search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Linux 6.10-rc3
[linux-stable.git] / net / bluetooth / iso.c
blobcc055b952ce69566d7968423e769f77bfe1766c8
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * BlueZ - Bluetooth protocol stack for Linux
4 *
5 * Copyright (C) 2022 Intel Corporation
6 * Copyright 2023-2024 NXP
7 */
8
9 #include <linux/module.h>
10 #include <linux/debugfs.h>
11 #include <linux/seq_file.h>
12 #include <linux/sched/signal.h>
13
14 #include <net/bluetooth/bluetooth.h>
15 #include <net/bluetooth/hci_core.h>
16 #include <net/bluetooth/iso.h>
17 #include "eir.h"
18
19 static const struct proto_ops iso_sock_ops;
20
21 static struct bt_sock_list iso_sk_list = {
22 .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock)
23 };
24
25 /* ---- ISO connections ---- */
26 struct iso_conn {
27 struct hci_conn *hcon;
28
29 /* @lock: spinlock protecting changes to iso_conn fields */
30 spinlock_t lock;
31 struct sock *sk;
32
33 struct delayed_work timeout_work;
34
35 struct sk_buff *rx_skb;
36 __u32 rx_len;
37 __u16 tx_sn;
38 };
39
40 #define iso_conn_lock(c) spin_lock(&(c)->lock)
41 #define iso_conn_unlock(c) spin_unlock(&(c)->lock)
42
43 static void iso_sock_close(struct sock *sk);
44 static void iso_sock_kill(struct sock *sk);
45
46 /* ----- ISO socket info ----- */
47 #define iso_pi(sk) ((struct iso_pinfo *)sk)
48
49 #define EIR_SERVICE_DATA_LENGTH 4
50 #define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH)
51 #define EIR_BAA_SERVICE_UUID 0x1851
52
53 /* iso_pinfo flags values */
54 enum {
55 BT_SK_BIG_SYNC,
56 BT_SK_PA_SYNC,
57 };
58
59 struct iso_pinfo {
60 struct bt_sock bt;
61 bdaddr_t src;
62 __u8 src_type;
63 bdaddr_t dst;
64 __u8 dst_type;
65 __u8 bc_sid;
66 __u8 bc_num_bis;
67 __u8 bc_bis[ISO_MAX_NUM_BIS];
68 __u16 sync_handle;
69 unsigned long flags;
70 struct bt_iso_qos qos;
71 bool qos_user_set;
72 __u8 base_len;
73 __u8 base[BASE_MAX_LENGTH];
74 struct iso_conn *conn;
75 };
76
77 static struct bt_iso_qos default_qos;
78
79 static bool check_ucast_qos(struct bt_iso_qos *qos);
80 static bool check_bcast_qos(struct bt_iso_qos *qos);
81 static bool iso_match_sid(struct sock *sk, void *data);
82 static bool iso_match_sync_handle(struct sock *sk, void *data);
83 static bool iso_match_sync_handle_pa_report(struct sock *sk, void *data);
84 static void iso_sock_disconn(struct sock *sk);
85
86 typedef bool (*iso_sock_match_t)(struct sock *sk, void *data);
87
88 static struct sock *iso_get_sock(bdaddr_t *src, bdaddr_t *dst,
89 enum bt_sock_state state,
90 iso_sock_match_t match, void *data);
91
92 /* ---- ISO timers ---- */
93 #define ISO_CONN_TIMEOUT (HZ * 40)
94 #define ISO_DISCONN_TIMEOUT (HZ * 2)
95
96 static void iso_sock_timeout(struct work_struct *work)
97 {
98 struct iso_conn *conn = container_of(work, struct iso_conn,
99 timeout_work.work);
100 struct sock *sk;
101
102 iso_conn_lock(conn);
103 sk = conn->sk;
104 if (sk)
105 sock_hold(sk);
106 iso_conn_unlock(conn);
107
108 if (!sk)
109 return;
110
111 BT_DBG("sock %p state %d", sk, sk->sk_state);
112
113 lock_sock(sk);
114 sk->sk_err = ETIMEDOUT;
115 sk->sk_state_change(sk);
116 release_sock(sk);
117 sock_put(sk);
118 }
119
120 static void iso_sock_set_timer(struct sock *sk, long timeout)
121 {
122 if (!iso_pi(sk)->conn)
123 return;
124
125 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
126 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
127 schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout);
128 }
129
130 static void iso_sock_clear_timer(struct sock *sk)
131 {
132 if (!iso_pi(sk)->conn)
133 return;
134
135 BT_DBG("sock %p state %d", sk, sk->sk_state);
136 cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
137 }
138
139 /* ---- ISO connections ---- */
140 static struct iso_conn *iso_conn_add(struct hci_conn *hcon)
141 {
142 struct iso_conn *conn = hcon->iso_data;
143
144 if (conn) {
145 if (!conn->hcon)
146 conn->hcon = hcon;
147 return conn;
148 }
149
150 conn = kzalloc(sizeof(*conn), GFP_KERNEL);
151 if (!conn)
152 return NULL;
153
154 spin_lock_init(&conn->lock);
155 INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout);
156
157 hcon->iso_data = conn;
158 conn->hcon = hcon;
159 conn->tx_sn = 0;
160
161 BT_DBG("hcon %p conn %p", hcon, conn);
162
163 return conn;
164 }
165
166 /* Delete channel. Must be called on the locked socket. */
167 static void iso_chan_del(struct sock *sk, int err)
168 {
169 struct iso_conn *conn;
170 struct sock *parent;
171
172 conn = iso_pi(sk)->conn;
173
174 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
175
176 if (conn) {
177 iso_conn_lock(conn);
178 conn->sk = NULL;
179 iso_pi(sk)->conn = NULL;
180 iso_conn_unlock(conn);
181
182 if (conn->hcon)
183 hci_conn_drop(conn->hcon);
184 }
185
186 sk->sk_state = BT_CLOSED;
187 sk->sk_err = err;
188
189 parent = bt_sk(sk)->parent;
190 if (parent) {
191 bt_accept_unlink(sk);
192 parent->sk_data_ready(parent);
193 } else {
194 sk->sk_state_change(sk);
195 }
196
197 sock_set_flag(sk, SOCK_ZAPPED);
198 }
199
200 static void iso_conn_del(struct hci_conn *hcon, int err)
201 {
202 struct iso_conn *conn = hcon->iso_data;
203 struct sock *sk;
204
205 if (!conn)
206 return;
207
208 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
209
210 /* Kill socket */
211 iso_conn_lock(conn);
212 sk = conn->sk;
213 if (sk)
214 sock_hold(sk);
215 iso_conn_unlock(conn);
216
217 if (sk) {
218 lock_sock(sk);
219 iso_sock_clear_timer(sk);
220 iso_chan_del(sk, err);
221 release_sock(sk);
222 sock_put(sk);
223 }
224
225 /* Ensure no more work items will run before freeing conn. */
226 cancel_delayed_work_sync(&conn->timeout_work);
227
228 hcon->iso_data = NULL;
229 kfree(conn);
230 }
231
232 static int __iso_chan_add(struct iso_conn *conn, struct sock *sk,
233 struct sock *parent)
234 {
235 BT_DBG("conn %p", conn);
236
237 if (iso_pi(sk)->conn == conn && conn->sk == sk)
238 return 0;
239
240 if (conn->sk) {
241 BT_ERR("conn->sk already set");
242 return -EBUSY;
243 }
244
245 iso_pi(sk)->conn = conn;
246 conn->sk = sk;
247
248 if (parent)
249 bt_accept_enqueue(parent, sk, true);
250
251 return 0;
252 }
253
254 static int iso_chan_add(struct iso_conn *conn, struct sock *sk,
255 struct sock *parent)
256 {
257 int err;
258
259 iso_conn_lock(conn);
260 err = __iso_chan_add(conn, sk, parent);
261 iso_conn_unlock(conn);
262
263 return err;
264 }
265
266 static inline u8 le_addr_type(u8 bdaddr_type)
267 {
268 if (bdaddr_type == BDADDR_LE_PUBLIC)
269 return ADDR_LE_DEV_PUBLIC;
270 else
271 return ADDR_LE_DEV_RANDOM;
272 }
273
