1// SPDX-License-Identifier: GPL-2.0 2/* 3 * BlueZ - Bluetooth protocol stack for Linux 4 * 5 * Copyright (C) 2022 Intel Corporation 6 * Copyright 2023-2024 NXP 7 */ 8 9#include <linux/module.h> 10#include <linux/debugfs.h> 11#include <linux/seq_file.h> 12#include <linux/sched/signal.h> 13 14#include <net/bluetooth/bluetooth.h> 15#include <net/bluetooth/hci_core.h> 16#include <net/bluetooth/iso.h> 17#include "eir.h" 18 19static const struct proto_ops iso_sock_ops; 20 21static struct bt_sock_list iso_sk_list = { 22 .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock) 23}; 24 25/* ---- ISO connections ---- */ 26struct iso_conn { 27 struct hci_conn *hcon; 28 29 /* @lock: spinlock protecting changes to iso_conn fields */ 30 spinlock_t lock; 31 struct sock *sk; 32 33 struct delayed_work timeout_work; 34 35 struct sk_buff *rx_skb; 36 __u32 rx_len; 37 __u16 tx_sn; 38}; 39 40#define iso_conn_lock(c) spin_lock(&(c)->lock) 41#define iso_conn_unlock(c) spin_unlock(&(c)->lock) 42 43static void iso_sock_close(struct sock *sk); 44static void iso_sock_kill(struct sock *sk); 45 46/* ----- ISO socket info ----- */ 47#define iso_pi(sk) ((struct iso_pinfo *)sk) 48 49#define EIR_SERVICE_DATA_LENGTH 4 50#define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH) 51#define EIR_BAA_SERVICE_UUID 0x1851 52 53/* iso_pinfo flags values */ 54enum { 55 BT_SK_BIG_SYNC, 56 BT_SK_PA_SYNC, 57 BT_SK_PA_SYNC_TERM, 58}; 59 60struct iso_pinfo { 61 struct bt_sock bt; 62 bdaddr_t src; 63 __u8 src_type; 64 bdaddr_t dst; 65 __u8 dst_type; 66 __u8 bc_sid; 67 __u8 bc_num_bis; 68 __u8 bc_bis[ISO_MAX_NUM_BIS]; 69 __u16 sync_handle; 70 unsigned long flags; 71 struct bt_iso_qos qos; 72 bool qos_user_set; 73 __u8 base_len; 74 __u8 base[BASE_MAX_LENGTH]; 75 struct iso_conn *conn; 76}; 77 78static struct bt_iso_qos default_qos; 79 80static bool check_ucast_qos(struct bt_iso_qos *qos); 81static bool check_bcast_qos(struct bt_iso_qos *qos); 82static bool iso_match_sid(struct sock *sk, void *data); 83static bool iso_match_sync_handle(struct sock *sk, void *data); 84static void iso_sock_disconn(struct sock *sk); 85 86typedef bool (*iso_sock_match_t)(struct sock *sk, void *data); 87 88static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst, 89 iso_sock_match_t match, void *data); 90 91/* ---- ISO timers ---- */ 92#define ISO_CONN_TIMEOUT (HZ * 40) 93#define ISO_DISCONN_TIMEOUT (HZ * 2) 94 95static void iso_sock_timeout(struct work_struct *work) 96{ 97 struct iso_conn *conn = container_of(work, struct iso_conn, 98 timeout_work.work); 99 struct sock *sk; 100 101 iso_conn_lock(conn); 102 sk = conn->sk; 103 if (sk) 104 sock_hold(sk); 105 iso_conn_unlock(conn); 106 107 if (!sk) 108 return; 109 110 BT_DBG("sock %p state %d", sk, sk->sk_state); 111 112 lock_sock(sk); 113 sk->sk_err = ETIMEDOUT; 114 sk->sk_state_change(sk); 115 release_sock(sk); 116 sock_put(sk); 117} 118 119static void iso_sock_set_timer(struct sock *sk, long timeout) 120{ 121 if (!iso_pi(sk)->conn) 122 return; 123 124 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); 125 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 126 schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout); 127} 128 129static void iso_sock_clear_timer(struct sock *sk) 130{ 131 if (!iso_pi(sk)->conn) 132 return; 133 134 BT_DBG("sock %p state %d", sk, sk->sk_state); 135 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work); 136} 137 138/* ---- ISO connections ---- */ 139static struct iso_conn *iso_conn_add(struct hci_conn *hcon) 140{ 141 struct iso_conn *conn = hcon->iso_data; 142 143 if (conn) { 144 if (!conn->hcon) 145 conn->hcon = hcon; 146 return conn; 147 } 148 149 conn = kzalloc(sizeof(*conn), GFP_KERNEL); 150 if (!conn) 151 return NULL; 152 153 spin_lock_init(&conn->lock); 154 INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout); 155 156 hcon->iso_data = conn; 157 conn->hcon = hcon; 158 conn->tx_sn = 0; 159 160 BT_DBG("hcon %p conn %p", hcon, conn); 161 162 return conn; 163} 164 165/* Delete channel. Must be called on the locked socket. */ 166static void iso_chan_del(struct sock *sk, int err) 167{ 168 struct iso_conn *conn; 169 struct sock *parent; 170 171 conn = iso_pi(sk)->conn; 172 173 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 174 175 if (conn) { 176 iso_conn_lock(conn); 177 conn->sk = NULL; 178 iso_pi(sk)->conn = NULL; 179 iso_conn_unlock(conn); 180 181 if (conn->hcon) 182 hci_conn_drop(conn->hcon); 183 } 184 185 sk->sk_state = BT_CLOSED; 186 sk->sk_err = err; 187 188 parent = bt_sk(sk)->parent; 189 if (parent) { 190 bt_accept_unlink(sk); 191 parent->sk_data_ready(parent); 192 } else { 193 sk->sk_state_change(sk); 194 } 195 196 sock_set_flag(sk, SOCK_ZAPPED); 197} 198 199static bool iso_match_conn_sync_handle(struct sock *sk, void *data) 200{ 201 struct hci_conn *hcon = data; 202 203 if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) 204 return false; 205 206 return hcon->sync_handle == iso_pi(sk)->sync_handle; 207} 208 209static void iso_conn_del(struct hci_conn *hcon, int err) 210{ 211 struct iso_conn *conn = hcon->iso_data; 212 struct sock *sk; 213 struct sock *parent; 214 215 if (!conn) 216 return; 217 218 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 219 220 /* Kill socket */ 221 iso_conn_lock(conn); 222 sk = conn->sk; 223 if (sk) 224 sock_hold(sk); 225 iso_conn_unlock(conn); 226 227 if (sk) { 228 lock_sock(sk); 229 230 /* While a PA sync hcon is in the process of closing, 231 * mark parent socket with a flag, so that any residual 232 * BIGInfo adv reports that arrive before PA sync is 233 * terminated are not processed anymore. 234 */ 235 if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) { 236 parent = iso_get_sock_listen(&hcon->src, 237 &hcon->dst, 238 iso_match_conn_sync_handle, 239 hcon); 240 241 if (parent) { 242 set_bit(BT_SK_PA_SYNC_TERM, 243 &iso_pi(parent)->flags); 244 sock_put(parent); 245 } 246 } 247 248 iso_sock_clear_timer(sk); 249 iso_chan_del(sk, err); 250 release_sock(sk); 251 sock_put(sk); 252 } 253 254 /* Ensure no more work items will run before freeing conn. */ 255 cancel_delayed_work_sync(&conn->timeout_work); 256 257 hcon->iso_data = NULL; 258 kfree(conn); 259} 260 261static int __iso_chan_add(struct iso_conn *conn, struct sock *sk, 262 struct sock *parent) 263{ 264 BT_DBG("conn %p", conn); 265 266 if (iso_pi(sk)->conn == conn && conn->sk == sk) 267 return 0; 268 269 if (conn->sk) { 270 BT_ERR("conn->sk already set"); 271 return -EBUSY; 272 } 273 274 iso_pi(sk)->conn = conn; 275 conn->sk = sk; 276 277 if (parent) 278 bt_accept_enqueue(parent, sk, true); 279 280 return 0; 281} 282 283static int iso_chan_add(struct iso_conn *conn, struct sock *sk, 284 struct sock *parent) 285{ 286 int err; 287 288 iso_conn_lock(conn); 289 err = __iso_chan_add(conn, sk, parent); 290 iso_conn_unlock(conn); 291 292 return err; 293} 294 295static inline u8 le_addr_type(u8 bdaddr_type) 296{ 297 if (bdaddr_type == BDADDR_LE_PUBLIC) 298 return ADDR_LE_DEV_PUBLIC; 299 else 300 return ADDR_LE_DEV_RANDOM; 301} 302 303static int iso_connect_bis(struct sock *sk) 304{ 