net/bluetooth/iso.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 /*
   3  * BlueZ - Bluetooth protocol stack for Linux
   4  *
   5  * Copyright (C) 2022 Intel Corporation
   6  * Copyright 2023 NXP
   7  */
   8
   9 #include <linux/module.h>
  10 #include <linux/debugfs.h>
  11 #include <linux/seq_file.h>
  12 #include <linux/sched/signal.h>
  13
  14 #include <net/bluetooth/bluetooth.h>
  15 #include <net/bluetooth/hci_core.h>
  16 #include <net/bluetooth/iso.h>
  17
  18 static const struct proto_ops iso_sock_ops;
  19
  20 static struct bt_sock_list iso_sk_list = {
  21         .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock)
  22 };
  23
  24 /* ---- ISO connections ---- */
  25 struct iso_conn {
  26         struct hci_conn *hcon;
  27
  28         /* @lock: spinlock protecting changes to iso_conn fields */
  29         spinlock_t      lock;
  30         struct sock     *sk;
  31
  32         struct delayed_work     timeout_work;
  33
  34         struct sk_buff  *rx_skb;
  35         __u32           rx_len;
  36         __u16           tx_sn;
  37 };
  38
  39 #define iso_conn_lock(c)        spin_lock(&(c)->lock)
  40 #define iso_conn_unlock(c)      spin_unlock(&(c)->lock)
  41
  42 static void iso_sock_close(struct sock *sk);
  43 static void iso_sock_kill(struct sock *sk);
  44
  45 /* ----- ISO socket info ----- */
  46 #define iso_pi(sk) ((struct iso_pinfo *)sk)
  47
  48 #define EIR_SERVICE_DATA_LENGTH 4
  49 #define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH)
  50
  51 /* iso_pinfo flags values */
  52 enum {
  53         BT_SK_BIG_SYNC,
  54         BT_SK_PA_SYNC,
  55         BT_SK_PA_SYNC_TERM,
  56 };
  57
  58 struct iso_pinfo {
  59         struct bt_sock          bt;
  60         bdaddr_t                src;
  61         __u8                    src_type;
  62         bdaddr_t                dst;
  63         __u8                    dst_type;
  64         __u8                    bc_sid;
  65         __u8                    bc_num_bis;
  66         __u8                    bc_bis[ISO_MAX_NUM_BIS];
  67         __u16                   sync_handle;
  68         unsigned long           flags;
  69         struct bt_iso_qos       qos;
  70         bool                    qos_user_set;
  71         __u8                    base_len;
  72         __u8                    base[BASE_MAX_LENGTH];
  73         struct iso_conn         *conn;
  74 };
  75
  76 static struct bt_iso_qos default_qos;
  77
  78 static bool check_ucast_qos(struct bt_iso_qos *qos);
  79 static bool check_bcast_qos(struct bt_iso_qos *qos);
  80 static bool iso_match_sid(struct sock *sk, void *data);
  81 static bool iso_match_sync_handle(struct sock *sk, void *data);
  82 static void iso_sock_disconn(struct sock *sk);
  83
  84 typedef bool (*iso_sock_match_t)(struct sock *sk, void *data);
  85
  86 static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst,
  87                                         iso_sock_match_t match, void *data);
  88
  89 /* ---- ISO timers ---- */
  90 #define ISO_CONN_TIMEOUT        (HZ * 40)
  91 #define ISO_DISCONN_TIMEOUT     (HZ * 2)
  92
  93 static void iso_sock_timeout(struct work_struct *work)
  94 {
  95         struct iso_conn *conn = container_of(work, struct iso_conn,
  96                                              timeout_work.work);
  97         struct sock *sk;
  98
  99         iso_conn_lock(conn);
 100         sk = conn->sk;
 101         if (sk)
 102                 sock_hold(sk);
 103         iso_conn_unlock(conn);
 104
 105         if (!sk)
 106                 return;
 107
 108         BT_DBG("sock %p state %d", sk, sk->sk_state);
 109
 110         lock_sock(sk);
 111         sk->sk_err = ETIMEDOUT;
 112         sk->sk_state_change(sk);
 113         release_sock(sk);
 114         sock_put(sk);
 115 }
 116
 117 static void iso_sock_set_timer(struct sock *sk, long timeout)
 118 {
 119         if (!iso_pi(sk)->conn)
 120                 return;
 121
 122         BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
 123         cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
 124         schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout);
 125 }
 126
 127 static void iso_sock_clear_timer(struct sock *sk)
 128 {
 129         if (!iso_pi(sk)->conn)
 130                 return;
 131
 132         BT_DBG("sock %p state %d", sk, sk->sk_state);
 133         cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
 134 }
 135
 136 /* ---- ISO connections ---- */
 137 static struct iso_conn *iso_conn_add(struct hci_conn *hcon)
 138 {
 139         struct iso_conn *conn = hcon->iso_data;
 140
 141         if (conn) {
 142                 if (!conn->hcon)
 143                         conn->hcon = hcon;
 144                 return conn;
 145         }
 146
 147         conn = kzalloc(sizeof(*conn), GFP_KERNEL);