274 static int iso_connect_bis(struct sock *sk)
275 {
276 struct iso_conn *conn;
277 struct hci_conn *hcon;
278 struct hci_dev *hdev;
279 int err;
280
281 BT_DBG("%pMR", &iso_pi(sk)->src);
282
283 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
284 iso_pi(sk)->src_type);
285 if (!hdev)
286 return -EHOSTUNREACH;
287
288 hci_dev_lock(hdev);
289
290 if (!bis_capable(hdev)) {
291 err = -EOPNOTSUPP;
292 goto unlock;
293 }
294
295 /* Fail if user set invalid QoS */
296 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) {
297 iso_pi(sk)->qos = default_qos;
298 err = -EINVAL;
299 goto unlock;
300 }
301
302 /* Fail if out PHYs are marked as disabled */
303 if (!iso_pi(sk)->qos.bcast.out.phy) {
304 err = -EINVAL;
305 goto unlock;
306 }
307
308 /* Just bind if DEFER_SETUP has been set */
309 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
310 hcon = hci_bind_bis(hdev, &iso_pi(sk)->dst,
311 &iso_pi(sk)->qos, iso_pi(sk)->base_len,
312 iso_pi(sk)->base);
313 if (IS_ERR(hcon)) {
314 err = PTR_ERR(hcon);
315 goto unlock;
316 }
317 } else {
318 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst,
319 le_addr_type(iso_pi(sk)->dst_type),
320 &iso_pi(sk)->qos, iso_pi(sk)->base_len,
321 iso_pi(sk)->base);
322 if (IS_ERR(hcon)) {
323 err = PTR_ERR(hcon);
324 goto unlock;
325 }
326 }
327
328 conn = iso_conn_add(hcon);
329 if (!conn) {
330 hci_conn_drop(hcon);
331 err = -ENOMEM;
332 goto unlock;
333 }
334
335 lock_sock(sk);
336
337 err = iso_chan_add(conn, sk, NULL);
338 if (err) {
339 release_sock(sk);
340 goto unlock;
341 }
342
343 /* Update source addr of the socket */
344 bacpy(&iso_pi(sk)->src, &hcon->src);
345
346 if (hcon->state == BT_CONNECTED) {
347 iso_sock_clear_timer(sk);
348 sk->sk_state = BT_CONNECTED;
349 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
350 iso_sock_clear_timer(sk);
351 sk->sk_state = BT_CONNECT;
352 } else {
353 sk->sk_state = BT_CONNECT;
354 iso_sock_set_timer(sk, sk->sk_sndtimeo);
355 }
356
357 release_sock(sk);
358
359 unlock:
360 hci_dev_unlock(hdev);
361 hci_dev_put(hdev);
362 return err;
363 }
364
365 static int iso_connect_cis(struct sock *sk)
366 {
367 struct iso_conn *conn;
368 struct hci_conn *hcon;
369 struct hci_dev *hdev;
370 int err;
371
372 BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst);
373
374 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
375 iso_pi(sk)->src_type);
376 if (!hdev)
377 return -EHOSTUNREACH;
378
379 hci_dev_lock(hdev);
380
381 if (!cis_central_capable(hdev)) {
382 err = -EOPNOTSUPP;
383 goto unlock;
384 }
385
386 /* Fail if user set invalid QoS */
387 if (iso_pi(sk)->qos_user_set && !check_ucast_qos(&iso_pi(sk)->qos)) {
388 iso_pi(sk)->qos = default_qos;
389 err = -EINVAL;
390 goto unlock;
391 }
392
393 /* Fail if either PHYs are marked as disabled */
394 if (!iso_pi(sk)->qos.ucast.in.phy && !iso_pi(sk)->qos.ucast.out.phy) {
395 err = -EINVAL;
396 goto unlock;
397 }
398
399 /* Just bind if DEFER_SETUP has been set */
400 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
401 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst,
402 le_addr_type(iso_pi(sk)->dst_type),
403 &iso_pi(sk)->qos);
404 if (IS_ERR(hcon)) {
405 err = PTR_ERR(hcon);
406 goto unlock;
407 }
408 } else {
409 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst,
410 le_addr_type(iso_pi(sk)->dst_type),
411 &iso_pi(sk)->qos);
412 if (IS_ERR(hcon)) {
413 err = PTR_ERR(hcon);
414 goto unlock;
415 }
416 }
417
418 conn = iso_conn_add(hcon);
419 if (!conn) {
420 hci_conn_drop(hcon);
421 err = -ENOMEM;
422 goto unlock;
423 }
424
425 lock_sock(sk);
426
427 err = iso_chan_add(conn, sk, NULL);
428 if (err) {
429 release_sock(sk);
430 goto unlock;
431 }
432
433 /* Update source addr of the socket */
434 bacpy(&iso_pi(sk)->src, &hcon->src);
435
436 if (hcon->state == BT_CONNECTED) {
437 iso_sock_clear_timer(sk);
438 sk->sk_state = BT_CONNECTED;
439 } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
440 iso_sock_clear_timer(sk);
441 sk->sk_state = BT_CONNECT;
442 } else {
443 sk->sk_state = BT_CONNECT;
444 iso_sock_set_timer(sk, sk->sk_sndtimeo);
445 }
446
447 release_sock(sk);
448
449 unlock:
450 hci_dev_unlock(hdev);
451 hci_dev_put(hdev);
452 return err;
453 }
454
455 static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk)
456 {
457 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2)
458 return &iso_pi(sk)->conn->hcon->iso_qos;
459
460 return &iso_pi(sk)->qos;
461 }
462
463 static int iso_send_frame(struct sock *sk, struct sk_buff *skb)
464 {
465 struct iso_conn *conn = iso_pi(sk)->conn;
466 struct bt_iso_qos *qos = iso_sock_get_qos(sk);
467 struct hci_iso_data_hdr *hdr;
468 int len = 0;
469
470 BT_DBG("sk %p len %d", sk, skb->len);
471
472 if (skb->len > qos->ucast.out.sdu)
473 return -EMSGSIZE;
474
475 len = skb->len;
476
477 /* Push ISO data header */
478 hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE);
479 hdr->sn = cpu_to_le16(conn->tx_sn++);
480 hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len,
481 HCI_ISO_STATUS_VALID));
482
483 if (sk->sk_state == BT_CONNECTED)
484 hci_send_iso(conn->hcon, skb);
485 else
486 len = -ENOTCONN;
487
488 return len;
489 }
490
491 static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb)
492 {
493 struct sock *sk;
494
495 iso_conn_lock(conn);
496 sk = conn->sk;
497 iso_conn_unlock(conn);
498
499 if (!sk)
500 goto drop;
501
502 BT_DBG("sk %p len %d", sk, skb->len);
503
504 if (sk->sk_state != BT_CONNECTED)
505 goto drop;
506
507 if (!sock_queue_rcv_skb(sk, skb))
508 return;
509
510 drop:
511 kfree_skb(skb);
512 }
513
514 /* -------- Socket interface ---------- */
515 static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *src, bdaddr_t *dst)
516 {
517 struct sock *sk;
518
519 sk_for_each(sk, &iso_sk_list.head) {
520 if (sk->sk_state != BT_LISTEN)
521 continue;
522
523 if (bacmp(&iso_pi(sk)->dst, dst))
524 continue;
525
526 if (!bacmp(&iso_pi(sk)->src, src))
527 return sk;
528 }
529
530 return NULL;
531 }
532
533 static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc,
534 __u8 sid)
535 {
536 struct sock *sk;
537
538 sk_for_each(sk, &iso_sk_list.head) {
539 if (sk->sk_state != BT_LISTEN)
540 continue;
541
542 if (bacmp(&iso_pi(sk)->src, ba))
543 continue;
544
545 if (bacmp(&iso_pi(sk)->dst, bc))
546 continue;
547
548 if (iso_pi(sk)->bc_sid == sid)
549 return sk;
550 }
551
552 return NULL;
553 }
554
555 /* Find socket in given state:
556 * source bdaddr (Unicast)
557 * destination bdaddr (Broadcast only)
558 * match func - pass NULL to ignore
559 * match func data - pass -1 to ignore
560 * Returns closest match.
