1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth SCO sockets. */
26
27 #include <linux/module.h>
28
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/sched.h>
33 #include <linux/slab.h>
34 #include <linux/poll.h>
35 #include <linux/fcntl.h>
36 #include <linux/init.h>
37 #include <linux/interrupt.h>
38 #include <linux/socket.h>
39 #include <linux/skbuff.h>
40 #include <linux/device.h>
41 #include <linux/debugfs.h>
42 #include <linux/seq_file.h>
43 #include <linux/list.h>
44 #include <linux/security.h>
45 #include <net/sock.h>
46
47 #include <linux/uaccess.h>
48
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
51 #include <net/bluetooth/sco.h>
52
53 static bool disable_esco;
54
55 static const struct proto_ops sco_sock_ops;
56
57 static struct bt_sock_list sco_sk_list = {
58 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
59 };
60
61 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent);
62 static void sco_chan_del(struct sock *sk, int err);
63
64 static int sco_conn_del(struct hci_conn *conn, int err);
65
66 static void sco_sock_close(struct sock *sk);
67 static void sco_sock_kill(struct sock *sk);
68
69 /* ---- SCO timers ---- */
sco_sock_timeout(unsigned long arg)70 static void sco_sock_timeout(unsigned long arg)
71 {
72 struct sock *sk = (struct sock *) arg;
73
74 BT_DBG("sock %p state %d", sk, sk->sk_state);
75
76 bh_lock_sock(sk);
77 sk->sk_err = ETIMEDOUT;
78 sk->sk_state_change(sk);
79 bh_unlock_sock(sk);
80
81 sco_sock_kill(sk);
82 sock_put(sk);
83 }
84
sco_sock_set_timer(struct sock * sk,long timeout)85 static void sco_sock_set_timer(struct sock *sk, long timeout)
86 {
87 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
88 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
89 }
90
sco_sock_clear_timer(struct sock * sk)91 static void sco_sock_clear_timer(struct sock *sk)
92 {
93 BT_DBG("sock %p state %d", sk, sk->sk_state);
94 sk_stop_timer(sk, &sk->sk_timer);
95 }
96
97 /* ---- SCO connections ---- */
sco_conn_add(struct hci_conn * hcon,__u8 status)98 static struct sco_conn *sco_conn_add(struct hci_conn *hcon, __u8 status)
99 {
100 struct hci_dev *hdev = hcon->hdev;
101 struct sco_conn *conn = hcon->sco_data;
102
103 if (conn || status)
104 return conn;
105
106 conn = kzalloc(sizeof(struct sco_conn), GFP_ATOMIC);
107 if (!conn)
108 return NULL;
109
110 spin_lock_init(&conn->lock);
111
112 hcon->sco_data = conn;
113 conn->hcon = hcon;
114
115 conn->src = &hdev->bdaddr;
116 conn->dst = &hcon->dst;
117
118 if (hdev->sco_mtu > 0)
119 conn->mtu = hdev->sco_mtu;
120 else
121 conn->mtu = 60;
122
123 BT_DBG("hcon %p conn %p", hcon, conn);
124
125 return conn;
126 }
127
sco_chan_get(struct sco_conn * conn)128 static inline struct sock *sco_chan_get(struct sco_conn *conn)
129 {
130 struct sock *sk = NULL;
131 sco_conn_lock(conn);
132 sk = conn->sk;
133 sco_conn_unlock(conn);
134 return sk;
135 }
136
sco_conn_del(struct hci_conn * hcon,int err)137 static int sco_conn_del(struct hci_conn *hcon, int err)
138 {
139 struct sco_conn *conn = hcon->sco_data;
140 struct sock *sk;
141
142 if (!conn)
143 return 0;
144
145 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
146
147 /* Kill socket */
148 sk = sco_chan_get(conn);
149 if (sk) {
150 bh_lock_sock(sk);
151 sco_sock_clear_timer(sk);