305 struct iso_conn *conn; 306 struct hci_conn *hcon; 307 struct hci_dev *hdev; 308 int err; 309 310 BT_DBG("%pMR", &iso_pi(sk)->src); 311 312 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 313 iso_pi(sk)->src_type); 314 if (!hdev) 315 return -EHOSTUNREACH; 316 317 hci_dev_lock(hdev); 318 319 if (!bis_capable(hdev)) { 320 err = -EOPNOTSUPP; 321 goto unlock; 322 } 323 324 /* Fail if user set invalid QoS */ 325 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) { 326 iso_pi(sk)->qos = default_qos; 327 err = -EINVAL; 328 goto unlock; 329 } 330 331 /* Fail if out PHYs are marked as disabled */ 332 if (!iso_pi(sk)->qos.bcast.out.phy) { 333 err = -EINVAL; 334 goto unlock; 335 } 336 337 /* Just bind if DEFER_SETUP has been set */ 338 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 339 hcon = hci_bind_bis(hdev, &iso_pi(sk)->dst, 340 &iso_pi(sk)->qos, iso_pi(sk)->base_len, 341 iso_pi(sk)->base); 342 if (IS_ERR(hcon)) { 343 err = PTR_ERR(hcon); 344 goto unlock; 345 } 346 } else { 347 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst, 348 le_addr_type(iso_pi(sk)->dst_type), 349 &iso_pi(sk)->qos, iso_pi(sk)->base_len, 350 iso_pi(sk)->base); 351 if (IS_ERR(hcon)) { 352 err = PTR_ERR(hcon); 353 goto unlock; 354 } 355 } 356 357 conn = iso_conn_add(hcon); 358 if (!conn) { 359 hci_conn_drop(hcon); 360 err = -ENOMEM; 361 goto unlock; 362 } 363 364 lock_sock(sk); 365 366 err = iso_chan_add(conn, sk, NULL); 367 if (err) { 368 release_sock(sk); 369 goto unlock; 370 } 371 372 /* Update source addr of the socket */ 373 bacpy(&iso_pi(sk)->src, &hcon->src); 374 375 if (hcon->state == BT_CONNECTED) { 376 iso_sock_clear_timer(sk); 377 sk->sk_state = BT_CONNECTED; 378 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 379 iso_sock_clear_timer(sk); 380 sk->sk_state = BT_CONNECT; 381 } else { 382 sk->sk_state = BT_CONNECT; 383 iso_sock_set_timer(sk, sk->sk_sndtimeo); 384 } 385 386 release_sock(sk); 387 388unlock: 389 hci_dev_unlock(hdev); 390 hci_dev_put(hdev); 391 return err; 392} 393 394static int iso_connect_cis(struct sock *sk) 395{ 396 struct iso_conn *conn; 397 struct hci_conn *hcon; 398 struct hci_dev *hdev; 399 int err; 400 401 BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst); 402 403 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 404 iso_pi(sk)->src_type); 405 if (!hdev) 406 return -EHOSTUNREACH; 407 408 hci_dev_lock(hdev); 409 410 if (!cis_central_capable(hdev)) { 411 err = -EOPNOTSUPP; 412 goto unlock; 413 } 414 415 /* Fail if user set invalid QoS */ 416 if (iso_pi(sk)->qos_user_set && !check_ucast_qos(&iso_pi(sk)->qos)) { 417 iso_pi(sk)->qos = default_qos; 418 err = -EINVAL; 419 goto unlock; 420 } 421 422 /* Fail if either PHYs are marked as disabled */ 423 if (!iso_pi(sk)->qos.ucast.in.phy && !iso_pi(sk)->qos.ucast.out.phy) { 424 err = -EINVAL; 425 goto unlock; 426 } 427 428 /* Just bind if DEFER_SETUP has been set */ 429 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 430 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst, 431 le_addr_type(iso_pi(sk)->dst_type), 432 &iso_pi(sk)->qos); 433 if (IS_ERR(hcon)) { 434 err = PTR_ERR(hcon); 435 goto unlock; 436 } 437 } else { 438 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst, 439 le_addr_type(iso_pi(sk)->dst_type), 440 &iso_pi(sk)->qos); 441 if (IS_ERR(hcon)) { 442 err = PTR_ERR(hcon); 443 goto unlock; 444 } 445 } 446 447 conn = iso_conn_add(hcon); 448 if (!conn) { 449 hci_conn_drop(hcon); 450 err = -ENOMEM; 451 goto unlock; 452 } 453 454 lock_sock(sk); 455 456 err = iso_chan_add(conn, sk, NULL); 457 if (err) { 458 release_sock(sk); 459 goto unlock; 460 } 461 462 /* Update source addr of the socket */ 463 bacpy(&iso_pi(sk)->src, &hcon->src); 464 465 if (hcon->state == BT_CONNECTED) { 466 iso_sock_clear_timer(sk); 467 sk->sk_state = BT_CONNECTED; 468 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 469 iso_sock_clear_timer(sk); 470 sk->sk_state = BT_CONNECT; 471 } else { 472 sk->sk_state = BT_CONNECT; 473 iso_sock_set_timer(sk, sk->sk_sndtimeo); 474 } 475 476 release_sock(sk); 477 478unlock: 479 hci_dev_unlock(hdev); 480 hci_dev_put(hdev); 481 return err; 482} 483 484static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk) 485{ 486 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2) 487 return &iso_pi(sk)->conn->hcon->iso_qos; 488 489 return &iso_pi(sk)->qos; 490} 491 492static int iso_send_frame(struct sock *sk, struct sk_buff *skb) 493{ 494 struct iso_conn *conn = iso_pi(sk)->conn; 495 struct bt_iso_qos *qos = iso_sock_get_qos(sk); 496 struct hci_iso_data_hdr *hdr; 497 int len = 0; 498 499 BT_DBG("sk %p len %d", sk, skb->len); 500 501 if (skb->len > qos->ucast.out.sdu) 502 return -EMSGSIZE; 503 504 len = skb->len; 505 506 /* Push ISO data header */ 507 hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE); 508 hdr->sn = cpu_to_le16(conn->tx_sn++); 509 hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len, 510 HCI_ISO_STATUS_VALID)); 511 512 if (sk->sk_state == BT_CONNECTED) 513 hci_send_iso(conn->hcon, skb); 514 else 515 len = -ENOTCONN; 516 517 return len; 518} 519 520static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb) 521{ 522 struct sock *sk; 523 524 iso_conn_lock(conn); 525 sk = conn->sk; 526 iso_conn_unlock(conn); 527 528 if (!sk) 529 goto drop; 530 531 BT_DBG("sk %p len %d", sk, skb->len); 532 533 if (sk->sk_state != BT_CONNECTED) 534 goto drop; 535 536 if (!sock_queue_rcv_skb(sk, skb)) 537 return; 538 539drop: 540 kfree_skb(skb); 541} 542 543/* -------- Socket interface ---------- */ 544static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *src, bdaddr_t *dst) 545{ 546 struct sock *sk; 547 548 sk_for_each(sk, &iso_sk_list.head) { 549 if (sk->sk_state != BT_LISTEN) 550 continue; 551 552 if (bacmp(&iso_pi(sk)->dst, dst)) 553 continue; 554 555 if (!bacmp(&iso_pi(sk)->src, src)) 556 return sk; 557 } 558 559 return NULL; 560} 561 562static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc, 563 __u8 sid) 564{ 565 struct sock *sk; 566 567 sk_for_each(sk, &iso_sk_list.head) { 568 if (sk->sk_state != BT_LISTEN) 569 continue; 570 571 if (bacmp(&iso_pi(sk)->src, ba)) 572 continue; 573 574 if (bacmp(&iso_pi(sk)->dst, bc)) 575 continue; 576 577 if (iso_pi(sk)->bc_sid == sid) 578 return sk; 579 } 580 581 return NULL; 582} 583 584/* Find socket listening: 585 * source bdaddr (Unicast) 586 * destination bdaddr (Broadcast only) 587 * match func - pass NULL to ignore 588 * match func data - pass -1 to ignore 589 * Returns closest match. 