561 */
562 static struct sock *iso_get_sock(bdaddr_t *src, bdaddr_t *dst,
563 enum bt_sock_state state,
564 iso_sock_match_t match, void *data)
565 {
566 struct sock *sk = NULL, *sk1 = NULL;
567
568 read_lock(&iso_sk_list.lock);
569
570 sk_for_each(sk, &iso_sk_list.head) {
571 if (sk->sk_state != state)
572 continue;
573
574 /* Match Broadcast destination */
575 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst))
576 continue;
577
578 /* Use Match function if provided */
579 if (match && !match(sk, data))
580 continue;
581
582 /* Exact match. */
583 if (!bacmp(&iso_pi(sk)->src, src)) {
584 sock_hold(sk);
585 break;
586 }
587
588 /* Closest match */
589 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) {
590 if (sk1)
591 sock_put(sk1);
592
593 sk1 = sk;
594 sock_hold(sk1);
595 }
596 }
597
598 if (sk && sk1)
599 sock_put(sk1);
600
601 read_unlock(&iso_sk_list.lock);
602
603 return sk ? sk : sk1;
604 }
605
606 static struct sock *iso_get_sock_big(struct sock *match_sk, bdaddr_t *src,
607 bdaddr_t *dst, uint8_t big)
608 {
609 struct sock *sk = NULL;
610
611 read_lock(&iso_sk_list.lock);
612
613 sk_for_each(sk, &iso_sk_list.head) {
614 if (match_sk == sk)
615 continue;
616
617 /* Look for sockets that have already been
618 * connected to the BIG
619 */
620 if (sk->sk_state != BT_CONNECTED &&
621 sk->sk_state != BT_CONNECT)
622 continue;
623
624 /* Match Broadcast destination */
625 if (bacmp(&iso_pi(sk)->dst, dst))
626 continue;
627
628 /* Match BIG handle */
629 if (iso_pi(sk)->qos.bcast.big != big)
630 continue;
631
632 /* Match source address */
633 if (bacmp(&iso_pi(sk)->src, src))
634 continue;
635
636 sock_hold(sk);
637 break;
638 }
639
640 read_unlock(&iso_sk_list.lock);
641
642 return sk;
643 }
644
645 static void iso_sock_destruct(struct sock *sk)
646 {
647 BT_DBG("sk %p", sk);
648
649 skb_queue_purge(&sk->sk_receive_queue);
650 skb_queue_purge(&sk->sk_write_queue);
651 }
652
653 static void iso_sock_cleanup_listen(struct sock *parent)
654 {
655 struct sock *sk;
656
657 BT_DBG("parent %p", parent);
658
659 /* Close not yet accepted channels */
660 while ((sk = bt_accept_dequeue(parent, NULL))) {
661 iso_sock_close(sk);
662 iso_sock_kill(sk);
663 }
664
665 /* If listening socket has a hcon, properly disconnect it */
666 if (iso_pi(parent)->conn && iso_pi(parent)->conn->hcon) {
667 iso_sock_disconn(parent);
668 return;
669 }
670
671 parent->sk_state = BT_CLOSED;
672 sock_set_flag(parent, SOCK_ZAPPED);
673 }
674
675 /* Kill socket (only if zapped and orphan)
676 * Must be called on unlocked socket.
677 */
678 static void iso_sock_kill(struct sock *sk)
679 {
680 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
681 sock_flag(sk, SOCK_DEAD))
682 return;
683
684 BT_DBG("sk %p state %d", sk, sk->sk_state);
685
686 /* Kill poor orphan */
687 bt_sock_unlink(&iso_sk_list, sk);
688 sock_set_flag(sk, SOCK_DEAD);
689 sock_put(sk);
690 }
691
692 static void iso_sock_disconn(struct sock *sk)
693 {
694 struct sock *bis_sk;
695 struct hci_conn *hcon = iso_pi(sk)->conn->hcon;
696
697 if (test_bit(HCI_CONN_BIG_CREATED, &hcon->flags)) {
698 bis_sk = iso_get_sock_big(sk, &iso_pi(sk)->src,
699 &iso_pi(sk)->dst,
700 iso_pi(sk)->qos.bcast.big);
701
702 /* If there are any other connected sockets for the
703 * same BIG, just delete the sk and leave the bis
704 * hcon active, in case later rebinding is needed.
705 */
706 if (bis_sk) {
707 hcon->state = BT_OPEN;
708 iso_pi(sk)->conn->hcon = NULL;
709 iso_sock_clear_timer(sk);
710 iso_chan_del(sk, bt_to_errno(hcon->abort_reason));
711 sock_put(bis_sk);
712 return;
713 }
714 }
715
716 sk->sk_state = BT_DISCONN;
717 iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT);
718 iso_conn_lock(iso_pi(sk)->conn);
719 hci_conn_drop(iso_pi(sk)->conn->hcon);
720 iso_pi(sk)->conn->hcon = NULL;
721 iso_conn_unlock(iso_pi(sk)->conn);
722 }
723
724 static void __iso_sock_close(struct sock *sk)
725 {
726 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
727
728 switch (sk->sk_state) {
729 case BT_LISTEN:
730 iso_sock_cleanup_listen(sk);
731 break;
732
733 case BT_CONNECT:
734 case BT_CONNECTED:
735 case BT_CONFIG:
736 if (iso_pi(sk)->conn->hcon)
737 iso_sock_disconn(sk);
738 else
739 iso_chan_del(sk, ECONNRESET);
740 break;
741
742 case BT_CONNECT2:
743 if (iso_pi(sk)->conn->hcon &&
744 (test_bit(HCI_CONN_PA_SYNC, &iso_pi(sk)->conn->hcon->flags) ||
745 test_bit(HCI_CONN_PA_SYNC_FAILED, &iso_pi(sk)->conn->hcon->flags)))
746 iso_sock_disconn(sk);
747 else
748 iso_chan_del(sk, ECONNRESET);
749 break;
750 case BT_DISCONN:
751 iso_chan_del(sk, ECONNRESET);
752 break;
753
754 default:
755 sock_set_flag(sk, SOCK_ZAPPED);
756 break;
757 }
758 }
759
760 /* Must be called on unlocked socket. */
761 static void iso_sock_close(struct sock *sk)
762 {
763 iso_sock_clear_timer(sk);
764 lock_sock(sk);
765 __iso_sock_close(sk);
766 release_sock(sk);
767 iso_sock_kill(sk);
768 }
769
770 static void iso_sock_init(struct sock *sk, struct sock *parent)
771 {
772 BT_DBG("sk %p", sk);
773
774 if (parent) {
775 sk->sk_type = parent->sk_type;
776 bt_sk(sk)->flags = bt_sk(parent)->flags;
777 security_sk_clone(parent, sk);
778 }
779 }
780
781 static struct proto iso_proto = {
782 .name = "ISO",
783 .owner = THIS_MODULE,
784 .obj_size = sizeof(struct iso_pinfo)
785 };
786
787 #define DEFAULT_IO_QOS \
788 { \
789 .interval = 10000u, \
790 .latency = 10u, \
791 .sdu = 40u, \
792 .phy = BT_ISO_PHY_2M, \
793 .rtn = 2u, \
794 }
795
796 static struct bt_iso_qos default_qos = {
797 .bcast = {
798 .big = BT_ISO_QOS_BIG_UNSET,
799 .bis = BT_ISO_QOS_BIS_UNSET,
800 .sync_factor = 0x01,
801 .packing = 0x00,
802 .framing = 0x00,
803 .in = DEFAULT_IO_QOS,
804 .out = DEFAULT_IO_QOS,
805 .encryption = 0x00,
806 .bcode = {0x00},
807 .options = 0x00,
808 .skip = 0x0000,
809 .sync_timeout = BT_ISO_SYNC_TIMEOUT,
810 .sync_cte_type = 0x00,
811 .mse = 0x00,
812 .timeout = BT_ISO_SYNC_TIMEOUT,
813 },
814 };
815
816 static struct sock *iso_sock_alloc(struct net *net, struct socket *sock,
817 int proto, gfp_t prio, int kern)
818 {
819 struct sock *sk;
820
821 sk = bt_sock_alloc(net, sock, &iso_proto, proto, prio, kern);
822 if (!sk)
823 return NULL;
824
825 sk->sk_destruct = iso_sock_destruct;
826 sk->sk_sndtimeo = ISO_CONN_TIMEOUT;
827
828 /* Set address type as public as default src address is BDADDR_ANY */
829 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
830
831 iso_pi(sk)->qos = default_qos;
832 iso_pi(sk)->sync_handle = -1;
833
834 bt_sock_link(&iso_sk_list, sk);
835 return sk;
836 }
837
838 static int iso_sock_create(struct net *net, struct socket *sock, int protocol,
839 int kern)
840 {
841 struct sock *sk;
842
843 BT_DBG("sock %p", sock);
844
845 sock->state = SS_UNCONNECTED;
846
847 if (sock->type != SOCK_SEQPACKET)
848 return -ESOCKTNOSUPPORT;
849
850 sock->ops = &iso_sock_ops;
851
852 sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
853 if (!sk)
854 return -ENOMEM;
855
856 iso_sock_init(sk, NULL);
857 return 0;
858 }
859
860 static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr,
861 int addr_len)
862 {
863 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
864 struct sock *sk = sock->sk;
865 int i;
866
867 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid,
868 sa->iso_bc->bc_num_bis);
869
870 if (addr_len != sizeof(*sa) + sizeof(*sa->iso_bc))
871 return -EINVAL;
872
873 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr);
874
875 /* Check if the address type is of LE type */
876 if (!bdaddr_type_is_le(sa->iso_bc->bc_bdaddr_type))
877 return -EINVAL;
878
879 iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type;
880
881 if (sa->iso_bc->bc_sid > 0x0f)
882 return -EINVAL;
883
884 iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid;
885
886 if (sa->iso_bc->bc_num_bis > ISO_MAX_NUM_BIS)
887 return -EINVAL;
888
889 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis;
890
891 for (i = 0; i < iso_pi(sk)->bc_num_bis; i++)
892 if (sa->iso_bc->bc_bis[i] < 0x01 ||
893 sa->iso_bc->bc_bis[i] > 0x1f)
894 return -EINVAL;
895
896 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis,
897 iso_pi(sk)->bc_num_bis);
898
899 return 0;
900 }
901
902 static int iso_sock_bind_pa_sk(struct sock *sk, struct sockaddr_iso *sa,
903 int addr_len)
904 {
905 int err = 0;
906
907 if (sk->sk_type != SOCK_SEQPACKET) {
908 err = -EINVAL;
909 goto done;
910 }
911
912 if (addr_len != sizeof(*sa) + sizeof(*sa->iso_bc)) {
913 err = -EINVAL;
914 goto done;
915 }
916
917 if (sa->iso_bc->bc_num_bis > ISO_MAX_NUM_BIS) {
918 err = -EINVAL;
919 goto done;
920 }
921
922 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis;
923
924 for (int i = 0; i < iso_pi(sk)->bc_num_bis; i++)
925 if (sa->iso_bc->bc_bis[i] < 0x01 ||
926 sa->iso_bc->bc_bis[i] > 0x1f) {
927 err = -EINVAL;
928 goto done;
929 }
930
931 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis,
932 iso_pi(sk)->bc_num_bis);
933
934 done:
935 return err;
936 }
937
938 static int iso_sock_bind(struct socket *sock, struct sockaddr *addr,
939 int addr_len)
940 {
941 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
942 struct sock *sk = sock->sk;
943 int err = 0;
944
945 BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type);
946
947 if (!addr || addr_len < sizeof(struct sockaddr_iso) ||
948 addr->sa_family != AF_BLUETOOTH)
949 return -EINVAL;
950
951 lock_sock(sk);
952
953 /* Allow the user to bind a PA sync socket to a number
954 * of BISes to sync to.