152 sco_chan_del(sk, err);
153 bh_unlock_sock(sk);
154 sco_sock_kill(sk);
155 }
156
157 hcon->sco_data = NULL;
158 kfree(conn);
159 return 0;
160 }
161
sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)162 static inline int sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent)
163 {
164 int err = 0;
165
166 sco_conn_lock(conn);
167 if (conn->sk)
168 err = -EBUSY;
169 else
170 __sco_chan_add(conn, sk, parent);
171
172 sco_conn_unlock(conn);
173 return err;
174 }
175
sco_connect(struct sock * sk)176 static int sco_connect(struct sock *sk)
177 {
178 bdaddr_t *src = &bt_sk(sk)->src;
179 bdaddr_t *dst = &bt_sk(sk)->dst;
180 struct sco_conn *conn;
181 struct hci_conn *hcon;
182 struct hci_dev *hdev;
183 int err, type;
184
185 BT_DBG("%s -> %s", batostr(src), batostr(dst));
186
187 hdev = hci_get_route(dst, src);
188 if (!hdev)
189 return -EHOSTUNREACH;
190
191 hci_dev_lock(hdev);
192
193 if (lmp_esco_capable(hdev) && !disable_esco)
194 type = ESCO_LINK;
195 else
196 type = SCO_LINK;
197
198 hcon = hci_connect(hdev, type, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING);
199 if (IS_ERR(hcon)) {
200 err = PTR_ERR(hcon);
201 goto done;
202 }
203
204 conn = sco_conn_add(hcon, 0);
205 if (!conn) {
206 hci_conn_put(hcon);
207 err = -ENOMEM;
208 goto done;
209 }
210
211 /* Update source addr of the socket */
212 bacpy(src, conn->src);
213
214 err = sco_chan_add(conn, sk, NULL);
215 if (err)
216 goto done;
217
218 if (hcon->state == BT_CONNECTED) {
219 sco_sock_clear_timer(sk);
220 sk->sk_state = BT_CONNECTED;
221 } else {
222 sk->sk_state = BT_CONNECT;
223 sco_sock_set_timer(sk, sk->sk_sndtimeo);
224 }
225
226 done:
227 hci_dev_unlock(hdev);
228 hci_dev_put(hdev);
229 return err;
230 }
231
sco_send_frame(struct sock * sk,struct msghdr * msg,int len)232 static inline int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
233 {
234 struct sco_conn *conn = sco_pi(sk)->conn;
235 struct sk_buff *skb;
236 int err, count;
237
238 /* Check outgoing MTU */
239 if (len > conn->mtu)
240 return -EINVAL;
241
242 BT_DBG("sk %p len %d", sk, len);
243
244 count = min_t(unsigned int, conn->mtu, len);
245 skb = bt_skb_send_alloc(sk, count,
246 msg->msg_flags & MSG_DONTWAIT, &err);
247 if (!skb)
248 return err;
249
250 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
251 kfree_skb(skb);
252 return -EFAULT;
253 }
254
255 hci_send_sco(conn->hcon, skb);
256
257 return count;
258 }
259
sco_recv_frame(struct sco_conn * conn,struct sk_buff * skb)260 static inline void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
261 {
262 struct sock *sk = sco_chan_get(conn);
263
264 if (!sk)
265 goto drop;
266
267 BT_DBG("sk %p len %d", sk, skb->len);
268
269 if (sk->sk_state != BT_CONNECTED)
270 goto drop;
271
272 if (!sock_queue_rcv_skb(sk, skb))
273 return;
274
275 drop:
276 kfree_skb(skb);
277 }
278
279 /* -------- Socket interface ---------- */
__sco_get_sock_by_addr(bdaddr_t * ba)280 static struct sock *__sco_get_sock_by_addr(bdaddr_t *ba)
281 {
282 struct sock *sk;
283 struct hlist_node *node;
284
285 sk_for_each(sk, node, &sco_sk_list.head)
286 if (!bacmp(&bt_sk(sk)->src, ba))
287 goto found;
288 sk = NULL;
289 found:
290 return sk;
291 }
292
293 /* Find socket listening on source bdaddr.
294 * Returns closest match.