590 */ 591static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst, 592 iso_sock_match_t match, void *data) 593{ 594 struct sock *sk = NULL, *sk1 = NULL; 595 596 read_lock(&iso_sk_list.lock); 597 598 sk_for_each(sk, &iso_sk_list.head) { 599 if (sk->sk_state != BT_LISTEN) 600 continue; 601 602 /* Match Broadcast destination */ 603 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst)) 604 continue; 605 606 /* Use Match function if provided */ 607 if (match && !match(sk, data)) 608 continue; 609 610 /* Exact match. */ 611 if (!bacmp(&iso_pi(sk)->src, src)) { 612 sock_hold(sk); 613 break; 614 } 615 616 /* Closest match */ 617 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) { 618 if (sk1) 619 sock_put(sk1); 620 621 sk1 = sk; 622 sock_hold(sk1); 623 } 624 } 625 626 if (sk && sk1) 627 sock_put(sk1); 628 629 read_unlock(&iso_sk_list.lock); 630 631 return sk ? sk : sk1; 632} 633 634static struct sock *iso_get_sock_big(struct sock *match_sk, bdaddr_t *src, 635 bdaddr_t *dst, uint8_t big) 636{ 637 struct sock *sk = NULL; 638 639 read_lock(&iso_sk_list.lock); 640 641 sk_for_each(sk, &iso_sk_list.head) { 642 if (match_sk == sk) 643 continue; 644 645 /* Look for sockets that have already been 646 * connected to the BIG 647 */ 648 if (sk->sk_state != BT_CONNECTED && 649 sk->sk_state != BT_CONNECT) 650 continue; 651 652 /* Match Broadcast destination */ 653 if (bacmp(&iso_pi(sk)->dst, dst)) 654 continue; 655 656 /* Match BIG handle */ 657 if (iso_pi(sk)->qos.bcast.big != big) 658 continue; 659 660 /* Match source address */ 661 if (bacmp(&iso_pi(sk)->src, src)) 662 continue; 663 664 sock_hold(sk); 665 break; 666 } 667 668 read_unlock(&iso_sk_list.lock); 669 670 return sk; 671} 672 673static void iso_sock_destruct(struct sock *sk) 674{ 675 BT_DBG("sk %p", sk); 676 677 skb_queue_purge(&sk->sk_receive_queue); 678 skb_queue_purge(&sk->sk_write_queue); 679} 680 681static void iso_sock_cleanup_listen(struct sock *parent) 682{ 683 struct sock *sk; 684 685 BT_DBG("parent %p", parent); 686 687 /* Close not yet accepted channels */ 688 while ((sk = bt_accept_dequeue(parent, NULL))) { 689 iso_sock_close(sk); 690 iso_sock_kill(sk); 691 } 692 693 /* If listening socket has a hcon, properly disconnect it */ 694 if (iso_pi(parent)->conn && iso_pi(parent)->conn->hcon) { 695 iso_sock_disconn(parent); 696 return; 697 } 698 699 parent->sk_state = BT_CLOSED; 700 sock_set_flag(parent, SOCK_ZAPPED); 701} 702 703/* Kill socket (only if zapped and orphan) 704 * Must be called on unlocked socket. 705 */ 706static void iso_sock_kill(struct sock *sk) 707{ 708 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket || 709 sock_flag(sk, SOCK_DEAD)) 710 return; 711 712 BT_DBG("sk %p state %d", sk, sk->sk_state); 713 714 /* Kill poor orphan */ 715 bt_sock_unlink(&iso_sk_list, sk); 716 sock_set_flag(sk, SOCK_DEAD); 717 sock_put(sk); 718} 719 720static void iso_sock_disconn(struct sock *sk) 721{ 722 struct sock *bis_sk; 723 struct hci_conn *hcon = iso_pi(sk)->conn->hcon; 724 725 if (test_bit(HCI_CONN_BIG_CREATED, &hcon->flags)) { 726 bis_sk = iso_get_sock_big(sk, &iso_pi(sk)->src, 727 &iso_pi(sk)->dst, 728 iso_pi(sk)->qos.bcast.big); 729 730 /* If there are any other connected sockets for the 731 * same BIG, just delete the sk and leave the bis 732 * hcon active, in case later rebinding is needed. 733 */ 734 if (bis_sk) { 735 hcon->state = BT_OPEN; 736 iso_pi(sk)->conn->hcon = NULL; 737 iso_sock_clear_timer(sk); 738 iso_chan_del(sk, bt_to_errno(hcon->abort_reason)); 739 sock_put(bis_sk); 740 return; 741 } 742 } 743 744 sk->sk_state = BT_DISCONN; 745 iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT); 746 iso_conn_lock(iso_pi(sk)->conn); 747 hci_conn_drop(iso_pi(sk)->conn->hcon); 748 iso_pi(sk)->conn->hcon = NULL; 749 iso_conn_unlock(iso_pi(sk)->conn); 750} 751 752static void __iso_sock_close(struct sock *sk) 753{ 754 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 755 756 switch (sk->sk_state) { 757 case BT_LISTEN: 758 iso_sock_cleanup_listen(sk); 759 break; 760 761 case BT_CONNECT: 762 case BT_CONNECTED: 763 case BT_CONFIG: 764 if (iso_pi(sk)->conn->hcon) 765 iso_sock_disconn(sk); 766 else 767 iso_chan_del(sk, ECONNRESET); 768 break; 769 770 case BT_CONNECT2: 771 if (iso_pi(sk)->conn->hcon && 772 (test_bit(HCI_CONN_PA_SYNC, &iso_pi(sk)->conn->hcon->flags) || 773 test_bit(HCI_CONN_PA_SYNC_FAILED, &iso_pi(sk)->conn->hcon->flags))) 774 iso_sock_disconn(sk); 775 else 776 iso_chan_del(sk, ECONNRESET); 777 break; 778 case BT_DISCONN: 779 iso_chan_del(sk, ECONNRESET); 780 break; 781 782 default: 783 sock_set_flag(sk, SOCK_ZAPPED); 784 break; 785 } 786} 787 788/* Must be called on unlocked socket. */ 789static void iso_sock_close(struct sock *sk) 790{ 791 iso_sock_clear_timer(sk); 792 lock_sock(sk); 793 __iso_sock_close(sk); 794 release_sock(sk); 795 iso_sock_kill(sk); 796} 797 798static void iso_sock_init(struct sock *sk, struct sock *parent) 799{ 800 BT_DBG("sk %p", sk); 801 802 if (parent) { 803 sk->sk_type = parent->sk_type; 804 bt_sk(sk)->flags = bt_sk(parent)->flags; 805 security_sk_clone(parent, sk); 806 } 807} 808 809static struct proto iso_proto = { 810 .name = "ISO", 811 .owner = THIS_MODULE, 812 .obj_size = sizeof(struct iso_pinfo) 813}; 814 815#define DEFAULT_IO_QOS \ 816{ \ 817 .interval = 10000u, \ 818 .latency = 10u, \ 819 .sdu = 40u, \ 820 .phy = BT_ISO_PHY_2M, \ 821 .rtn = 2u, \ 822} 823 824static struct bt_iso_qos default_qos = { 825 .bcast = { 826 .big = BT_ISO_QOS_BIG_UNSET, 827 .bis = BT_ISO_QOS_BIS_UNSET, 828 .sync_factor = 0x01, 829 .packing = 0x00, 830 .framing = 0x00, 831 .in = DEFAULT_IO_QOS, 832 .out = DEFAULT_IO_QOS, 833 .encryption = 0x00, 834 .bcode = {0x00}, 835 .options = 0x00, 836 .skip = 0x0000, 837 .sync_timeout = BT_ISO_SYNC_TIMEOUT, 838 .sync_cte_type = 0x00, 839 .mse = 0x00, 840 .timeout = BT_ISO_SYNC_TIMEOUT, 841 }, 842}; 843 844static struct sock *iso_sock_alloc(struct net *net, struct socket *sock, 845 int proto, gfp_t prio, int kern) 846{ 847 struct sock *sk; 848 849 sk = bt_sock_alloc(net, sock, &iso_proto, proto, prio, kern); 850 if (!sk) 851 return NULL; 852 853 sk->sk_destruct = iso_sock_destruct; 854 sk->sk_sndtimeo = ISO_CONN_TIMEOUT; 855 856 /* Set address type as public as default src address is BDADDR_ANY */ 857 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC; 858 859 iso_pi(sk)->qos = default_qos; 860 861 bt_sock_link(&iso_sk_list, sk); 862 return sk; 863} 864 865static int iso_sock_create(struct net *net, struct socket *sock, int protocol, 866 int kern) 867{ 868 struct sock *sk; 869 870 BT_DBG("sock %p", sock); 871 872 sock->state = SS_UNCONNECTED; 873 874 if (sock->type != SOCK_SEQPACKET) 875 return -ESOCKTNOSUPPORT; 876 877 sock->ops = &iso_sock_ops; 878 879 sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern); 880 if (!sk) 881 return -ENOMEM; 882 883 iso_sock_init(sk, NULL); 884 return 0; 885} 886 887static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr, 888 int addr_len) 889{ 890 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 891 struct sock *sk = sock->sk; 892 int i; 893 894 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid, 895 sa->iso_bc->bc_num_bis); 896 897 if (addr_len != sizeof(*sa) + sizeof(*sa->iso_bc)) 898 return -EINVAL; 899 900 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr); 901 902 /* Check if the address type is of LE type */ 903 if (!bdaddr_type_is_le(sa->iso_bc->bc_bdaddr_type)) 904 return -EINVAL; 905 906 iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type; 907 iso_pi(sk)->sync_handle = -1; 908 909 if (sa->iso_bc->bc_sid > 0x0f) 910 return -EINVAL; 911 912 iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid; 