955 */
956 if ((sk->sk_state == BT_CONNECT2 ||
957 sk->sk_state == BT_CONNECTED) &&
958 test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) {
959 err = iso_sock_bind_pa_sk(sk, sa, addr_len);
960 goto done;
961 }
962
963 if (sk->sk_state != BT_OPEN) {
964 err = -EBADFD;
965 goto done;
966 }
967
968 if (sk->sk_type != SOCK_SEQPACKET) {
969 err = -EINVAL;
970 goto done;
971 }
972
973 /* Check if the address type is of LE type */
974 if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) {
975 err = -EINVAL;
976 goto done;
977 }
978
979 bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr);
980 iso_pi(sk)->src_type = sa->iso_bdaddr_type;
981
982 /* Check for Broadcast address */
983 if (addr_len > sizeof(*sa)) {
984 err = iso_sock_bind_bc(sock, addr, addr_len);
985 if (err)
986 goto done;
987 }
988
989 sk->sk_state = BT_BOUND;
990
991 done:
992 release_sock(sk);
993 return err;
994 }
995
996 static int iso_sock_connect(struct socket *sock, struct sockaddr *addr,
997 int alen, int flags)
998 {
999 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1000 struct sock *sk = sock->sk;
1001 int err;
1002
1003 BT_DBG("sk %p", sk);
1004
1005 if (alen < sizeof(struct sockaddr_iso) ||
1006 addr->sa_family != AF_BLUETOOTH)
1007 return -EINVAL;
1008
1009 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
1010 return -EBADFD;
1011
1012 if (sk->sk_type != SOCK_SEQPACKET)
1013 return -EINVAL;
1014
1015 /* Check if the address type is of LE type */
1016 if (!bdaddr_type_is_le(sa->iso_bdaddr_type))
1017 return -EINVAL;
1018
1019 lock_sock(sk);
1020
1021 bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr);
1022 iso_pi(sk)->dst_type = sa->iso_bdaddr_type;
1023
1024 release_sock(sk);
1025
1026 if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
1027 err = iso_connect_cis(sk);
1028 else
1029 err = iso_connect_bis(sk);
1030
1031 if (err)
1032 return err;
1033
1034 lock_sock(sk);
1035
1036 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1037 err = bt_sock_wait_state(sk, BT_CONNECTED,
1038 sock_sndtimeo(sk, flags & O_NONBLOCK));
1039 }
1040
1041 release_sock(sk);
1042 return err;
1043 }
1044
1045 static int iso_listen_bis(struct sock *sk)
1046 {
1047 struct hci_dev *hdev;
1048 int err = 0;
1049 struct iso_conn *conn;
1050 struct hci_conn *hcon;
1051
1052 BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src,
1053 &iso_pi(sk)->dst, iso_pi(sk)->bc_sid);
1054
1055 write_lock(&iso_sk_list.lock);
1056
1057 if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst,
1058 iso_pi(sk)->bc_sid))
1059 err = -EADDRINUSE;
1060
1061 write_unlock(&iso_sk_list.lock);
1062
1063 if (err)
1064 return err;
1065
1066 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
1067 iso_pi(sk)->src_type);
1068 if (!hdev)
1069 return -EHOSTUNREACH;
1070
1071 hci_dev_lock(hdev);
1072
1073 /* Fail if user set invalid QoS */
1074 if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) {
1075 iso_pi(sk)->qos = default_qos;
1076 err = -EINVAL;
1077 goto unlock;
1078 }
1079
1080 hcon = hci_pa_create_sync(hdev, &iso_pi(sk)->dst,
1081 le_addr_type(iso_pi(sk)->dst_type),
1082 iso_pi(sk)->bc_sid, &iso_pi(sk)->qos);
1083 if (IS_ERR(hcon)) {
1084 err = PTR_ERR(hcon);
1085 goto unlock;
1086 }
1087
1088 conn = iso_conn_add(hcon);
1089 if (!conn) {
1090 hci_conn_drop(hcon);
1091 err = -ENOMEM;
1092 goto unlock;
1093 }
1094
1095 err = iso_chan_add(conn, sk, NULL);
1096 if (err) {
1097 hci_conn_drop(hcon);
1098 goto unlock;
1099 }
1100
1101 hci_dev_put(hdev);
1102
1103 unlock:
1104 hci_dev_unlock(hdev);
1105 return err;
1106 }
1107
1108 static int iso_listen_cis(struct sock *sk)
1109 {
1110 int err = 0;
1111
1112 BT_DBG("%pMR", &iso_pi(sk)->src);
1113
1114 write_lock(&iso_sk_list.lock);
1115
1116 if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src, &iso_pi(sk)->dst))
1117 err = -EADDRINUSE;
1118
1119 write_unlock(&iso_sk_list.lock);
1120
1121 return err;
1122 }
1123
1124 static int iso_sock_listen(struct socket *sock, int backlog)
1125 {
1126 struct sock *sk = sock->sk;
1127 int err = 0;
1128
1129 BT_DBG("sk %p backlog %d", sk, backlog);
1130
1131 lock_sock(sk);
1132
1133 if (sk->sk_state != BT_BOUND) {
1134 err = -EBADFD;
1135 goto done;
1136 }
1137
1138 if (sk->sk_type != SOCK_SEQPACKET) {
1139 err = -EINVAL;
1140 goto done;
1141 }
1142
1143 if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
1144 err = iso_listen_cis(sk);
1145 else
1146 err = iso_listen_bis(sk);
1147
1148 if (err)
1149 goto done;
1150
1151 sk->sk_max_ack_backlog = backlog;
1152 sk->sk_ack_backlog = 0;
1153
1154 sk->sk_state = BT_LISTEN;
1155
1156 done:
1157 release_sock(sk);
1158 return err;
1159 }
1160
1161 static int iso_sock_accept(struct socket *sock, struct socket *newsock,
1162 struct proto_accept_arg *arg)
1163 {
1164 DEFINE_WAIT_FUNC(wait, woken_wake_function);
1165 struct sock *sk = sock->sk, *ch;
1166 long timeo;
1167 int err = 0;
1168
1169 lock_sock(sk);
1170
1171 timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK);
1172
1173 BT_DBG("sk %p timeo %ld", sk, timeo);
1174
1175 /* Wait for an incoming connection. (wake-one). */
1176 add_wait_queue_exclusive(sk_sleep(sk), &wait);
1177 while (1) {
1178 if (sk->sk_state != BT_LISTEN) {
1179 err = -EBADFD;
1180 break;
1181 }
1182
1183 ch = bt_accept_dequeue(sk, newsock);
1184 if (ch)
1185 break;
1186
1187 if (!timeo) {
1188 err = -EAGAIN;
1189 break;
1190 }
1191
1192 if (signal_pending(current)) {
1193 err = sock_intr_errno(timeo);
1194 break;
1195 }
1196
1197 release_sock(sk);
1198
1199 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
1200 lock_sock(sk);
1201 }
1202 remove_wait_queue(sk_sleep(sk), &wait);
1203
1204 if (err)
1205 goto done;
1206
1207 newsock->state = SS_CONNECTED;
1208
1209 BT_DBG("new socket %p", ch);
1210
1211 done:
1212 release_sock(sk);
1213 return err;
1214 }
1215
1216 static int iso_sock_getname(struct socket *sock, struct sockaddr *addr,
1217 int peer)
1218 {
1219 struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1220 struct sock *sk = sock->sk;
1221
1222 BT_DBG("sock %p, sk %p", sock, sk);
1223
1224 addr->sa_family = AF_BLUETOOTH;
1225
1226 if (peer) {
1227 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst);
1228 sa->iso_bdaddr_type = iso_pi(sk)->dst_type;
1229 } else {
1230 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src);
1231 sa->iso_bdaddr_type = iso_pi(sk)->src_type;
1232 }
1233
1234 return sizeof(struct sockaddr_iso);
1235 }
1236
1237 static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1238 size_t len)
1239 {
1240 struct sock *sk = sock->sk;
1241 struct sk_buff *skb, **frag;
1242 size_t mtu;
1243 int err;
1244
1245 BT_DBG("sock %p, sk %p", sock, sk);
1246
1247 err = sock_error(sk);
1248 if (err)
1249 return err;
1250