295 */
sco_get_sock_listen(bdaddr_t * src)296 static struct sock *sco_get_sock_listen(bdaddr_t *src)
297 {
298 struct sock *sk = NULL, *sk1 = NULL;
299 struct hlist_node *node;
300
301 read_lock(&sco_sk_list.lock);
302
303 sk_for_each(sk, node, &sco_sk_list.head) {
304 if (sk->sk_state != BT_LISTEN)
305 continue;
306
307 /* Exact match. */
308 if (!bacmp(&bt_sk(sk)->src, src))
309 break;
310
311 /* Closest match */
312 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
313 sk1 = sk;
314 }
315
316 read_unlock(&sco_sk_list.lock);
317
318 return node ? sk : sk1;
319 }
320
sco_sock_destruct(struct sock * sk)321 static void sco_sock_destruct(struct sock *sk)
322 {
323 BT_DBG("sk %p", sk);
324
325 skb_queue_purge(&sk->sk_receive_queue);
326 skb_queue_purge(&sk->sk_write_queue);
327 }
328
sco_sock_cleanup_listen(struct sock * parent)329 static void sco_sock_cleanup_listen(struct sock *parent)
330 {
331 struct sock *sk;
332
333 BT_DBG("parent %p", parent);
334
335 /* Close not yet accepted channels */
336 while ((sk = bt_accept_dequeue(parent, NULL))) {
337 sco_sock_close(sk);
338 sco_sock_kill(sk);
339 }
340
341 parent->sk_state = BT_CLOSED;
342 sock_set_flag(parent, SOCK_ZAPPED);
343 }
344
345 /* Kill socket (only if zapped and orphan)
346 * Must be called on unlocked socket.
347 */
sco_sock_kill(struct sock * sk)348 static void sco_sock_kill(struct sock *sk)
349 {
350 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
351 return;
352
353 BT_DBG("sk %p state %d", sk, sk->sk_state);
354
355 /* Kill poor orphan */
356 bt_sock_unlink(&sco_sk_list, sk);
357 sock_set_flag(sk, SOCK_DEAD);
358 sock_put(sk);
359 }
360
__sco_sock_close(struct sock * sk)361 static void __sco_sock_close(struct sock *sk)
362 {
363 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
364
365 switch (sk->sk_state) {
366 case BT_LISTEN:
367 sco_sock_cleanup_listen(sk);
368 break;
369
370 case BT_CONNECTED:
371 case BT_CONFIG:
372 if (sco_pi(sk)->conn) {
373 sk->sk_state = BT_DISCONN;
374 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
375 hci_conn_put(sco_pi(sk)->conn->hcon);
376 sco_pi(sk)->conn->hcon = NULL;
377 } else
378 sco_chan_del(sk, ECONNRESET);
379 break;
380
381 case BT_CONNECT2:
382 case BT_CONNECT:
383 case BT_DISCONN:
384 sco_chan_del(sk, ECONNRESET);
385 break;
386
387 default:
388 sock_set_flag(sk, SOCK_ZAPPED);
389 break;
390 }
391 }
392
393 /* Must be called on unlocked socket. */
sco_sock_close(struct sock * sk)394 static void sco_sock_close(struct sock *sk)
395 {
396 sco_sock_clear_timer(sk);
397 lock_sock(sk);
398 __sco_sock_close(sk);
399 release_sock(sk);
400 sco_sock_kill(sk);
401 }
402
sco_sock_init(struct sock * sk,struct sock * parent)403 static void sco_sock_init(struct sock *sk, struct sock *parent)
404 {
405 BT_DBG("sk %p", sk);
406
407 if (parent) {
408 sk->sk_type = parent->sk_type;
409 security_sk_clone(parent, sk);
410 }
411 }
412
413 static struct proto sco_proto = {
414 .name = "SCO",
415 .owner = THIS_MODULE,
416 .obj_size = sizeof(struct sco_pinfo)
417 };
418
sco_sock_alloc(struct net * net,struct socket * sock,int proto,gfp_t prio)419 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
420 {
421 struct sock *sk;
422
423 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto);
424 if (!sk)
425 return NULL;
426
427 sock_init_data(sock, sk);
428 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
429
430 sk->sk_destruct = sco_sock_destruct;
431 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
432
433 sock_reset_flag(sk, SOCK_ZAPPED);
434
435 sk->sk_protocol = proto;
436 sk->sk_state = BT_OPEN;
437
438 setup_timer(&sk->sk_timer, sco_sock_timeout, (unsigned long)sk);
439
440 bt_sock_link(&sco_sk_list, sk);
441 return sk;
442 }
443
sco_sock_create(struct net * net,struct socket * sock,int protocol,int kern)444 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
445 int kern)
446 {
447 struct sock *sk;
448
449 BT_DBG("sock %p", sock);
450
451 sock->state = SS_UNCONNECTED;
452
453 if (sock->type != SOCK_SEQPACKET)
454 return -ESOCKTNOSUPPORT;
455
456 sock->ops = &sco_sock_ops;
457
458 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC);