 148         if (!conn)
 149                 return NULL;
 150
 151         spin_lock_init(&conn->lock);
 152         INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout);
 153
 154         hcon->iso_data = conn;
 155         conn->hcon = hcon;
 156         conn->tx_sn = 0;
 157
 158         BT_DBG("hcon %p conn %p", hcon, conn);
 159
 160         return conn;
 161 }
 162
 163 /* Delete channel. Must be called on the locked socket. */
 164 static void iso_chan_del(struct sock *sk, int err)
 165 {
 166         struct iso_conn *conn;
 167         struct sock *parent;
 168
 169         conn = iso_pi(sk)->conn;
 170
 171         BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
 172
 173         if (conn) {
 174                 iso_conn_lock(conn);
 175                 conn->sk = NULL;
 176                 iso_pi(sk)->conn = NULL;
 177                 iso_conn_unlock(conn);
 178
 179                 if (conn->hcon)
 180                         hci_conn_drop(conn->hcon);
 181         }
 182
 183         sk->sk_state = BT_CLOSED;
 184         sk->sk_err   = err;
 185
 186         parent = bt_sk(sk)->parent;
 187         if (parent) {
 188                 bt_accept_unlink(sk);
 189                 parent->sk_data_ready(parent);
 190         } else {
 191                 sk->sk_state_change(sk);
 192         }
 193
 194         sock_set_flag(sk, SOCK_ZAPPED);
 195 }
 196
 197 static bool iso_match_conn_sync_handle(struct sock *sk, void *data)
 198 {
 199         struct hci_conn *hcon = data;
 200
 201         if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags))
 202                 return false;
 203
 204         return hcon->sync_handle == iso_pi(sk)->sync_handle;
 205 }
 206
 207 static void iso_conn_del(struct hci_conn *hcon, int err)
 208 {
 209         struct iso_conn *conn = hcon->iso_data;
 210         struct sock *sk;
 211         struct sock *parent;
 212
 213         if (!conn)
 214                 return;
 215
 216         BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
 217
 218         /* Kill socket */
 219         iso_conn_lock(conn);
 220         sk = conn->sk;
 221         if (sk)
 222                 sock_hold(sk);
 223         iso_conn_unlock(conn);
 224
 225         if (sk) {
 226                 lock_sock(sk);
 227
 228                 /* While a PA sync hcon is in the process of closing,
 229                  * mark parent socket with a flag, so that any residual
 230                  * BIGInfo adv reports that arrive before PA sync is
 231                  * terminated are not processed anymore.
 232                  */
 233                 if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) {
 234                         parent = iso_get_sock_listen(&hcon->src,
 235                                                      &hcon->dst,
 236                                                      iso_match_conn_sync_handle,
 237                                                      hcon);
 238
 239                         if (parent) {
 240                                 set_bit(BT_SK_PA_SYNC_TERM,
 241                                         &iso_pi(parent)->flags);
 242                                 sock_put(parent);
 243                         }
 244                 }
 245
 246                 iso_sock_clear_timer(sk);
 247                 iso_chan_del(sk, err);
 248                 release_sock(sk);
 249                 sock_put(sk);
 250         }
 251
 252         /* Ensure no more work items will run before freeing conn. */
 253         cancel_delayed_work_sync(&conn->timeout_work);
 254
 255         hcon->iso_data = NULL;
 256         kfree(conn);
 257 }
 258
 259 static int __iso_chan_add(struct iso_conn *conn, struct sock *sk,
 260                           struct sock *parent)
 261 {
 262         BT_DBG("conn %p", conn);
 263
 264         if (iso_pi(sk)->conn == conn && conn->sk == sk)
 265                 return 0;
 266
 267         if (conn->sk) {
 268                 BT_ERR("conn->sk already set");
 269                 return -EBUSY;
 270         }
 271
 272         iso_pi(sk)->conn = conn;
 273         conn->sk = sk;
 274
 275         if (parent)
 276                 bt_accept_enqueue(parent, sk, true);
 277
 278         return 0;
 279 }
 280
 281 static int iso_chan_add(struct iso_conn *conn, struct sock *sk,
 282                         struct sock *parent)
 283 {
 284         int err;
 285
 286         iso_conn_lock(conn);
 287         err = __iso_chan_add(conn, sk, parent);
 288         iso_conn_unlock(conn);
 289
 290         return err;
 291 }
 292
 293 static inline u8 le_addr_type(u8 bdaddr_type)
 294 {
 295         if (bdaddr_type == BDADDR_LE_PUBLIC)
 296                 return ADDR_LE_DEV_PUBLIC;
 297         else
 298                 return ADDR_LE_DEV_RANDOM;
 299 }
 300
 301 static int iso_connect_bis(struct sock *sk)