1251 if (msg->msg_flags & MSG_OOB)
1252 return -EOPNOTSUPP;
1253
1254 lock_sock(sk);
1255
1256 if (sk->sk_state != BT_CONNECTED) {
1257 release_sock(sk);
1258 return -ENOTCONN;
1259 }
1260
1261 mtu = iso_pi(sk)->conn->hcon->mtu;
1262
1263 release_sock(sk);
1264
1265 skb = bt_skb_sendmsg(sk, msg, len, mtu, HCI_ISO_DATA_HDR_SIZE, 0);
1266 if (IS_ERR(skb))
1267 return PTR_ERR(skb);
1268
1269 len -= skb->len;
1270
1271 BT_DBG("skb %p len %d", sk, skb->len);
1272
1273 /* Continuation fragments */
1274 frag = &skb_shinfo(skb)->frag_list;
1275 while (len) {
1276 struct sk_buff *tmp;
1277
1278 tmp = bt_skb_sendmsg(sk, msg, len, mtu, 0, 0);
1279 if (IS_ERR(tmp)) {
1280 kfree_skb(skb);
1281 return PTR_ERR(tmp);
1282 }
1283
1284 *frag = tmp;
1285
1286 len -= tmp->len;
1287
1288 skb->len += tmp->len;
1289 skb->data_len += tmp->len;
1290
1291 BT_DBG("frag %p len %d", *frag, tmp->len);
1292
1293 frag = &(*frag)->next;
1294 }
1295
1296 lock_sock(sk);
1297
1298 if (sk->sk_state == BT_CONNECTED)
1299 err = iso_send_frame(sk, skb);
1300 else
1301 err = -ENOTCONN;
1302
1303 release_sock(sk);
1304
1305 if (err < 0)
1306 kfree_skb(skb);
1307 return err;
1308 }
1309
1310 static void iso_conn_defer_accept(struct hci_conn *conn)
1311 {
1312 struct hci_cp_le_accept_cis cp;
1313 struct hci_dev *hdev = conn->hdev;
1314
1315 BT_DBG("conn %p", conn);
1316
1317 conn->state = BT_CONFIG;
1318
1319 cp.handle = cpu_to_le16(conn->handle);
1320
1321 hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp);
1322 }
1323
1324 static void iso_conn_big_sync(struct sock *sk)
1325 {
1326 int err;
1327 struct hci_dev *hdev;
1328
1329 hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
1330 iso_pi(sk)->src_type);
1331
1332 if (!hdev)
1333 return;
1334
1335 if (!test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
1336 err = hci_le_big_create_sync(hdev, iso_pi(sk)->conn->hcon,
1337 &iso_pi(sk)->qos,
1338 iso_pi(sk)->sync_handle,
1339 iso_pi(sk)->bc_num_bis,
1340 iso_pi(sk)->bc_bis);
1341 if (err)
1342 bt_dev_err(hdev, "hci_le_big_create_sync: %d",
1343 err);
1344 }
1345 }
1346
1347 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1348 size_t len, int flags)
1349 {
1350 struct sock *sk = sock->sk;
1351 struct iso_pinfo *pi = iso_pi(sk);
1352
1353 BT_DBG("sk %p", sk);
1354
1355 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1356 lock_sock(sk);
1357 switch (sk->sk_state) {
1358 case BT_CONNECT2:
1359 if (pi->conn->hcon &&
1360 test_bit(HCI_CONN_PA_SYNC, &pi->conn->hcon->flags)) {
1361 iso_conn_big_sync(sk);
1362 sk->sk_state = BT_LISTEN;
1363 } else {
1364 iso_conn_defer_accept(pi->conn->hcon);
1365 sk->sk_state = BT_CONFIG;
1366 }
1367 release_sock(sk);
1368 return 0;
1369 case BT_CONNECTED:
1370 if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) {
1371 iso_conn_big_sync(sk);
1372 sk->sk_state = BT_LISTEN;
1373 release_sock(sk);
1374 return 0;
1375 }
1376
1377 release_sock(sk);
1378 break;
1379 case BT_CONNECT:
1380 release_sock(sk);
1381 return iso_connect_cis(sk);
1382 default:
1383 release_sock(sk);
1384 break;
1385 }
1386 }
1387
1388 return bt_sock_recvmsg(sock, msg, len, flags);
1389 }
1390
1391 static bool check_io_qos(struct bt_iso_io_qos *qos)
1392 {
1393 /* If no PHY is enable SDU must be 0 */
1394 if (!qos->phy && qos->sdu)
1395 return false;
1396
1397 if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff))
1398 return false;
1399
1400 if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0))
1401 return false;
1402
1403 if (qos->phy > BT_ISO_PHY_ANY)
1404 return false;
1405
1406 return true;
1407 }
1408
1409 static bool check_ucast_qos(struct bt_iso_qos *qos)
1410 {
1411 if (qos->ucast.cig > 0xef && qos->ucast.cig != BT_ISO_QOS_CIG_UNSET)
1412 return false;
1413
1414 if (qos->ucast.cis > 0xef && qos->ucast.cis != BT_ISO_QOS_CIS_UNSET)
1415 return false;
1416
1417 if (qos->ucast.sca > 0x07)
1418 return false;
1419
1420 if (qos->ucast.packing > 0x01)
1421 return false;
1422
1423 if (qos->ucast.framing > 0x01)
1424 return false;
1425
1426 if (!check_io_qos(&qos->ucast.in))
1427 return false;
1428
1429 if (!check_io_qos(&qos->ucast.out))
1430 return false;
1431
1432 return true;
1433 }
1434
1435 static bool check_bcast_qos(struct bt_iso_qos *qos)
1436 {
1437 if (!qos->bcast.sync_factor)
1438 qos->bcast.sync_factor = 0x01;
1439
1440 if (qos->bcast.packing > 0x01)
1441 return false;
1442
1443 if (qos->bcast.framing > 0x01)
1444 return false;
1445
1446 if (!check_io_qos(&qos->bcast.in))
1447 return false;
1448
1449 if (!check_io_qos(&qos->bcast.out))
1450 return false;
1451
1452 if (qos->bcast.encryption > 0x01)
1453 return false;
1454
1455 if (qos->bcast.options > 0x07)
1456 return false;
1457
1458 if (qos->bcast.skip > 0x01f3)
1459 return false;
1460
1461 if (!qos->bcast.sync_timeout)
1462 qos->bcast.sync_timeout = BT_ISO_SYNC_TIMEOUT;
1463
1464 if (qos->bcast.sync_timeout < 0x000a || qos->bcast.sync_timeout > 0x4000)
1465 return false;
1466
1467 if (qos->bcast.sync_cte_type > 0x1f)
1468 return false;
1469
1470 if (qos->bcast.mse > 0x1f)
1471 return false;
1472
1473 if (!qos->bcast.timeout)
1474 qos->bcast.sync_timeout = BT_ISO_SYNC_TIMEOUT;
1475
1476 if (qos->bcast.timeout < 0x000a || qos->bcast.timeout > 0x4000)
1477 return false;
1478
1479 return true;
1480 }
1481
1482 static int iso_sock_setsockopt(struct socket *sock, int level, int optname,
1483 sockptr_t optval, unsigned int optlen)
1484 {
1485 struct sock *sk = sock->sk;
1486 int err = 0;
1487 struct bt_iso_qos qos = default_qos;
1488 u32 opt;
1489
1490 BT_DBG("sk %p", sk);
1491
1492 lock_sock(sk);
1493
1494 switch (optname) {
1495 case BT_DEFER_SETUP:
1496 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1497 err = -EINVAL;
1498 break;
1499 }
1500
1501 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen);
1502 if (err)
1503 break;
1504
1505 if (opt)
1506 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1507 else
1508 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1509 break;
1510
1511 case BT_PKT_STATUS:
1512 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen);
1513 if (err)
1514 break;
1515
1516 if (opt)
1517 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1518 else
1519 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1520 break;
1521
1522 case BT_ISO_QOS:
1523 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1524 sk->sk_state != BT_CONNECT2 &&
1525 (!test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags) ||
1526 sk->sk_state != BT_CONNECTED)) {
1527 err = -EINVAL;
1528 break;
1529 }
1530
1531 err = bt_copy_from_sockptr(&qos, sizeof(qos), optval, optlen);
1532 if (err)
1533 break;
1534
1535 iso_pi(sk)->qos = qos;
1536 iso_pi(sk)->qos_user_set = true;
1537
1538 break;
1539
1540 case BT_ISO_BASE:
1541 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1542 sk->sk_state != BT_CONNECT2) {
1543 err = -EINVAL;
1544 break;
1545 }
1546
1547 if (optlen > sizeof(iso_pi(sk)->base)) {
1548 err = -EINVAL;
1549 break;
1550 }
1551
1552 err = bt_copy_from_sockptr(iso_pi(sk)->base, optlen, optval,
1553 optlen);
1554 if (err)
1555 break;
1556
1557 iso_pi(sk)->base_len = optlen;
1558
1559 break;
1560
1561 default:
1562 err = -ENOPROTOOPT;
1563 break;
1564 }
1565
1566 release_sock(sk);
1567 return err;
1568 }
1569
1570 static int iso_sock_getsockopt(struct socket *sock, int level, int optname,
1571 char __user *optval, int __user *optlen)
1572 {
1573 struct sock *sk = sock->sk;
1574 int len, err = 0;
1575 struct bt_iso_qos *qos;
1576 u8 base_len;
1577 u8 *base;
1578
1579 BT_DBG("sk %p", sk);
1580
1581 if (get_user(len, optlen))
1582 return -EFAULT;
1583
1584 lock_sock(sk);
1585
1586 switch (optname) {
1587 case BT_DEFER_SETUP:
1588 if (sk->sk_state == BT_CONNECTED) {
1589 err = -EINVAL;
1590 break;
1591 }
1592
1593 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1594 (u32 __user *)optval))
1595 err = -EFAULT;
1596
1597 break;
1598
1599 case BT_PKT_STATUS:
1600 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1601 (int __user *)optval))
1602 err = -EFAULT;
1603 break;
1604
1605 case BT_ISO_QOS:
1606 qos = iso_sock_get_qos(sk);
1607
1608 len = min_t(unsigned int, len, sizeof(*qos));
1609 if (copy_to_user(optval, qos, len))
1610 err = -EFAULT;
1611
1612 break;
1613
1614 case BT_ISO_BASE:
1615 if (sk->sk_state == BT_CONNECTED &&
1616 !bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) {
1617 base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len;
1618 base = iso_pi(sk)->conn->hcon->le_per_adv_data;
1619 } else {
1620 base_len = iso_pi(sk)->base_len;
1621 base = iso_pi(sk)->base;
1622 }
1623
1624 len = min_t(unsigned int, len, base_len);
1625 if (copy_to_user(optval, base, len))
1626 err = -EFAULT;
1627 if (put_user(len, optlen))
1628 err = -EFAULT;
1629
1630 break;
1631
1632 default:
1633 err = -ENOPROTOOPT;
1634 break;
1635 }
1636
1637 release_sock(sk);
1638 return err;
1639 }
1640
1641 static int iso_sock_shutdown(struct socket *sock, int how)
1642 {
1643 struct sock *sk = sock->sk;
1644 int err = 0;
1645
1646 BT_DBG("sock %p, sk %p, how %d", sock, sk, how);
1647
1648 if (!sk)
1649 return 0;
1650
1651 sock_hold(sk);
1652 lock_sock(sk);
1653
1654 switch (how) {
1655 case SHUT_RD:
1656 if (sk->sk_shutdown & RCV_SHUTDOWN)
1657 goto unlock;
1658 sk->sk_shutdown |= RCV_SHUTDOWN;
1659 break;
1660 case SHUT_WR:
1661 if (sk->sk_shutdown & SEND_SHUTDOWN)
1662 goto unlock;
1663 sk->sk_shutdown |= SEND_SHUTDOWN;
1664 break;
1665 case SHUT_RDWR:
1666 if (sk->sk_shutdown & SHUTDOWN_MASK)
1667 goto unlock;
1668 sk->sk_shutdown |= SHUTDOWN_MASK;
1669 break;
1670 }
1671
1672 iso_sock_clear_timer(sk);
1673 __iso_sock_close(sk);
1674
1675 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1676 !(current->flags & PF_EXITING))
1677 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1678
1679 unlock:
1680 release_sock(sk);
1681 sock_put(sk);
1682
1683 return err;
1684 }
1685
1686 static int iso_sock_release(struct socket *sock)
1687 {
1688 struct sock *sk = sock->sk;
1689 int err = 0;
1690
1691 BT_DBG("sock %p, sk %p", sock, sk);
1692
1693 if (!sk)
1694 return 0;
1695
1696 iso_sock_close(sk);
1697
1698 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
1699 !(current->flags & PF_EXITING)) {
1700 lock_sock(sk);
1701 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1702 release_sock(sk);
1703 }
1704
1705 sock_orphan(sk);
1706 iso_sock_kill(sk);
1707 return err;
1708 }
1709
1710 static void iso_sock_ready(struct sock *sk)
1711 {
1712 BT_DBG("sk %p", sk);
1713
1714 if (!sk)
1715 return;
1716
1717 lock_sock(sk);
1718 iso_sock_clear_timer(sk);
1719 sk->sk_state = BT_CONNECTED;
1720 sk->sk_state_change(sk);
1721 release_sock(sk);
1722 }
1723
1724 struct iso_list_data {
1725 struct hci_conn *hcon;
1726 int count;
1727 };
1728
1729 static bool iso_match_big(struct sock *sk, void *data)
1730 {
1731 struct hci_evt_le_big_sync_estabilished *ev = data;
1732
1733 return ev->handle == iso_pi(sk)->qos.bcast.big;
1734 }
1735
1736 static bool iso_match_pa_sync_flag(struct sock *sk, void *data)
1737 {
1738 return test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags);
1739 }
1740
1741 static void iso_conn_ready(struct iso_conn *conn)
1742 {
1743 struct sock *parent = NULL;
1744 struct sock *sk = conn->sk;
1745 struct hci_ev_le_big_sync_estabilished *ev = NULL;
1746 struct hci_ev_le_pa_sync_established *ev2 = NULL;
1747 struct hci_ev_le_per_adv_report *ev3 = NULL;
1748 struct hci_conn *hcon;
1749
1750 BT_DBG("conn %p", conn);
1751
1752 if (sk) {
1753 iso_sock_ready(conn->sk);
1754 } else {
1755 hcon = conn->hcon;
1756 if (!hcon)
1757 return;
1758
1759 if (test_bit(HCI_CONN_BIG_SYNC, &hcon->flags) ||
1760 test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags)) {
1761 ev = hci_recv_event_data(hcon->hdev,
1762 HCI_EVT_LE_BIG_SYNC_ESTABILISHED);
1763
1764 /* Get reference to PA sync parent socket, if it exists */
1765 parent = iso_get_sock(&hcon->src, &hcon->dst,
1766 BT_LISTEN,
1767 iso_match_pa_sync_flag,
1768 NULL);
1769 if (!parent && ev)
1770 parent = iso_get_sock(&hcon->src,
1771 &hcon->dst,
1772 BT_LISTEN,
1773 iso_match_big, ev);
1774 } else if (test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) {
1775 ev2 = hci_recv_event_data(hcon->hdev,
1776 HCI_EV_LE_PA_SYNC_ESTABLISHED);
1777 if (ev2)
1778 parent = iso_get_sock(&hcon->src,
1779 &hcon->dst,
1780 BT_LISTEN,
1781 iso_match_sid, ev2);
1782 } else if (test_bit(HCI_CONN_PA_SYNC, &hcon->flags)) {
1783 ev3 = hci_recv_event_data(hcon->hdev,
1784 HCI_EV_LE_PER_ADV_REPORT);
1785 if (ev3)
1786 parent = iso_get_sock(&hcon->src,
1787 &hcon->dst,
1788 BT_LISTEN,
1789 iso_match_sync_handle_pa_report,
1790 ev3);
1791 }
1792
1793 if (!parent)
1794 parent = iso_get_sock(&hcon->src, BDADDR_ANY,
1795 BT_LISTEN, NULL, NULL);
1796
1797 if (!parent)
1798 return;
1799
1800 lock_sock(parent);
1801
1802 sk = iso_sock_alloc(sock_net(parent), NULL,
1803 BTPROTO_ISO, GFP_ATOMIC, 0);
1804 if (!sk) {
1805 release_sock(parent);
1806 return;
1807 }
1808
1809 iso_sock_init(sk, parent);
1810
1811 bacpy(&iso_pi(sk)->src, &hcon->src);
1812
1813 /* Convert from HCI to three-value type */
1814 if (hcon->src_type == ADDR_LE_DEV_PUBLIC)
1815 iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
1816 else
1817 iso_pi(sk)->src_type = BDADDR_LE_RANDOM;
1818
1819 /* If hcon has no destination address (BDADDR_ANY) it means it
1820 * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED or
1821 * HCI_EV_LE_PA_SYNC_ESTABLISHED so we need to initialize using
1822 * the parent socket destination address.