459 if (!sk)
460 return -ENOMEM;
461
462 sco_sock_init(sk, NULL);
463 return 0;
464 }
465
sco_sock_bind(struct socket * sock,struct sockaddr * addr,int addr_len)466 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
467 {
468 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
469 struct sock *sk = sock->sk;
470 bdaddr_t *src = &sa->sco_bdaddr;
471 int err = 0;
472
473 BT_DBG("sk %p %s", sk, batostr(&sa->sco_bdaddr));
474
475 if (!addr || addr->sa_family != AF_BLUETOOTH)
476 return -EINVAL;
477
478 lock_sock(sk);
479
480 if (sk->sk_state != BT_OPEN) {
481 err = -EBADFD;
482 goto done;
483 }
484
485 write_lock(&sco_sk_list.lock);
486
487 if (bacmp(src, BDADDR_ANY) && __sco_get_sock_by_addr(src)) {
488 err = -EADDRINUSE;
489 } else {
490 /* Save source address */
491 bacpy(&bt_sk(sk)->src, &sa->sco_bdaddr);
492 sk->sk_state = BT_BOUND;
493 }
494
495 write_unlock(&sco_sk_list.lock);
496
497 done:
498 release_sock(sk);
499 return err;
500 }
501
sco_sock_connect(struct socket * sock,struct sockaddr * addr,int alen,int flags)502 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
503 {
504 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
505 struct sock *sk = sock->sk;
506 int err = 0;
507
508
509 BT_DBG("sk %p", sk);
510
511 if (alen < sizeof(struct sockaddr_sco) ||
512 addr->sa_family != AF_BLUETOOTH)
513 return -EINVAL;
514
515 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
516 return -EBADFD;
517
518 if (sk->sk_type != SOCK_SEQPACKET)
519 return -EINVAL;
520
521 lock_sock(sk);
522
523 /* Set destination address and psm */
524 bacpy(&bt_sk(sk)->dst, &sa->sco_bdaddr);
525
526 err = sco_connect(sk);
527 if (err)
528 goto done;
529
530 err = bt_sock_wait_state(sk, BT_CONNECTED,
531 sock_sndtimeo(sk, flags & O_NONBLOCK));
532
533 done:
534 release_sock(sk);
535 return err;
536 }
537
sco_sock_listen(struct socket * sock,int backlog)538 static int sco_sock_listen(struct socket *sock, int backlog)
539 {
540 struct sock *sk = sock->sk;
541 int err = 0;
542
543 BT_DBG("sk %p backlog %d", sk, backlog);
544
545 lock_sock(sk);
546
547 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
548 err = -EBADFD;
549 goto done;
550 }
551
552 sk->sk_max_ack_backlog = backlog;
553 sk->sk_ack_backlog = 0;
554 sk->sk_state = BT_LISTEN;
555
556 done:
557 release_sock(sk);
558 return err;
559 }
560
sco_sock_accept(struct socket * sock,struct socket * newsock,int flags)561 static int sco_sock_accept(struct socket *sock, struct socket *newsock, int flags)
562 {
563 DECLARE_WAITQUEUE(wait, current);
564 struct sock *sk = sock->sk, *ch;
565 long timeo;
566 int err = 0;
567
568 lock_sock(sk);
569
570 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
571
572 BT_DBG("sk %p timeo %ld", sk, timeo);
573
574 /* Wait for an incoming connection. (wake-one). */
575 add_wait_queue_exclusive(sk_sleep(sk), &wait);
576 while (1) {
577 set_current_state(TASK_INTERRUPTIBLE);
578
579 if (sk->sk_state != BT_LISTEN) {
580 err = -EBADFD;
581 break;
582 }
583
584 ch = bt_accept_dequeue(sk, newsock);
585 if (ch)
586 break;
587
588 if (!timeo) {
589 err = -EAGAIN;
590 break;
591 }
592
593 if (signal_pending(current)) {
594 err = sock_intr_errno(timeo);
595 break;
596 }
597
598 release_sock(sk);
599 timeo = schedule_timeout(timeo);
600 lock_sock(sk);
601 }
602 __set_current_state(TASK_RUNNING);
603 remove_wait_queue(sk_sleep(sk), &wait);
604
605 if (err)
606 goto done;
607
608 newsock->state = SS_CONNECTED;
609
610 BT_DBG("new socket %p", ch);
611
612 done:
613 release_sock(sk);
614 return err;
615 }
616
sco_sock_getname(struct socket * sock,struct sockaddr * addr,int * len,int peer)617 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
618 {
619 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
620 struct sock *sk = sock->sk;
621
622 BT_DBG("sock %p, sk %p", sock, sk);
623
624 addr->sa_family = AF_BLUETOOTH;
625 *len = sizeof(struct sockaddr_sco);
626
627 if (peer)
628 bacpy(&sa->sco_bdaddr, &bt_sk(sk)->dst);
629 else
630 bacpy(&sa->sco_bdaddr, &bt_sk(sk)->src);
631
632 return 0;
633 }
634