913 914 if (sa->iso_bc->bc_num_bis > ISO_MAX_NUM_BIS) 915 return -EINVAL; 916 917 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis; 918 919 for (i = 0; i < iso_pi(sk)->bc_num_bis; i++) 920 if (sa->iso_bc->bc_bis[i] < 0x01 || 921 sa->iso_bc->bc_bis[i] > 0x1f) 922 return -EINVAL; 923 924 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis, 925 iso_pi(sk)->bc_num_bis); 926 927 return 0; 928} 929 930static int iso_sock_bind_pa_sk(struct sock *sk, struct sockaddr_iso *sa, 931 int addr_len) 932{ 933 int err = 0; 934 935 if (sk->sk_type != SOCK_SEQPACKET) { 936 err = -EINVAL; 937 goto done; 938 } 939 940 if (addr_len != sizeof(*sa) + sizeof(*sa->iso_bc)) { 941 err = -EINVAL; 942 goto done; 943 } 944 945 if (sa->iso_bc->bc_num_bis > ISO_MAX_NUM_BIS) { 946 err = -EINVAL; 947 goto done; 948 } 949 950 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis; 951 952 for (int i = 0; i < iso_pi(sk)->bc_num_bis; i++) 953 if (sa->iso_bc->bc_bis[i] < 0x01 || 954 sa->iso_bc->bc_bis[i] > 0x1f) { 955 err = -EINVAL; 956 goto done; 957 } 958 959 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis, 960 iso_pi(sk)->bc_num_bis); 961 962done: 963 return err; 964} 965 966static int iso_sock_bind(struct socket *sock, struct sockaddr *addr, 967 int addr_len) 968{ 969 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 970 struct sock *sk = sock->sk; 971 int err = 0; 972 973 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type); 974 975 if (!addr || addr_len < sizeof(struct sockaddr_iso) || 976 addr->sa_family != AF_BLUETOOTH) 977 return -EINVAL; 978 979 lock_sock(sk); 980 981 /* Allow the user to bind a PA sync socket to a number 982 * of BISes to sync to. 983 */ 984 if (sk->sk_state == BT_CONNECT2 && 985 test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) { 986 err = iso_sock_bind_pa_sk(sk, sa, addr_len); 987 goto done; 988 } 989 990 if (sk->sk_state != BT_OPEN) { 991 err = -EBADFD; 992 goto done; 993 } 994 995 if (sk->sk_type != SOCK_SEQPACKET) { 996 err = -EINVAL; 997 goto done; 998 } 999 1000 /* Check if the address type is of LE type */ 1001 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) { 1002 err = -EINVAL; 1003 goto done; 1004 } 1005 1006 bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr); 1007 iso_pi(sk)->src_type = sa->iso_bdaddr_type; 1008 1009 /* Check for Broadcast address */ 1010 if (addr_len > sizeof(*sa)) { 1011 err = iso_sock_bind_bc(sock, addr, addr_len); 1012 if (err) 1013 goto done; 1014 } 1015 1016 sk->sk_state = BT_BOUND; 1017 1018done: 1019 release_sock(sk); 1020 return err; 1021} 1022 1023static int iso_sock_connect(struct socket *sock, struct sockaddr *addr, 1024 int alen, int flags) 1025{ 1026 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 1027 struct sock *sk = sock->sk; 1028 int err; 1029 1030 BT_DBG("sk %p", sk); 1031 1032 if (alen < sizeof(struct sockaddr_iso) || 1033 addr->sa_family != AF_BLUETOOTH) 1034 return -EINVAL; 1035 1036 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 1037 return -EBADFD; 1038 1039 if (sk->sk_type != SOCK_SEQPACKET) 1040 return -EINVAL; 1041 1042 /* Check if the address type is of LE type */ 1043 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) 1044 return -EINVAL; 1045 1046 lock_sock(sk); 1047 1048 bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr); 1049 iso_pi(sk)->dst_type = sa->iso_bdaddr_type; 1050 1051 release_sock(sk); 1052 1053 if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 1054 err = iso_connect_cis(sk); 1055 else 1056 err = iso_connect_bis(sk); 1057 1058 if (err) 1059 return err; 1060 1061 lock_sock(sk); 1062 1063 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1064 err = bt_sock_wait_state(sk, BT_CONNECTED, 1065 sock_sndtimeo(sk, flags & O_NONBLOCK)); 1066 } 1067 1068 release_sock(sk); 1069 return err; 1070} 1071 1072static int iso_listen_bis(struct sock *sk) 1073{ 1074 struct hci_dev *hdev; 1075 int err = 0; 1076 struct iso_conn *conn; 1077 struct hci_conn *hcon; 1078 1079 BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src, 1080 &iso_pi(sk)->dst, iso_pi(sk)->bc_sid); 1081 1082 write_lock(&iso_sk_list.lock); 1083 1084 if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst, 1085 iso_pi(sk)->bc_sid)) 1086 err = -EADDRINUSE; 1087 1088 write_unlock(&iso_sk_list.lock); 1089 1090 if (err) 1091 return err; 1092 1093 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 1094 iso_pi(sk)->src_type); 1095 if (!hdev) 1096 return -EHOSTUNREACH; 1097 1098 hci_dev_lock(hdev); 1099 1100 /* Fail if user set invalid QoS */ 1101 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) { 1102 iso_pi(sk)->qos = default_qos; 1103 err = -EINVAL; 1104 goto unlock; 1105 } 1106 1107 hcon = hci_pa_create_sync(hdev, &iso_pi(sk)->dst, 1108 le_addr_type(iso_pi(sk)->dst_type), 1109 iso_pi(sk)->bc_sid, &iso_pi(sk)->qos); 1110 if (IS_ERR(hcon)) { 1111 err = PTR_ERR(hcon); 1112 goto unlock; 1113 } 1114 1115 conn = iso_conn_add(hcon); 1116 if (!conn) { 1117 hci_conn_drop(hcon); 1118 err = -ENOMEM; 1119 goto unlock; 1120 } 1121 1122 err = iso_chan_add(conn, sk, NULL); 1123 if (err) { 1124 hci_conn_drop(hcon); 1125 goto unlock; 1126 } 1127 1128 hci_dev_put(hdev); 1129 1130unlock: 1131 hci_dev_unlock(hdev); 1132 return err; 1133} 1134 1135static int iso_listen_cis(struct sock *sk) 1136{ 1137 int err = 0; 1138 1139 BT_DBG("%pMR", &iso_pi(sk)->src); 1140 1141 write_lock(&iso_sk_list.lock); 1142 1143 if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src, &iso_pi(sk)->dst)) 1144 err = -EADDRINUSE; 1145 1146 write_unlock(&iso_sk_list.lock); 1147 1148 return err; 1149} 1150 1151static int iso_sock_listen(struct socket *sock, int backlog) 1152{ 1153 struct sock *sk = sock->sk; 1154 int err = 0; 1155 1156 BT_DBG("sk %p backlog %d", sk, backlog); 1157 1158 lock_sock(sk); 1159 1160 if (sk->sk_state != BT_BOUND) { 1161 err = -EBADFD; 1162 goto done; 1163 } 1164 1165 if (sk->sk_type != SOCK_SEQPACKET) { 1166 err = -EINVAL; 1167 goto done; 1168 } 1169 1170 if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) 1171 err = iso_listen_cis(sk); 1172 else 1173 err = iso_listen_bis(sk); 1174 1175 if (err) 1176 goto done; 1177 1178 sk->sk_max_ack_backlog = backlog; 1179 sk->sk_ack_backlog = 0; 1180 1181 sk->sk_state = BT_LISTEN; 1182 1183done: 1184 release_sock(sk); 1185 return err; 1186} 1187 1188static int iso_sock_accept(struct socket *sock, struct socket *newsock, 1189 int flags, bool kern) 1190{ 1191 DEFINE_WAIT_FUNC(wait, woken_wake_function); 1192 struct sock *sk = sock->sk, *ch; 1193 long timeo; 1194 int err = 0; 1195 1196 lock_sock(sk); 1197 1198 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 1199 1200 BT_DBG("sk %p timeo %ld", sk, timeo); 1201 1202 /* Wait for an incoming connection. (wake-one). */ 1203 add_wait_queue_exclusive(sk_sleep(sk), &wait); 1204 while (1) { 1205 if (sk->sk_state != BT_LISTEN) { 1206 err = -EBADFD; 1207 break; 1208 } 1209 1210 ch = bt_accept_dequeue(sk, newsock); 1211 if (ch) 1212 break; 1213 1214 if (!timeo) { 1215 err = -EAGAIN; 1216 break; 1217 } 1218 1219 if (signal_pending(current)) { 1220 