1823 */
1824 if (!bacmp(&hcon->dst, BDADDR_ANY)) {
1825 bacpy(&hcon->dst, &iso_pi(parent)->dst);
1826 hcon->dst_type = iso_pi(parent)->dst_type;
1827 hcon->sync_handle = iso_pi(parent)->sync_handle;
1828 }
1829
1830 if (ev3) {
1831 iso_pi(sk)->qos = iso_pi(parent)->qos;
1832 hcon->iso_qos = iso_pi(sk)->qos;
1833 iso_pi(sk)->bc_num_bis = iso_pi(parent)->bc_num_bis;
1834 memcpy(iso_pi(sk)->bc_bis, iso_pi(parent)->bc_bis, ISO_MAX_NUM_BIS);
1835 set_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags);
1836 }
1837
1838 bacpy(&iso_pi(sk)->dst, &hcon->dst);
1839 iso_pi(sk)->dst_type = hcon->dst_type;
1840 iso_pi(sk)->sync_handle = iso_pi(parent)->sync_handle;
1841 memcpy(iso_pi(sk)->base, iso_pi(parent)->base, iso_pi(parent)->base_len);
1842 iso_pi(sk)->base_len = iso_pi(parent)->base_len;
1843
1844 hci_conn_hold(hcon);
1845 iso_chan_add(conn, sk, parent);
1846
1847 if ((ev && ((struct hci_evt_le_big_sync_estabilished *)ev)->status) ||
1848 (ev2 && ev2->status)) {
1849 /* Trigger error signal on child socket */
1850 sk->sk_err = ECONNREFUSED;
1851 sk->sk_error_report(sk);
1852 }
1853
1854 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1855 sk->sk_state = BT_CONNECT2;
1856 else
1857 sk->sk_state = BT_CONNECTED;
1858
1859 /* Wake up parent */
1860 parent->sk_data_ready(parent);
1861
1862 release_sock(parent);
1863 sock_put(parent);
1864 }
1865 }
1866
1867 static bool iso_match_sid(struct sock *sk, void *data)
1868 {
1869 struct hci_ev_le_pa_sync_established *ev = data;
1870
1871 return ev->sid == iso_pi(sk)->bc_sid;
1872 }
1873
1874 static bool iso_match_sync_handle(struct sock *sk, void *data)
1875 {
1876 struct hci_evt_le_big_info_adv_report *ev = data;
1877
1878 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
1879 }
1880
1881 static bool iso_match_sync_handle_pa_report(struct sock *sk, void *data)
1882 {
1883 struct hci_ev_le_per_adv_report *ev = data;
1884
1885 return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
1886 }
1887
1888 /* ----- ISO interface with lower layer (HCI) ----- */
1889
1890 int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1891 {
1892 struct hci_ev_le_pa_sync_established *ev1;
1893 struct hci_evt_le_big_info_adv_report *ev2;
1894 struct hci_ev_le_per_adv_report *ev3;
1895 struct sock *sk;
1896
1897 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
1898
1899 /* Broadcast receiver requires handling of some events before it can
1900 * proceed to establishing a BIG sync:
1901 *
1902 * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific
1903 * SID to listen to and once sync is estabilished its handle needs to
1904 * be stored in iso_pi(sk)->sync_handle so it can be matched once
1905 * receiving the BIG Info.
1906 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a
1907 * a BIG Info it attempts to check if there any listening socket with
1908 * the same sync_handle and if it does then attempt to create a sync.
1909 * 3. HCI_EV_LE_PER_ADV_REPORT: When a PA report is received, it is stored
1910 * in iso_pi(sk)->base so it can be passed up to user, in the case of a
1911 * broadcast sink.
1912 */
1913 ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED);
1914 if (ev1) {
1915 sk = iso_get_sock(&hdev->bdaddr, bdaddr, BT_LISTEN,
1916 iso_match_sid, ev1);
1917 if (sk && !ev1->status)
1918 iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle);
1919
1920 goto done;
1921 }
1922
1923 ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT);
1924 if (ev2) {
1925 /* Check if BIGInfo report has already been handled */
1926 sk = iso_get_sock(&hdev->bdaddr, bdaddr, BT_CONNECTED,
1927 iso_match_sync_handle, ev2);
1928 if (sk) {
1929 sock_put(sk);
1930 sk = NULL;
1931 goto done;
1932 }
1933
1934 /* Try to get PA sync socket, if it exists */
1935 sk = iso_get_sock(&hdev->bdaddr, bdaddr, BT_CONNECT2,
1936 iso_match_sync_handle, ev2);
1937 if (!sk)
1938 sk = iso_get_sock(&hdev->bdaddr, bdaddr,
1939 BT_LISTEN,
1940 iso_match_sync_handle,
1941 ev2);
1942
1943 if (sk) {
1944 int err;
1945
1946 iso_pi(sk)->qos.bcast.encryption = ev2->encryption;
1947
1948 if (ev2->num_bis < iso_pi(sk)->bc_num_bis)
1949 iso_pi(sk)->bc_num_bis = ev2->num_bis;
1950
1951 if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) &&
1952 !test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
1953 err = hci_le_big_create_sync(hdev, NULL,
1954 &iso_pi(sk)->qos,
1955 iso_pi(sk)->sync_handle,
1956 iso_pi(sk)->bc_num_bis,
1957 iso_pi(sk)->bc_bis);
1958 if (err) {
1959 bt_dev_err(hdev, "hci_le_big_create_sync: %d",
1960 err);
1961 sock_put(sk);
1962 sk = NULL;
1963 }
1964 }
1965 }
1966
1967 goto done;
1968 }
1969
1970 ev3 = hci_recv_event_data(hdev, HCI_EV_LE_PER_ADV_REPORT);
1971 if (ev3) {
1972 size_t base_len = 0;
1973 u8 *base;
1974 struct hci_conn *hcon;
1975
1976 sk = iso_get_sock(&hdev->bdaddr, bdaddr, BT_LISTEN,
1977 iso_match_sync_handle_pa_report, ev3);
1978 if (!sk)
1979 goto done;
1980
1981 hcon = iso_pi(sk)->conn->hcon;
1982 if (!hcon)
1983 goto done;
1984
1985 if (ev3->data_status == LE_PA_DATA_TRUNCATED) {
1986 /* The controller was unable to retrieve PA data. */
1987 memset(hcon->le_per_adv_data, 0,
1988 HCI_MAX_PER_AD_TOT_LEN);
1989 hcon->le_per_adv_data_len = 0;
1990 hcon->le_per_adv_data_offset = 0;
1991 goto done;
1992 }
1993
1994 if (hcon->le_per_adv_data_offset + ev3->length >
1995 HCI_MAX_PER_AD_TOT_LEN)
1996 goto done;
1997
1998 memcpy(hcon->le_per_adv_data + hcon->le_per_adv_data_offset,
1999 ev3->data, ev3->length);
2000 hcon->le_per_adv_data_offset += ev3->length;
2001
2002 if (ev3->data_status == LE_PA_DATA_COMPLETE) {
2003 /* All PA data has been received. */
2004 hcon->le_per_adv_data_len =
2005 hcon->le_per_adv_data_offset;
2006 hcon->le_per_adv_data_offset = 0;
2007
2008 /* Extract BASE */
2009 base = eir_get_service_data(hcon->le_per_adv_data,
2010 hcon->le_per_adv_data_len,
2011 EIR_BAA_SERVICE_UUID,
2012 &base_len);
2013
2014 if (!base || base_len > BASE_MAX_LENGTH)
2015 goto done;
2016
2017 memcpy(iso_pi(sk)->base, base, base_len);
2018 iso_pi(sk)->base_len = base_len;
2019 } else {
2020 /* This is a PA data fragment. Keep pa_data_len set to 0
2021 * until all data has been reassembled.