sco_sock_sendmsg(struct kiocb * iocb,struct socket * sock,struct msghdr * msg,size_t len)635 static int sco_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
636 struct msghdr *msg, size_t len)
637 {
638 struct sock *sk = sock->sk;
639 int err;
640
641 BT_DBG("sock %p, sk %p", sock, sk);
642
643 err = sock_error(sk);
644 if (err)
645 return err;
646
647 if (msg->msg_flags & MSG_OOB)
648 return -EOPNOTSUPP;
649
650 lock_sock(sk);
651
652 if (sk->sk_state == BT_CONNECTED)
653 err = sco_send_frame(sk, msg, len);
654 else
655 err = -ENOTCONN;
656
657 release_sock(sk);
658 return err;
659 }
660
sco_sock_setsockopt(struct socket * sock,int level,int optname,char __user * optval,unsigned int optlen)661 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
662 {
663 struct sock *sk = sock->sk;
664 int err = 0;
665
666 BT_DBG("sk %p", sk);
667
668 lock_sock(sk);
669
670 switch (optname) {
671 default:
672 err = -ENOPROTOOPT;
673 break;
674 }
675
676 release_sock(sk);
677 return err;
678 }
679
sco_sock_getsockopt_old(struct socket * sock,int optname,char __user * optval,int __user * optlen)680 static int sco_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
681 {
682 struct sock *sk = sock->sk;
683 struct sco_options opts;
684 struct sco_conninfo cinfo;
685 int len, err = 0;
686
687 BT_DBG("sk %p", sk);
688
689 if (get_user(len, optlen))
690 return -EFAULT;
691
692 lock_sock(sk);
693
694 switch (optname) {
695 case SCO_OPTIONS:
696 if (sk->sk_state != BT_CONNECTED) {
697 err = -ENOTCONN;
698 break;
699 }
700
701 opts.mtu = sco_pi(sk)->conn->mtu;
702
703 BT_DBG("mtu %d", opts.mtu);
704
705 len = min_t(unsigned int, len, sizeof(opts));
706 if (copy_to_user(optval, (char *)&opts, len))
707 err = -EFAULT;
708
709 break;
710
711 case SCO_CONNINFO:
712 if (sk->sk_state != BT_CONNECTED) {
713 err = -ENOTCONN;
714 break;
715 }
716
717 memset(&cinfo, 0, sizeof(cinfo));
718 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
719 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
720
721 len = min_t(unsigned int, len, sizeof(cinfo));
722 if (copy_to_user(optval, (char *)&cinfo, len))
723 err = -EFAULT;
724
725 break;
726
727 default:
728 err = -ENOPROTOOPT;
729 break;
730 }
731
732 release_sock(sk);
733 return err;
734 }
735
sco_sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)736 static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
737 {
738 struct sock *sk = sock->sk;
739 int len, err = 0;
740
741 BT_DBG("sk %p", sk);
742
743 if (level == SOL_SCO)
744 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
745
746 if (get_user(len, optlen))
747 return -EFAULT;
748
749 lock_sock(sk);
750
751 switch (optname) {
752 default:
753 err = -ENOPROTOOPT;
754 break;
755 }
756
757 release_sock(sk);
758 return err;
759 }
760
sco_sock_shutdown(struct socket * sock,int how)761 static int sco_sock_shutdown(struct socket *sock, int how)
762 {
763 struct sock *sk = sock->sk;
764 int err = 0;
765
766 BT_DBG("sock %p, sk %p", sock, sk);
767
768 if (!sk)
769 return 0;
770
771 lock_sock(sk);
772 if (!sk->sk_shutdown) {
773 sk->sk_shutdown = SHUTDOWN_MASK;
774 sco_sock_clear_timer(sk);
775 __sco_sock_close(sk);
776
777 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
778 err = bt_sock_wait_state(sk, BT_CLOSED,
779 sk->sk_lingertime);
780 }
781 release_sock(sk);
782 return err;
783 }
784
sco_sock_release(struct socket * sock)785 static int sco_sock_release(struct socket *sock)
786 {
787 struct sock *sk = sock->sk;
788 int err = 0;
789
790 BT_DBG("sock %p, sk %p", sock, sk);
791
792 if (!sk)
793 return 0;
794
795 sco_sock_close(sk);
796
797 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) {
798 lock_sock(sk);
799 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
800 release_sock(sk);
801 }
802
803 sock_orphan(sk);
804 sco_sock_kill(sk);
805 return err;
806 }
807
__sco_chan_add(struct sco_conn * conn,struct sock * sk,struct sock * parent)808 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent)
809 {
810 BT_DBG("conn %p", conn);
811
812 sco_pi(sk)->conn = conn;
813 conn->sk = sk;
814
815 if (parent)
816 bt_accept_enqueue(parent, sk);
817 }
818
819 /* Delete channel.