 302 {
 303         struct iso_conn *conn;
 304         struct hci_conn *hcon;
 305         struct hci_dev  *hdev;
 306         int err;
 307
 308         BT_DBG("%pMR", &iso_pi(sk)->src);
 309
 310         hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
 311                              iso_pi(sk)->src_type);
 312         if (!hdev)
 313                 return -EHOSTUNREACH;
 314
 315         hci_dev_lock(hdev);
 316
 317         if (!bis_capable(hdev)) {
 318                 err = -EOPNOTSUPP;
 319                 goto unlock;
 320         }
 321
 322         /* Fail if user set invalid QoS */
 323         if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) {
 324                 iso_pi(sk)->qos = default_qos;
 325                 err = -EINVAL;
 326                 goto unlock;
 327         }
 328
 329         /* Fail if out PHYs are marked as disabled */
 330         if (!iso_pi(sk)->qos.bcast.out.phy) {
 331                 err = -EINVAL;
 332                 goto unlock;
 333         }
 334
 335         /* Just bind if DEFER_SETUP has been set */
 336         if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
 337                 hcon = hci_bind_bis(hdev, &iso_pi(sk)->dst,
 338                                     &iso_pi(sk)->qos, iso_pi(sk)->base_len,
 339                                     iso_pi(sk)->base);
 340                 if (IS_ERR(hcon)) {
 341                         err = PTR_ERR(hcon);
 342                         goto unlock;
 343                 }
 344         } else {
 345                 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst,
 346                                        le_addr_type(iso_pi(sk)->dst_type),
 347                                        &iso_pi(sk)->qos, iso_pi(sk)->base_len,
 348                                        iso_pi(sk)->base);
 349                 if (IS_ERR(hcon)) {
 350                         err = PTR_ERR(hcon);
 351                         goto unlock;
 352                 }
 353         }
 354
 355         conn = iso_conn_add(hcon);
 356         if (!conn) {
 357                 hci_conn_drop(hcon);
 358                 err = -ENOMEM;
 359                 goto unlock;
 360         }
 361
 362         lock_sock(sk);
 363
 364         err = iso_chan_add(conn, sk, NULL);
 365         if (err) {
 366                 release_sock(sk);
 367                 goto unlock;
 368         }
 369
 370         /* Update source addr of the socket */
 371         bacpy(&iso_pi(sk)->src, &hcon->src);
 372
 373         if (hcon->state == BT_CONNECTED) {
 374                 iso_sock_clear_timer(sk);
 375                 sk->sk_state = BT_CONNECTED;
 376         } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
 377                 iso_sock_clear_timer(sk);
 378                 sk->sk_state = BT_CONNECT;
 379         } else {
 380                 sk->sk_state = BT_CONNECT;
 381                 iso_sock_set_timer(sk, sk->sk_sndtimeo);
 382         }
 383
 384         release_sock(sk);
 385
 386 unlock:
 387         hci_dev_unlock(hdev);
 388         hci_dev_put(hdev);
 389         return err;
 390 }
 391
 392 static int iso_connect_cis(struct sock *sk)
 393 {
 394         struct iso_conn *conn;
 395         struct hci_conn *hcon;
 396         struct hci_dev  *hdev;
 397         int err;
 398
 399         BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst);
 400
 401         hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
 402                              iso_pi(sk)->src_type);
 403         if (!hdev)
 404                 return -EHOSTUNREACH;
 405
 406         hci_dev_lock(hdev);
 407
 408         if (!cis_central_capable(hdev)) {
 409                 err = -EOPNOTSUPP;
 410                 goto unlock;
 411         }
 412
 413         /* Fail if user set invalid QoS */
 414         if (iso_pi(sk)->qos_user_set && !check_ucast_qos(&iso_pi(sk)->qos)) {
 415                 iso_pi(sk)->qos = default_qos;
 416                 err = -EINVAL;
 417                 goto unlock;
 418         }
 419
 420         /* Fail if either PHYs are marked as disabled */
 421         if (!iso_pi(sk)->qos.ucast.in.phy && !iso_pi(sk)->qos.ucast.out.phy) {
 422                 err = -EINVAL;
 423                 goto unlock;
 424         }
 425
 426         /* Just bind if DEFER_SETUP has been set */
 427         if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
 428                 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst,
 429                                     le_addr_type(iso_pi(sk)->dst_type),
 430                                     &iso_pi(sk)->qos);
 431                 if (IS_ERR(hcon)) {
 432                         err = PTR_ERR(hcon);
 433                         goto unlock;
 434                 }
 435         } else {
 436                 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst,
