110
1111 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1112
1113 /* Find listening sockets */
1114 read_lock(&sco_sk_list.lock);
1115 sk_for_each(sk, &sco_sk_list.head) {
1116 if (sk->sk_state != BT_LISTEN)
1117 continue;
1118
1119 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1120 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1121 lm |= HCI_LM_ACCEPT;
1122
1123 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1124 *flags |= HCI_PROTO_DEFER;
1125 break;
1126 }
1127 }
1128 read_unlock(&sco_sk_list.lock);
1129
1130 return lm;
1131}
1132
1133static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1134{
1135 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1136 return;
1137
1138 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1139
1140 if (!status) {
1141 struct sco_conn *conn;
1142
1143 conn = sco_conn_add(hcon);
1144 if (conn)
1145 sco_conn_ready(conn);
1146 } else
1147 sco_conn_del(hcon, bt_to_errno(status));
1148}
1149
1150static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1151{
1152 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1153 return;
1154
1155 BT_DBG("hcon %p reason %d", hcon, reason);
1156
1157 sco_conn_del(hcon, bt_to_errno(reason));
1158}
1159
1160void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1161{
1162 struct sco_conn *conn = hcon->sco_data;
1163
1164 if (!conn)
1165 goto drop;
1166
1167 BT_DBG("conn %p len %d", conn, skb->len);
1168
1169 if (skb->len) {
1170 sco_recv_frame(conn, skb);
1171 return;
1172 }
1173
1174drop:
1175 kfree_skb(skb);
1176}
1177
1178static struct hci_cb sco_cb = {
1179 .name = "SCO",
1180 .connect_cfm = sco_connect_cfm,
1181 .disconn_cfm = sco_disconn_cfm,
1182};
1183
1184static int sco_debugfs_show(struct seq_file *f, void *p)
1185{
1186 struct sock *sk;
1187
1188 read_lock(&sco_sk_list.lock);
1189
1190 sk_for_each(sk, &sco_sk_list.head) {
1191 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1192 &sco_pi(sk)->dst, sk->sk_state);
1193 }
1194
1195 read_unlock(&sco_sk_list.lock);
1196
1197 return 0;
1198}
1199
1200DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1201
1202static struct dentry *sco_debugfs;
1203
1204static const struct proto_ops sco_sock_ops = {
1205 .family = PF_BLUETOOTH,
1206 .owner = THIS_MODULE,
1207 .release = sco_sock_release,
1208 .bind = sco_sock_bind,
1209 .connect = sco_sock_connect,
1210 .listen = sco_sock_listen,
1211 .accept = sco_sock_accept,
1212 .getname = sco_sock_getname,
1213 .sendmsg = sco_sock_sendmsg,
1214 .recvmsg = sco_sock_recvmsg,
1215 .poll = bt_sock_poll,
1216 .ioctl = bt_sock_ioctl,
1217 .gettstamp = sock_gettstamp,
1218 .mmap = sock_no_mmap,
1219 .socketpair = sock_no_socketpair,
1220 .shutdown = sco_sock_shutdown,
1221 .setsockopt = sco_sock_setsockopt,
1222 .getsockopt = sco_sock_getsockopt
1223};
1224
1225static const struct net_proto_family sco_sock_family_ops = {
1226 .family = PF_BLUETOOTH,
1227 .owner = THIS_MODULE,
1228 .create = sco_sock_create,
1229};
1230
1231int __init sco_init(void)
1232{
1233 int err;
1234
1235 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1236
1237 err = proto_register(&sco_proto, 0);
1238 if (err < 0)
1239 return err;
1240
1241 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1242 if (err < 0) {
1243 BT_ERR("SCO socket registration failed");
1244 goto error;
1245 }
1246
1247 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1248 if (err < 0) {
1249 BT_ERR("Failed to create SCO proc file");
1250 bt_sock_unregister(BTPROTO_SCO);
1251 goto error;
1252 }
1253
1254 BT_INFO("SCO socket layer initialized");
1255
1256 hci_register_cb(&sco_cb);
1257
1258 if (IS_ERR_OR_NULL(bt_debugfs))
1259 return 0;
1260
1261 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1262 NULL, &sco_debugfs_fops);
1263
1264 return 0;
1265
1266error:
1267 proto_unregister(&sco_proto);
1268 return err;
1269}
1270
1271void sco_exit(void)
1272{
1273 bt_procfs_cleanup(&init_net, "sco");
1274
1275 debugfs_remove(sco_debugfs);
1276
1277 hci_unregister_cb(&sco_cb);
1278
1279 bt_sock_unregister(BTPROTO_SCO);
1280
1281 proto_unregister(&sco_proto);
1282}
1283
1284module_param(disable_esco, bool, 0644);
1285MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");