820 * Must be called on the locked socket. */
sco_chan_del(struct sock * sk,int err)821 static void sco_chan_del(struct sock *sk, int err)
822 {
823 struct sco_conn *conn;
824
825 conn = sco_pi(sk)->conn;
826
827 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
828
829 if (conn) {
830 sco_conn_lock(conn);
831 conn->sk = NULL;
832 sco_pi(sk)->conn = NULL;
833 sco_conn_unlock(conn);
834
835 if (conn->hcon)
836 hci_conn_put(conn->hcon);
837 }
838
839 sk->sk_state = BT_CLOSED;
840 sk->sk_err = err;
841 sk->sk_state_change(sk);
842
843 sock_set_flag(sk, SOCK_ZAPPED);
844 }
845
sco_conn_ready(struct sco_conn * conn)846 static void sco_conn_ready(struct sco_conn *conn)
847 {
848 struct sock *parent;
849 struct sock *sk = conn->sk;
850
851 BT_DBG("conn %p", conn);
852
853 sco_conn_lock(conn);
854
855 if (sk) {
856 sco_sock_clear_timer(sk);
857 bh_lock_sock(sk);
858 sk->sk_state = BT_CONNECTED;
859 sk->sk_state_change(sk);
860 bh_unlock_sock(sk);
861 } else {
862 parent = sco_get_sock_listen(conn->src);
863 if (!parent)
864 goto done;
865
866 bh_lock_sock(parent);
867
868 sk = sco_sock_alloc(sock_net(parent), NULL,
869 BTPROTO_SCO, GFP_ATOMIC);
870 if (!sk) {
871 bh_unlock_sock(parent);
872 goto done;
873 }
874
875 sco_sock_init(sk, parent);
876
877 bacpy(&bt_sk(sk)->src, conn->src);
878 bacpy(&bt_sk(sk)->dst, conn->dst);
879
880 hci_conn_hold(conn->hcon);
881 __sco_chan_add(conn, sk, parent);
882
883 sk->sk_state = BT_CONNECTED;
884
885 /* Wake up parent */
886 parent->sk_data_ready(parent, 1);
887
888 bh_unlock_sock(parent);
889 }
890
891 done:
892 sco_conn_unlock(conn);
893 }
894
895 /* ----- SCO interface with lower layer (HCI) ----- */
sco_connect_ind(struct hci_dev * hdev,bdaddr_t * bdaddr)896 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
897 {
898 register struct sock *sk;
899 struct hlist_node *node;
900 int lm = 0;
901
902 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
903
904 /* Find listening sockets */
905 read_lock(&sco_sk_list.lock);
906 sk_for_each(sk, node, &sco_sk_list.head) {
907 if (sk->sk_state != BT_LISTEN)
908 continue;
909
910 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr) ||
911 !bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
912 lm |= HCI_LM_ACCEPT;
913 break;
914 }
915 }
916 read_unlock(&sco_sk_list.lock);
917
918 return lm;
919 }
920
sco_connect_cfm(struct hci_conn * hcon,__u8 status)921 int sco_connect_cfm(struct hci_conn *hcon, __u8 status)
922 {
923 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
924 if (!status) {
925 struct sco_conn *conn;
926
927 conn = sco_conn_add(hcon, status);
928 if (conn)
929 sco_conn_ready(conn);
930 } else
931 sco_conn_del(hcon, bt_to_errno(status));
932
933 return 0;
934 }
935
sco_disconn_cfm(struct hci_conn * hcon,__u8 reason)936 int sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
937 {
938 BT_DBG("hcon %p reason %d", hcon, reason);
939
940 sco_conn_del(hcon, bt_to_errno(reason));
941 return 0;
942 }
943