err = sock_intr_errno(timeo); 1221 break; 1222 } 1223 1224 release_sock(sk); 1225 1226 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); 1227 lock_sock(sk); 1228 } 1229 remove_wait_queue(sk_sleep(sk), &wait); 1230 1231 if (err) 1232 goto done; 1233 1234 newsock->state = SS_CONNECTED; 1235 1236 BT_DBG("new socket %p", ch); 1237 1238done: 1239 release_sock(sk); 1240 return err; 1241} 1242 1243static int iso_sock_getname(struct socket *sock, struct sockaddr *addr, 1244 int peer) 1245{ 1246 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr; 1247 struct sock *sk = sock->sk; 1248 1249 BT_DBG("sock %p, sk %p", sock, sk); 1250 1251 addr->sa_family = AF_BLUETOOTH; 1252 1253 if (peer) { 1254 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst); 1255 sa->iso_bdaddr_type = iso_pi(sk)->dst_type; 1256 } else { 1257 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src); 1258 sa->iso_bdaddr_type = iso_pi(sk)->src_type; 1259 } 1260 1261 return sizeof(struct sockaddr_iso); 1262} 1263 1264static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg, 1265 size_t len) 1266{ 1267 struct sock *sk = sock->sk; 1268 struct sk_buff *skb, **frag; 1269 size_t mtu; 1270 int err; 1271 1272 BT_DBG("sock %p, sk %p", sock, sk); 1273 1274 err = sock_error(sk); 1275 if (err) 1276 return err; 1277 1278 if (msg->msg_flags & MSG_OOB) 1279 return -EOPNOTSUPP; 1280 1281 lock_sock(sk); 1282 1283 if (sk->sk_state != BT_CONNECTED) { 1284 release_sock(sk); 1285 return -ENOTCONN; 1286 } 1287 1288 mtu = iso_pi(sk)->conn->hcon->hdev->iso_mtu; 1289 1290 release_sock(sk); 1291 1292 skb = bt_skb_sendmsg(sk, msg, len, mtu, HCI_ISO_DATA_HDR_SIZE, 0); 1293 if (IS_ERR(skb)) 1294 return PTR_ERR(skb); 1295 1296 len -= skb->len; 1297 1298 BT_DBG("skb %p len %d", sk, skb->len); 1299 1300 /* Continuation fragments */ 1301 frag = &skb_shinfo(skb)->frag_list; 1302 while (len) { 1303 struct sk_buff *tmp; 1304 1305 tmp = bt_skb_sendmsg(sk, msg, len, mtu, 0, 0); 1306 if (IS_ERR(tmp)) { 1307 kfree_skb(skb); 1308 return PTR_ERR(tmp); 1309 } 1310 1311 *frag = tmp; 1312 1313 len -= tmp->len; 1314 1315 skb->len += tmp->len; 1316 skb->data_len += tmp->len; 1317 1318 BT_DBG("frag %p len %d", *frag, tmp->len); 1319 1320 frag = &(*frag)->next; 1321 } 1322 1323 lock_sock(sk); 1324 1325 if (sk->sk_state == BT_CONNECTED) 1326 err = iso_send_frame(sk, skb); 1327 else 1328 err = -ENOTCONN; 1329 1330 release_sock(sk); 1331 1332 if (err < 0) 1333 kfree_skb(skb); 1334 return err; 1335} 1336 1337static void iso_conn_defer_accept(struct hci_conn *conn) 1338{ 1339 struct hci_cp_le_accept_cis cp; 1340 struct hci_dev *hdev = conn->hdev; 1341 1342 BT_DBG("conn %p", conn); 1343 1344 conn->state = BT_CONFIG; 1345 1346 cp.handle = cpu_to_le16(conn->handle); 1347 1348 hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp); 1349} 1350 1351static void iso_conn_big_sync(struct sock *sk) 1352{ 1353 int err; 1354 struct hci_dev *hdev; 1355 1356 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src, 1357 iso_pi(sk)->src_type); 1358 1359 if (!hdev) 1360 return; 1361 1362 if (!test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) { 1363 err = hci_le_big_create_sync(hdev, iso_pi(sk)->conn->hcon, 1364 &iso_pi(sk)->qos, 1365 iso_pi(sk)->sync_handle, 1366 iso_pi(sk)->bc_num_bis, 1367 iso_pi(sk)->bc_bis); 1368 if (err) 1369 bt_dev_err(hdev, "hci_le_big_create_sync: %d", 1370 err); 1371 } 1372} 1373 1374static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1375 size_t len, int flags) 1376{ 1377 struct sock *sk = sock->sk; 1378 struct iso_pinfo *pi = iso_pi(sk); 1379 1380 BT_DBG("sk %p", sk); 1381 1382 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1383 lock_sock(sk); 1384 switch (sk->sk_state) { 1385 case BT_CONNECT2: 1386 if (pi->conn->hcon && 1387 test_bit(HCI_CONN_PA_SYNC, &pi->conn->hcon->flags)) { 1388 iso_conn_big_sync(sk); 1389 sk->sk_state = BT_LISTEN; 1390 } else { 1391 iso_conn_defer_accept(pi->conn->hcon); 1392 sk->sk_state = BT_CONFIG; 1393 } 1394 release_sock(sk); 1395 return 0; 1396 case BT_CONNECT: 1397 release_sock(sk); 1398 return iso_connect_cis(sk); 1399 default: 1400 release_sock(sk); 1401 break; 1402 } 1403 } 1404 1405 return bt_sock_recvmsg(sock, msg, len, flags); 1406} 1407 1408static bool check_io_qos(struct bt_iso_io_qos *qos) 1409{ 1410 /* If no PHY is enable SDU must be 0 */ 1411 if (!qos->phy && qos->sdu) 1412 return false; 1413 1414 if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff)) 1415 return false; 1416 1417 if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0)) 1418 return false; 1419 1420 if (qos->phy > BT_ISO_PHY_ANY) 1421 return false; 1422 1423 return true; 1424} 1425 1426static bool check_ucast_qos(struct bt_iso_qos *qos) 1427{ 1428 if (qos->ucast.cig > 0xef && qos->ucast.cig != BT_ISO_QOS_CIG_UNSET) 1429 return false; 1430 1431 if (qos->ucast.cis > 0xef && qos->ucast.cis != BT_ISO_QOS_CIS_UNSET) 1432 return false; 1433 1434 if (qos->ucast.sca > 0x07) 1435 return false; 1436 1437 if (qos->ucast.packing > 0x01) 1438 return false; 1439 1440 if (qos->ucast.framing > 0x01) 1441 return false; 1442 1443 if (!check_io_qos(&qos->ucast.in)) 1444 return false; 1445 1446 if (!check_io_qos(&qos->ucast.out)) 1447 return false; 1448 1449 return true; 1450} 1451 1452static bool check_bcast_qos(struct bt_iso_qos *qos) 1453{ 1454 if (!qos->bcast.sync_factor) 1455 qos->bcast.sync_factor = 0x01; 1456 1457 if (qos->bcast.packing > 0x01) 1458 return false; 1459 1460 if (qos->bcast.framing > 0x01) 1461 return false; 1462 1463 if (!check_io_qos(&qos->bcast.in)) 1464 return false; 1465 1466 if (!check_io_qos(&qos->bcast.out)) 1467 return false; 1468 1469 if (qos->bcast.encryption > 0x01) 1470 return false; 1471 1472 if (qos->bcast.options > 0x07) 1473 return false; 1474 1475 if (qos->bcast.skip > 0x01f3) 1476 return false; 1477 1478 if (!qos->bcast.sync_timeout) 1479 qos->bcast.sync_timeout = BT_ISO_SYNC_TIMEOUT; 1480 1481 if (qos->bcast.sync_timeout < 0x000a || qos->bcast.sync_timeout > 0x4000) 1482 return false; 1483 1484 if (qos->bcast.sync_cte_type > 0x1f) 1485 return false; 1486 1487 if (qos->bcast.mse > 0x1f) 1488 return false; 1489 1490 if (!qos->bcast.timeout) 1491 qos->bcast.sync_timeout = BT_ISO_SYNC_TIMEOUT; 1492 1493 if (qos->bcast.timeout < 0x000a || qos->bcast.timeout > 0x4000) 1494 return false; 1495 1496 return true; 1497} 1498 1499static int iso_sock_setsockopt(struct socket *sock, int level, int optname, 1500 sockptr_t optval, unsigned int optlen) 1501{ 1502 struct sock *sk = sock->sk; 1503 int err = 0; 1504 struct bt_iso_qos qos = default_qos; 1505 u32 opt; 1506 1507 BT_DBG("sk %p", sk); 1508 1509 lock_sock(sk); 1510 1511 switch (optname) { 1512 case BT_DEFER_SETUP: 1513 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 1514 err = -EINVAL; 1515 break; 1516 } 1517 1518 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen); 1519 if (err) 1520 break; 1521 1522 if (opt) 1523 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1524 else 1525 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 1526 break; 1527 1528 case BT_PKT_STATUS: 1529 