2022 */
2023 hcon->le_per_adv_data_len = 0;
2024 }
2025 } else {
2026 sk = iso_get_sock(&hdev->bdaddr, BDADDR_ANY,
2027 BT_LISTEN, NULL, NULL);
2028 }
2029
2030 done:
2031 if (!sk)
2032 return 0;
2033
2034 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
2035 *flags |= HCI_PROTO_DEFER;
2036
2037 sock_put(sk);
2038
2039 return HCI_LM_ACCEPT;
2040 }
2041
2042 static void iso_connect_cfm(struct hci_conn *hcon, __u8 status)
2043 {
2044 if (hcon->type != ISO_LINK) {
2045 if (hcon->type != LE_LINK)
2046 return;
2047
2048 /* Check if LE link has failed */
2049 if (status) {
2050 struct hci_link *link, *t;
2051
2052 list_for_each_entry_safe(link, t, &hcon->link_list,
2053 list)
2054 iso_conn_del(link->conn, bt_to_errno(status));
2055
2056 return;
2057 }
2058
2059 /* Create CIS if pending */
2060 hci_le_create_cis_pending(hcon->hdev);
2061 return;
2062 }
2063
2064 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
2065
2066 /* Similar to the success case, if HCI_CONN_BIG_SYNC_FAILED or
2067 * HCI_CONN_PA_SYNC_FAILED is set, queue the failed connection
2068 * into the accept queue of the listening socket and wake up
2069 * userspace, to inform the user about the event.
2070 */
2071 if (!status || test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags) ||
2072 test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) {
2073 struct iso_conn *conn;
2074
2075 conn = iso_conn_add(hcon);
2076 if (conn)
2077 iso_conn_ready(conn);
2078 } else {
2079 iso_conn_del(hcon, bt_to_errno(status));
2080 }
2081 }
2082
2083 static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason)
2084 {
2085 if (hcon->type != ISO_LINK)
2086 return;
2087
2088 BT_DBG("hcon %p reason %d", hcon, reason);
2089
2090 iso_conn_del(hcon, bt_to_errno(reason));
2091 }
2092
2093 void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2094 {
2095 struct iso_conn *conn = hcon->iso_data;
2096 __u16 pb, ts, len;
2097
2098 if (!conn)
2099 goto drop;
2100
2101 pb = hci_iso_flags_pb(flags);
2102 ts = hci_iso_flags_ts(flags);
2103
2104 BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts);
2105
2106 switch (pb) {
2107 case ISO_START:
2108 case ISO_SINGLE:
2109 if (conn->rx_len) {
2110 BT_ERR("Unexpected start frame (len %d)", skb->len);
2111 kfree_skb(conn->rx_skb);
2112 conn->rx_skb = NULL;
2113 conn->rx_len = 0;
2114 }
2115
2116 if (ts) {
2117 struct hci_iso_ts_data_hdr *hdr;
2118
2119 /* TODO: add timestamp to the packet? */
2120 hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE);
2121 if (!hdr) {
2122 BT_ERR("Frame is too short (len %d)", skb->len);
2123 goto drop;
2124 }
2125
2126 len = __le16_to_cpu(hdr->slen);
2127 } else {
2128 struct hci_iso_data_hdr *hdr;
2129
2130 hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE);
2131 if (!hdr) {
2132 BT_ERR("Frame is too short (len %d)", skb->len);
2133 goto drop;
2134 }
2135
2136 len = __le16_to_cpu(hdr->slen);
2137 }
2138
2139 flags = hci_iso_data_flags(len);
2140 len = hci_iso_data_len(len);
2141
2142 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len,
2143 skb->len, flags);
2144
2145 if (len == skb->len) {
2146 /* Complete frame received */
2147 hci_skb_pkt_status(skb) = flags & 0x03;
2148 iso_recv_frame(conn, skb);
2149 return;
2150 }
2151
2152 if (pb == ISO_SINGLE) {
2153 BT_ERR("Frame malformed (len %d, expected len %d)",
2154 skb->len, len);
2155 goto drop;
2156 }
2157
2158 if (skb->len > len) {
2159 BT_ERR("Frame is too long (len %d, expected len %d)",
2160 skb->len, len);
2161 goto drop;
2162 }
2163
2164 /* Allocate skb for the complete frame (with header) */
2165 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL);
2166 if (!conn->rx_skb)
2167 goto drop;
2168
2169 hci_skb_pkt_status(conn->rx_skb) = flags & 0x03;
2170 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2171 skb->len);
2172 conn->rx_len = len - skb->len;
2173 break;
2174
2175 case ISO_CONT:
2176 BT_DBG("Cont: frag len %d (expecting %d)", skb->len,
2177 conn->rx_len);
2178
2179 if (!conn->rx_len) {
2180 BT_ERR("Unexpected continuation frame (len %d)",
2181 skb->len);
2182 goto drop;
2183 }
2184
2185 if (skb->len > conn->rx_len) {
2186 BT_ERR("Fragment is too long (len %d, expected %d)",
2187 skb->len, conn->rx_len);
2188 kfree_skb(conn->rx_skb);
2189 conn->rx_skb = NULL;
2190 conn->rx_len = 0;
2191 goto drop;
2192 }
2193
2194 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2195 skb->len);
2196 conn->rx_len -= skb->len;
2197 return;
2198
2199 case ISO_END:
2200 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2201 skb->len);
2202 conn->rx_len -= skb->len;
2203
2204 if (!conn->rx_len) {
2205 struct sk_buff *rx_skb = conn->rx_skb;
2206
2207 /* Complete frame received. iso_recv_frame
2208 * takes ownership of the skb so set the global
2209 * rx_skb pointer to NULL first.
2210 */
2211 conn->rx_skb = NULL;
2212 iso_recv_frame(conn, rx_skb);
2213 }
2214 break;
2215 }
2216
2217 drop:
2218 kfree_skb(skb);
2219 }
2220
2221 static struct hci_cb iso_cb = {
2222 .name = "ISO",
2223 .connect_cfm = iso_connect_cfm,
2224 .disconn_cfm = iso_disconn_cfm,
2225 };
2226
2227 static int iso_debugfs_show(struct seq_file *f, void *p)
2228 {
2229 struct sock *sk;
2230
2231 read_lock(&iso_sk_list.lock);
2232
2233 sk_for_each(sk, &iso_sk_list.head) {
2234 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src,
2235 &iso_pi(sk)->dst, sk->sk_state);
2236 }
2237
2238 read_unlock(&iso_sk_list.lock);
2239
2240 return 0;
2241 }
2242
2243 DEFINE_SHOW_ATTRIBUTE(iso_debugfs);
2244
2245 static struct dentry *iso_debugfs;
2246
2247 static const struct proto_ops iso_sock_ops = {
2248 .family = PF_BLUETOOTH,
2249 .owner = THIS_MODULE,
2250 .release = iso_sock_release,
2251 .bind = iso_sock_bind,
2252 .connect = iso_sock_connect,
2253 .listen = iso_sock_listen,
2254 .accept = iso_sock_accept,
2255 .getname = iso_sock_getname,
2256 .sendmsg = iso_sock_sendmsg,
2257 .recvmsg = iso_sock_recvmsg,
2258 .poll = bt_sock_poll,
2259 .ioctl = bt_sock_ioctl,
2260 .mmap = sock_no_mmap,
2261 .socketpair = sock_no_socketpair,
2262 .shutdown = iso_sock_shutdown,
2263 .setsockopt = iso_sock_setsockopt,
2264 .getsockopt = iso_sock_getsockopt
2265 };
2266
2267 static const struct net_proto_family iso_sock_family_ops = {
2268 .family = PF_BLUETOOTH,
2269 .owner = THIS_MODULE,
2270 .create = iso_sock_create,
2271 };
2272
2273 static bool iso_inited;
2274
2275 bool iso_enabled(void)
2276 {
2277 return iso_inited;
2278 }
2279
2280 int iso_init(void)
2281 {
2282 int err;
2283
2284 BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr));
2285
2286 if (iso_inited)
2287 return -EALREADY;
2288
2289 err = proto_register(&iso_proto, 0);
2290 if (err < 0)
2291 return err;
2292
2293 err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops);
2294 if (err < 0) {
2295 BT_ERR("ISO socket registration failed");
2296 goto error;
2297 }
2298
2299 err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL);
2300 if (err < 0) {
2301 BT_ERR("Failed to create ISO proc file");
2302 bt_sock_unregister(BTPROTO_ISO);
2303 goto error;
2304 }
2305
2306 BT_INFO("ISO socket layer initialized");
2307
2308 hci_register_cb(&iso_cb);
2309
2310 if (IS_ERR_OR_NULL(bt_debugfs))
2311 return 0;
2312
2313 if (!iso_debugfs) {
2314 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs,
2315 NULL, &iso_debugfs_fops);
2316 }
2317
2318 iso_inited = true;
2319
2320 return 0;
2321
2322 error:
2323 proto_unregister(&iso_proto);
2324 return err;
2325 }
2326
2327 int iso_exit(void)
2328 {
2329 if (!iso_inited)
2330 return -EALREADY;
2331
2332 bt_procfs_cleanup(&init_net, "iso");
2333
2334 debugfs_remove(iso_debugfs);
2335 iso_debugfs = NULL;
2336
2337 hci_unregister_cb(&iso_cb);
2338
2339 bt_sock_unregister(BTPROTO_ISO);
2340
2341 proto_unregister(&iso_proto);
2342
2343 iso_inited = false;
2344
2345 return 0;
2346 }
Linux kernel stable tree