sco_recv_scodata(struct hci_conn * hcon,struct sk_buff * skb)944 int sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
945 {
946 struct sco_conn *conn = hcon->sco_data;
947
948 if (!conn)
949 goto drop;
950
951 BT_DBG("conn %p len %d", conn, skb->len);
952
953 if (skb->len) {
954 sco_recv_frame(conn, skb);
955 return 0;
956 }
957
958 drop:
959 kfree_skb(skb);
960 return 0;
961 }
962
sco_debugfs_show(struct seq_file * f,void * p)963 static int sco_debugfs_show(struct seq_file *f, void *p)
964 {
965 struct sock *sk;
966 struct hlist_node *node;
967
968 read_lock(&sco_sk_list.lock);
969
970 sk_for_each(sk, node, &sco_sk_list.head) {
971 seq_printf(f, "%s %s %d\n", batostr(&bt_sk(sk)->src),
972 batostr(&bt_sk(sk)->dst), sk->sk_state);
973 }
974
975 read_unlock(&sco_sk_list.lock);
976
977 return 0;
978 }
979
sco_debugfs_open(struct inode * inode,struct file * file)980 static int sco_debugfs_open(struct inode *inode, struct file *file)
981 {
982 return single_open(file, sco_debugfs_show, inode->i_private);
983 }
984
985 static const struct file_operations sco_debugfs_fops = {
986 .open = sco_debugfs_open,
987 .read = seq_read,
988 .llseek = seq_lseek,
989 .release = single_release,
990 };
991
992 static struct dentry *sco_debugfs;
993
994 static const struct proto_ops sco_sock_ops = {
995 .family = PF_BLUETOOTH,
996 .owner = THIS_MODULE,
997 .release = sco_sock_release,
998 .bind = sco_sock_bind,
999 .connect = sco_sock_connect,
1000 .listen = sco_sock_listen,
1001 .accept = sco_sock_accept,
1002 .getname = sco_sock_getname,
1003 .sendmsg = sco_sock_sendmsg,
1004 .recvmsg = bt_sock_recvmsg,
1005 .poll = bt_sock_poll,
1006 .ioctl = bt_sock_ioctl,
1007 .mmap = sock_no_mmap,
1008 .socketpair = sock_no_socketpair,
1009 .shutdown = sco_sock_shutdown,
1010 .setsockopt = sco_sock_setsockopt,
1011 .getsockopt = sco_sock_getsockopt
1012 };
1013
1014 static const struct net_proto_family sco_sock_family_ops = {
1015 .family = PF_BLUETOOTH,
1016 .owner = THIS_MODULE,
1017 .create = sco_sock_create,
1018 };
1019
sco_init(void)1020 int __init sco_init(void)
1021 {
1022 int err;
1023
1024 err = proto_register(&sco_proto, 0);
1025 if (err < 0)
1026 return err;
1027
1028 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1029 if (err < 0) {
1030 BT_ERR("SCO socket registration failed");
1031 goto error;
1032 }
1033
1034 if (bt_debugfs) {
1035 sco_debugfs = debugfs_create_file("sco", 0444,
1036 bt_debugfs, NULL, &sco_debugfs_fops);
1037 if (!sco_debugfs)
1038 BT_ERR("Failed to create SCO debug file");
1039 }
1040
1041 BT_INFO("SCO socket layer initialized");
1042
1043 return 0;
1044
1045 error:
1046 proto_unregister(&sco_proto);
1047 return err;
1048 }
1049
sco_exit(void)1050 void __exit sco_exit(void)
1051 {
1052 debugfs_remove(sco_debugfs);
1053
1054 if (bt_sock_unregister(BTPROTO_SCO) < 0)
1055 BT_ERR("SCO socket unregistration failed");
1056
1057 proto_unregister(&sco_proto);
1058 }
1059
1060 module_param(disable_esco, bool, 0644);
1061 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1062