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen); 1530 if (err) 1531 break; 1532 1533 if (opt) 1534 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 1535 else 1536 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags); 1537 break; 1538 1539 case BT_ISO_QOS: 1540 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1541 sk->sk_state != BT_CONNECT2) { 1542 err = -EINVAL; 1543 break; 1544 } 1545 1546 err = bt_copy_from_sockptr(&qos, sizeof(qos), optval, optlen); 1547 if (err) 1548 break; 1549 1550 iso_pi(sk)->qos = qos; 1551 iso_pi(sk)->qos_user_set = true; 1552 1553 break; 1554 1555 case BT_ISO_BASE: 1556 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND && 1557 sk->sk_state != BT_CONNECT2) { 1558 err = -EINVAL; 1559 break; 1560 } 1561 1562 if (optlen > sizeof(iso_pi(sk)->base)) { 1563 err = -EINVAL; 1564 break; 1565 } 1566 1567 err = bt_copy_from_sockptr(iso_pi(sk)->base, optlen, optval, 1568 optlen); 1569 if (err) 1570 break; 1571 1572 iso_pi(sk)->base_len = optlen; 1573 1574 break; 1575 1576 default: 1577 err = -ENOPROTOOPT; 1578 break; 1579 } 1580 1581 release_sock(sk); 1582 return err; 1583} 1584 1585static int iso_sock_getsockopt(struct socket *sock, int level, int optname, 1586 char __user *optval, int __user *optlen) 1587{ 1588 struct sock *sk = sock->sk; 1589 int len, err = 0; 1590 struct bt_iso_qos *qos; 1591 u8 base_len; 1592 u8 *base; 1593 1594 BT_DBG("sk %p", sk); 1595 1596 if (get_user(len, optlen)) 1597 return -EFAULT; 1598 1599 lock_sock(sk); 1600 1601 switch (optname) { 1602 case BT_DEFER_SETUP: 1603 if (sk->sk_state == BT_CONNECTED) { 1604 err = -EINVAL; 1605 break; 1606 } 1607 1608 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 1609 (u32 __user *)optval)) 1610 err = -EFAULT; 1611 1612 break; 1613 1614 case BT_PKT_STATUS: 1615 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags), 1616 (int __user *)optval)) 1617 err = -EFAULT; 1618 break; 1619 1620 case BT_ISO_QOS: 1621 qos = iso_sock_get_qos(sk); 1622 1623 len = min_t(unsigned int, len, sizeof(*qos)); 1624 if (copy_to_user(optval, qos, len)) 1625 err = -EFAULT; 1626 1627 break; 1628 1629 case BT_ISO_BASE: 1630 if (sk->sk_state == BT_CONNECTED && 1631 !bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) { 1632 base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len; 1633 base = iso_pi(sk)->conn->hcon->le_per_adv_data; 1634 } else { 1635 base_len = iso_pi(sk)->base_len; 1636 base = iso_pi(sk)->base; 1637 } 1638 1639 len = min_t(unsigned int, len, base_len); 1640 if (copy_to_user(optval, base, len)) 1641 err = -EFAULT; 1642 if (put_user(len, optlen)) 1643 err = -EFAULT; 1644 1645 break; 1646 1647 default: 1648 err = -ENOPROTOOPT; 1649 break; 1650 } 1651 1652 release_sock(sk); 1653 return err; 1654} 1655 1656static int iso_sock_shutdown(struct socket *sock, int how) 1657{ 1658 struct sock *sk = sock->sk; 1659 int err = 0; 1660 1661 BT_DBG("sock %p, sk %p, how %d", sock, sk, how); 1662 1663 if (!sk) 1664 return 0; 1665 1666 sock_hold(sk); 1667 lock_sock(sk); 1668 1669 switch (how) { 1670 case SHUT_RD: 1671 if (sk->sk_shutdown & RCV_SHUTDOWN) 1672 goto unlock; 1673 sk->sk_shutdown |= RCV_SHUTDOWN; 1674 break; 1675 case SHUT_WR: 1676 if (sk->sk_shutdown & SEND_SHUTDOWN) 1677 goto unlock; 1678 sk->sk_shutdown |= SEND_SHUTDOWN; 1679 break; 1680 case SHUT_RDWR: 1681 if (sk->sk_shutdown & SHUTDOWN_MASK) 1682 goto unlock; 1683 sk->sk_shutdown |= SHUTDOWN_MASK; 1684 break; 1685 } 1686 1687 iso_sock_clear_timer(sk); 1688 __iso_sock_close(sk); 1689 1690 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime && 1691 !(current->flags & PF_EXITING)) 1692 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1693 1694unlock: 1695 release_sock(sk); 1696 sock_put(sk); 1697 1698 return err; 1699} 1700 1701static int iso_sock_release(struct socket *sock) 1702{ 1703 struct sock *sk = sock->sk; 1704 int err = 0; 1705 1706 BT_DBG("sock %p, sk %p", sock, sk); 1707 1708 if (!sk) 1709 return 0; 1710 1711 iso_sock_close(sk); 1712 1713 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) && 1714 !(current->flags & PF_EXITING)) { 1715 lock_sock(sk); 1716 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1717 release_sock(sk); 1718 } 1719 1720 sock_orphan(sk); 1721 iso_sock_kill(sk); 1722 return err; 1723} 1724 1725static void iso_sock_ready(struct sock *sk) 1726{ 1727 BT_DBG("sk %p", sk); 1728 1729 if (!sk) 1730 return; 1731 1732 lock_sock(sk); 1733 iso_sock_clear_timer(sk); 1734 sk->sk_state = BT_CONNECTED; 1735 sk->sk_state_change(sk); 1736 release_sock(sk); 1737} 1738 1739struct iso_list_data { 1740 struct hci_conn *hcon; 1741 int count; 1742}; 1743 1744static bool iso_match_big(struct sock *sk, void *data) 1745{ 1746 struct hci_evt_le_big_sync_estabilished *ev = data; 1747 1748 return ev->handle == iso_pi(sk)->qos.bcast.big; 1749} 1750 1751static bool iso_match_pa_sync_flag(struct sock *sk, void *data) 1752{ 1753 return test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags); 1754} 1755 1756static void iso_conn_ready(struct iso_conn *conn) 1757{ 1758 struct sock *parent = NULL; 1759 struct sock *sk = conn->sk; 1760 struct hci_ev_le_big_sync_estabilished *ev = NULL; 1761 struct hci_ev_le_pa_sync_established *ev2 = NULL; 1762 struct hci_evt_le_big_info_adv_report *ev3 = NULL; 1763 struct hci_conn *hcon; 1764 1765 BT_DBG("conn %p", conn); 1766 1767 if (sk) { 1768 iso_sock_ready(conn->sk); 1769 } else { 1770 hcon = conn->hcon; 1771 if (!hcon) 1772 return; 1773 1774 if (test_bit(HCI_CONN_BIG_SYNC, &hcon->flags) || 1775 test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags)) { 1776 ev = hci_recv_event_data(hcon->hdev, 1777 HCI_EVT_LE_BIG_SYNC_ESTABILISHED); 1778 1779 /* Get reference to PA sync parent socket, if it exists */ 1780 parent = iso_get_sock_listen(&hcon->src, 1781 &hcon->dst, 1782 iso_match_pa_sync_flag, NULL); 1783 if (!parent && ev) 1784 parent = iso_get_sock_listen(&hcon->src, 1785 &hcon->dst, 1786 iso_match_big, ev); 1787 } else if (test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) { 1788 ev2 = hci_recv_event_data(hcon->hdev, 1789 HCI_EV_LE_PA_SYNC_ESTABLISHED); 1790 if (ev2) 1791 parent = iso_get_sock_listen(&hcon->src, 1792 &hcon->dst, 1793 iso_match_sid, ev2); 1794 } else if (test_bit(HCI_CONN_PA_SYNC, &hcon->flags)) { 1795 ev3 = hci_recv_event_data(hcon->hdev, 1796 HCI_EVT_LE_BIG_INFO_ADV_REPORT); 1797 if (ev3) 1798 parent = iso_get_sock_listen(&hcon->src, 1799 &hcon->dst, 1800 iso_match_sync_handle, ev3); 1801 } 1802 1803 if (!parent) 1804 parent = iso_get_sock_listen(&hcon->src, 1805 BDADDR_ANY, NULL, NULL); 1806 1807 if (!parent) 1808 return; 1809 1810 lock_sock(parent); 1811 1812 sk = iso_sock_alloc(sock_net(parent), NULL, 1813 BTPROTO_ISO, GFP_ATOMIC, 0); 1814 if (!sk) { 1815 release_sock(parent); 1816 return; 1817 } 1818 1819 iso_sock_init(sk, parent); 1820 1821 bacpy(&iso_pi(sk)->src, &hcon->src); 1822 1823 /* Convert from HCI to three-value type */ 1824 if (hcon->src_type == ADDR_LE_DEV_PUBLIC) 1825 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC; 1826 else 1827 iso_pi(sk)->src_type = BDADDR_LE_RANDOM; 1828 1829 /* If hcon has no destination address (BDADDR_ANY) it means it 1830 * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED or 1831 * HCI_EV_LE_PA_SYNC_ESTABLISHED so we need to initialize using 1832 * the parent socket destination address. 1833 */ 1834 if (!bacmp(&hcon->dst, BDADDR_ANY)) { 1835 bacpy(&hcon->dst, &iso_pi(parent)->dst); 1836 hcon->dst_type = iso_pi(parent)->dst_type; 1837 hcon->sync_handle = iso_pi(parent)->sync_handle; 1838 } 1839 1840 if (ev3) { 1841 iso_pi(sk)->qos = iso_pi(parent)->qos; 1842 iso_pi(sk)->qos.bcast.encryption = ev3->encryption; 1843 hcon->iso_qos = iso_pi(sk)->qos; 1844 iso_pi(sk)->bc_num_bis = iso_pi(parent)->bc_num_bis; 1845 memcpy(iso_pi(sk)->bc_bis, iso_pi(parent)->bc_bis, ISO_MAX_NUM_BIS); 1846 set_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags); 1847 } 1848 1849 bacpy(&iso_pi(sk)->dst, &hcon->dst); 1850 iso_pi(sk)->dst_type = hcon->dst_type; 1851 iso_pi(sk)->sync_handle = iso_pi(parent)->sync_handle; 1852 memcpy(iso_pi(sk)->base, iso_pi(parent)->base, iso_pi(parent)->base_len); 1853 iso_pi(sk)->base_len = iso_pi(parent)->base_len; 1854 1855 hci_conn_hold(hcon); 1856 iso_chan_add(conn, sk, parent); 1857 1858 if ((ev && ((struct hci_evt_le_big_sync_estabilished *)ev)->status) || 1859 (ev2 && ev2->status)) { 1860 /* Trigger error signal on child socket */ 1861 sk->sk_err = ECONNREFUSED; 1862 sk->sk_error_report(sk); 1863 } 1864 1865 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 1866 sk->sk_state = BT_CONNECT2; 1867 else 1868 sk->sk_state = BT_CONNECTED; 1869 1870 /* Wake up parent */ 1871 parent->sk_data_ready(parent); 1872 1873 release_sock(parent); 1874 sock_put(parent); 1875 } 1876} 1877 1878static bool iso_match_sid(struct sock *sk, void *data) 1879{ 1880 struct hci_ev_le_pa_sync_established *ev = data; 1881 1882 return ev->sid == iso_pi(sk)->bc_sid; 1883} 1884 1885static bool iso_match_sync_handle(struct sock *sk, void *data) 1886{ 1887 struct hci_evt_le_big_info_adv_report *ev = data; 1888 1889 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle; 1890} 1891 1892static bool iso_match_sync_handle_pa_report(struct sock *sk, void *data) 1893{ 1894 struct hci_ev_le_per_adv_report *ev = data; 1895 1896 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle; 1897} 1898 1899/* ----- ISO interface with lower layer (HCI) ----- */ 1900 1901int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 1902{ 1903 struct hci_ev_le_pa_sync_established *ev1; 1904 struct hci_evt_le_big_info_adv_report *ev2; 1905 struct hci_ev_le_per_adv_report *ev3; 1906 struct sock *sk; 1907 1908 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 1909 1910 /* Broadcast receiver requires handling of some events before it can 1911 * proceed to establishing a BIG sync: 1912 * 1913 * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific 1914 * SID to listen to and once sync is estabilished its handle needs to 1915 * be stored in iso_pi(sk)->sync_handle so it can be matched once 1916 * receiving the BIG Info. 1917 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a 1918 * a BIG Info it attempts to check if there any listening socket with 1919 * the same sync_handle and if it does then attempt to create a sync. 1920 * 3. HCI_EV_LE_PER_ADV_REPORT: When a PA report is received, it is stored 1921 * in iso_pi(sk)->base so it can be passed up to user, in the case of a 1922 * broadcast sink. 1923 */ 1924 ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED); 1925 if (ev1) { 1926 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, iso_match_sid, 1927 ev1); 1928 if (sk && !ev1->status) 1929 iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle); 1930 1931 goto done; 1932 } 1933 1934 ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT); 1935 if (ev2) { 1936 /* Try to get PA sync listening socket, if it exists */ 1937 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, 1938 iso_match_pa_sync_flag, NULL); 1939 1940 if (!sk) { 1941 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, 1942 iso_match_sync_handle, ev2); 1943 1944 /* If PA Sync is in process of terminating, 1945 * do not handle any more BIGInfo adv reports. 1946 */ 1947 1948 if (sk && test_bit(BT_SK_PA_SYNC_TERM, 1949 &iso_pi(sk)->flags)) 1950 return 0; 1951 } 1952 1953 if (sk) { 1954 int err; 1955 1956 if (ev2->num_bis < iso_pi(sk)->bc_num_bis) 1957 iso_pi(sk)->bc_num_bis = ev2->num_bis; 1958 1959 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) && 1960 !test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) { 1961 err = hci_le_big_create_sync(hdev, NULL, 1962 &iso_pi(sk)->qos, 1963 iso_pi(sk)->sync_handle, 1964 iso_pi(sk)->bc_num_bis, 1965 iso_pi(sk)->bc_bis); 1966 if (err) { 1967 bt_dev_err(hdev, "hci_le_big_create_sync: %d", 1968 err); 1969 sock_put(sk); 1970 sk = NULL; 1971 } 1972 } 1973 } 1974 } 1975 1976 ev3 = hci_recv_event_data(hdev, HCI_EV_LE_PER_ADV_REPORT); 1977 if (ev3) { 1978 size_t base_len = 0; 1979 u8 *base; 1980 struct hci_conn *hcon; 1981 1982 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, 1983 iso_match_sync_handle_pa_report, ev3); 1984 if (!sk) 1985 goto done; 1986 1987 hcon = iso_pi(sk)->conn->hcon; 1988 if (!hcon) 1989 goto done; 1990 1991 if (ev3->data_status == LE_PA_DATA_TRUNCATED) { 1992 /* The controller was unable to retrieve PA data. */ 1993 memset(hcon->le_per_adv_data, 0, 1994 HCI_MAX_PER_AD_TOT_LEN); 1995 hcon->le_per_adv_data_len = 0; 1996 hcon->le_per_adv_data_offset = 0; 1997 goto done; 1998 } 1999 2000 if (hcon->le_per_adv_data_offset + ev3->length > 2001 HCI_MAX_PER_AD_TOT_LEN) 2002 goto done; 2003 2004 memcpy(hcon->le_per_adv_data + hcon->le_per_adv_data_offset, 2005 ev3->data, ev3->length); 2006 hcon->le_per_adv_data_offset += ev3->length; 2007 2008 if (ev3->data_status == LE_PA_DATA_COMPLETE) { 2009 /* All PA data has been received. */ 2010 hcon->le_per_adv_data_len = 2011 hcon->le_per_adv_data_offset; 2012 hcon->le_per_adv_data_offset = 0; 2013 2014 /* Extract BASE */ 2015 base = eir_get_service_data(hcon->le_per_adv_data, 2016 hcon->le_per_adv_data_len, 2017 EIR_BAA_SERVICE_UUID, 2018 &base_len); 2019 2020 if (!base || base_len > BASE_MAX_LENGTH) 2021 goto done; 2022 2023 memcpy(iso_pi(sk)->base, base, base_len); 2024 iso_pi(sk)->base_len = base_len; 2025 } else { 2026 /* This is a PA data fragment. Keep pa_data_len set to 0 2027 * until all data has been reassembled. 2028 */ 2029 hcon->le_per_adv_data_len = 0; 2030 } 2031 } else { 2032 sk = iso_get_sock_listen(&hdev->bdaddr, BDADDR_ANY, NULL, NULL); 2033 } 2034 2035done: 2036 if (!sk) 2037 return 0; 2038 2039 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 2040 *flags |= HCI_PROTO_DEFER; 2041 2042 sock_put(sk); 2043 2044 return HCI_LM_ACCEPT; 2045} 2046 2047static void iso_connect_cfm(struct hci_conn *hcon, __u8 status) 2048{ 2049 if (hcon->type != ISO_LINK) { 2050 if (hcon->type != LE_LINK) 2051 return; 2052 2053 /* Check if LE link has failed */ 2054 if (status) { 2055 struct hci_link *link, *t; 2056 2057 list_for_each_entry_safe(link, t, &hcon->link_list, 2058 list) 2059 iso_conn_del(link->conn, bt_to_errno(status)); 2060 2061 return; 2062 } 2063 2064 /* Create CIS if pending */ 2065 hci_le_create_cis_pending(hcon->hdev); 2066 return; 2067 } 2068 2069 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 2070 2071 /* Similar to the success case, if HCI_CONN_BIG_SYNC_FAILED or 2072 * HCI_CONN_PA_SYNC_FAILED is set, queue the failed connection 2073 * into the accept queue of the listening socket and wake up 2074 * userspace, to inform the user about the event. 2075 */ 2076 if (!status || test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags) || 2077 test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) { 2078 struct iso_conn *conn; 2079 2080 conn = iso_conn_add(hcon); 2081 if (conn) 2082 iso_conn_ready(conn); 2083 } else { 2084 iso_conn_del(hcon, bt_to_errno(status)); 2085 } 2086} 2087 2088static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason) 2089{ 2090 if (hcon->type != ISO_LINK) 2091 return; 2092 2093 BT_DBG("hcon %p reason %d", hcon, reason); 2094 2095 iso_conn_del(hcon, bt_to_errno(reason)); 2096} 2097 2098void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) 2099{ 2100 struct iso_conn *conn = hcon->iso_data; 2101 __u16 pb, ts, len; 2102 2103 if (!conn) 2104 goto drop; 2105 2106 pb = hci_iso_flags_pb(flags); 2107 ts = hci_iso_flags_ts(flags); 2108 2109 BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts); 2110 2111 switch (pb) { 2112 case ISO_START: 2113 case ISO_SINGLE: 2114 if (conn->rx_len) { 2115 BT_ERR("Unexpected start frame (len %d)", skb->len); 2116 kfree_skb(conn->rx_skb); 2117 conn->rx_skb = NULL; 2118 conn->rx_len = 0; 2119 } 2120 2121 if (ts) { 2122 struct hci_iso_ts_data_hdr *hdr; 2123 2124 /* TODO: add timestamp to the packet? */ 2125 hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE); 2126 if (!hdr) { 2127 BT_ERR("Frame is too short (len %d)", skb->len); 2128 goto drop; 2129 } 2130 2131 len = __le16_to_cpu(hdr->slen); 2132 } else { 2133 struct hci_iso_data_hdr *hdr; 2134 2135 hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE); 2136 if (!hdr) { 2137 BT_ERR("Frame is too short (len %d)", skb->len); 2138 goto drop; 2139 } 2140 2141 len = __le16_to_cpu(hdr->slen); 2142 } 2143 2144 flags = hci_iso_data_flags(len); 2145 len = hci_iso_data_len(len); 2146 2147 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len, 2148 skb->len, flags); 2149 2150 if (len == skb->len) { 2151 /* Complete frame received */ 2152 hci_skb_pkt_status(skb) = flags & 0x03; 2153 iso_recv_frame(conn, skb); 2154 return; 2155 } 2156 2157 if (pb == ISO_SINGLE) { 2158 BT_ERR("Frame malformed (len %d, expected len %d)", 2159 skb->len, len); 2160 goto drop; 2161 } 2162 2163 if (skb->len > len) { 2164 BT_ERR("Frame is too long (len %d, expected len %d)", 2165 skb->len, len); 2166 goto drop; 2167 } 2168 2169 /* Allocate skb for the complete frame (with header) */ 2170 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL); 2171 if (!conn->rx_skb) 2172 goto drop; 2173 2174 hci_skb_pkt_status(conn->rx_skb) = flags & 0x03; 2175 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 2176 skb->len); 2177 conn->rx_len = len - skb->len; 2178 break; 2179 2180 case ISO_CONT: 2181 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, 2182 conn->rx_len); 2183 2184 if (!conn->rx_len) { 2185 BT_ERR("Unexpected continuation frame (len %d)", 2186 skb->len); 2187 goto drop; 2188 } 2189 2190 if (skb->len > conn->rx_len) { 2191 BT_ERR("Fragment is too long (len %d, expected %d)", 2192 skb->len, conn->rx_len); 2193 kfree_skb(conn->rx_skb); 2194 conn->rx_skb = NULL; 2195 conn->rx_len = 0; 2196 goto drop; 2197 } 2198 2199 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 2200 skb->len); 2201 conn->rx_len -= skb->len; 2202 return; 2203 2204 case ISO_END: 2205 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 2206 skb->len); 2207 conn->rx_len -= skb->len; 2208 2209 if (!conn->rx_len) { 2210 struct sk_buff *rx_skb = conn->rx_skb; 2211 2212 /* Complete frame received. iso_recv_frame 2213 * takes ownership of the skb so set the global 2214 * rx_skb pointer to NULL first. 2215 */ 2216 conn->rx_skb = NULL; 2217 iso_recv_frame(conn, rx_skb); 2218 } 2219 break; 2220 } 2221 2222drop: 2223 kfree_skb(skb); 2224} 2225 2226static struct hci_cb iso_cb = { 2227 .name = "ISO", 2228 .connect_cfm = iso_connect_cfm, 2229 .disconn_cfm = iso_disconn_cfm, 2230}; 2231 2232static int iso_debugfs_show(struct seq_file *f, void *p) 2233{ 2234 struct sock *sk; 2235 2236 read_lock(&iso_sk_list.lock); 2237 2238 sk_for_each(sk, &iso_sk_list.head) { 2239 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src, 2240 &iso_pi(sk)->dst, sk->sk_state); 2241 } 2242 2243 read_unlock(&iso_sk_list.lock); 2244 2245 return 0; 2246} 2247 2248DEFINE_SHOW_ATTRIBUTE(iso_debugfs); 2249 2250static struct dentry *iso_debugfs; 2251 2252static const struct proto_ops iso_sock_ops = { 2253 .family = PF_BLUETOOTH, 2254 .owner = THIS_MODULE, 2255 .release = iso_sock_release, 2256 .bind = iso_sock_bind, 2257 .connect = iso_sock_connect, 2258 .listen = iso_sock_listen, 2259 .accept = iso_sock_accept, 2260 .getname = iso_sock_getname, 2261 .sendmsg = iso_sock_sendmsg, 2262 .recvmsg = iso_sock_recvmsg, 2263 .poll = bt_sock_poll, 2264 .ioctl = bt_sock_ioctl, 2265 .mmap = sock_no_mmap, 2266 .socketpair = sock_no_socketpair, 2267 .shutdown = iso_sock_shutdown, 2268 .setsockopt = iso_sock_setsockopt, 2269 .getsockopt = iso_sock_getsockopt 2270}; 2271 2272static const struct net_proto_family iso_sock_family_ops = { 2273 .family = PF_BLUETOOTH, 2274 .owner = THIS_MODULE, 2275 .create = iso_sock_create, 2276}; 2277 2278static bool iso_inited; 2279 2280bool iso_enabled(void) 2281{ 2282 return iso_inited; 2283} 2284 2285int iso_init(void) 2286{ 2287 int err; 2288 2289 BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr)); 2290 2291 if (iso_inited) 2292 return -EALREADY; 2293 2294 err = proto_register(&iso_proto, 0); 2295 if (err < 0) 2296 return err; 2297 2298 err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops); 2299 if (err < 0) { 2300 BT_ERR("ISO socket registration failed"); 2301 goto error; 2302 } 2303 2304 err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL); 2305 if (err < 0) { 2306 BT_ERR("Failed to create ISO proc file"); 2307 bt_sock_unregister(BTPROTO_ISO); 2308 goto error; 2309 } 2310 2311 BT_INFO("ISO socket layer initialized"); 2312 2313 hci_register_cb(&iso_cb); 2314 2315 if (IS_ERR_OR_NULL(bt_debugfs)) 2316 return 0; 2317 2318 if (!iso_debugfs) { 2319 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs, 2320 NULL, &iso_debugfs_fops); 2321 } 2322 2323 iso_inited = true; 2324 2325 return 0; 2326 2327error: 2328 proto_unregister(&iso_proto); 2329 return err; 2330} 2331 2332int iso_exit(void) 2333{ 2334 if (!iso_inited) 2335 return -EALREADY; 2336 2337 bt_procfs_cleanup(&init_net, "iso"); 2338 2339 debugfs_remove(iso_debugfs); 2340 iso_debugfs = NULL; 2341 2342 hci_unregister_cb(&iso_cb); 2343 2344 bt_sock_unregister(BTPROTO_ISO); 2345 2346 proto_unregister(&iso_proto); 2347 2348 iso_inited = false; 2349 2350 return 0; 2351} 2352