 437                                        le_addr_type(iso_pi(sk)->dst_type),
 438                                        &iso_pi(sk)->qos);
 439                 if (IS_ERR(hcon)) {
 440                         err = PTR_ERR(hcon);
 441                         goto unlock;
 442                 }
 443         }
 444
 445         conn = iso_conn_add(hcon);
 446         if (!conn) {
 447                 hci_conn_drop(hcon);
 448                 err = -ENOMEM;
 449                 goto unlock;
 450         }
 451
 452         lock_sock(sk);
 453
 454         err = iso_chan_add(conn, sk, NULL);
 455         if (err) {
 456                 release_sock(sk);
 457                 goto unlock;
 458         }
 459
 460         /* Update source addr of the socket */
 461         bacpy(&iso_pi(sk)->src, &hcon->src);
 462
 463         if (hcon->state == BT_CONNECTED) {
 464                 iso_sock_clear_timer(sk);
 465                 sk->sk_state = BT_CONNECTED;
 466         } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
 467                 iso_sock_clear_timer(sk);
 468                 sk->sk_state = BT_CONNECT;
 469         } else {
 470                 sk->sk_state = BT_CONNECT;
 471                 iso_sock_set_timer(sk, sk->sk_sndtimeo);
 472         }
 473
 474         release_sock(sk);
 475
 476 unlock:
 477         hci_dev_unlock(hdev);
 478         hci_dev_put(hdev);
 479         return err;
 480 }
 481
 482 static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk)
 483 {
 484         if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2)
 485                 return &iso_pi(sk)->conn->hcon->iso_qos;
 486
 487         return &iso_pi(sk)->qos;
 488 }
 489
 490 static int iso_send_frame(struct sock *sk, struct sk_buff *skb)
 491 {
 492         struct iso_conn *conn = iso_pi(sk)->conn;
 493         struct bt_iso_qos *qos = iso_sock_get_qos(sk);
 494         struct hci_iso_data_hdr *hdr;
 495         int len = 0;
 496
 497         BT_DBG("sk %p len %d", sk, skb->len);
 498
 499         if (skb->len > qos->ucast.out.sdu)
 500                 return -EMSGSIZE;
 501
 502         len = skb->len;
 503
 504         /* Push ISO data header */
 505         hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE);
 506         hdr->sn = cpu_to_le16(conn->tx_sn++);
 507         hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len,
 508                                                       HCI_ISO_STATUS_VALID));
 509
 510         if (sk->sk_state == BT_CONNECTED)
 511                 hci_send_iso(conn->hcon, skb);
 512         else
 513                 len = -ENOTCONN;
 514
 515         return len;
 516 }
 517
 518 static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb)
 519 {
 520         struct sock *sk;
 521
 522         iso_conn_lock(conn);
 523         sk = conn->sk;
 524         iso_conn_unlock(conn);
 525
 526         if (!sk)
 527                 goto drop;
 528
 529         BT_DBG("sk %p len %d", sk, skb->len);
 530
 531         if (sk->sk_state != BT_CONNECTED)
 532                 goto drop;
 533
 534         if (!sock_queue_rcv_skb(sk, skb))
 535                 return;
 536
 537 drop:
 538         kfree_skb(skb);
 539 }
 540
 541 /* -------- Socket interface ---------- */
 542 static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *src, bdaddr_t *dst)
 543 {
 544         struct sock *sk;
 545
 546         sk_for_each(sk, &iso_sk_list.head) {
 547                 if (sk->sk_state != BT_LISTEN)
 548                         continue;
 549
 550                 if (bacmp(&iso_pi(sk)->dst, dst))
 551                         continue;
 552
 553                 if (!bacmp(&iso_pi(sk)->src, src))
 554                         return sk;
 555         }
 556
 557         return NULL;
 558 }
 559
 560 static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc,
 561                                                  __u8 sid)
 562 {
 563         struct sock *sk;
 564
 565         sk_for_each(sk, &iso_sk_list.head) {
 566                 if (sk->sk_state != BT_LISTEN)
 567                         continue;
 568
 569                 if (bacmp(&iso_pi(sk)->src, ba))
 570                         continue;
 571
 572                 if (bacmp(&iso_pi(sk)->dst, bc))
 573                         continue;
 574
 575                 if (iso_pi(sk)->bc_sid == sid)
 576                         return sk;
 577         }
 578
 579         return NULL;
 580 }
 581
 582 /* Find socket listening:
 583  * source bdaddr (Unicast)
 584  * destination bdaddr (Broadcast only)
 585  * match func - pass NULL to ignore
 586  * match func data - pass -1 to ignore
 587  * Returns closest match.
 588  */
 589 static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst,
 590                                         iso_sock_match_t match, void *data)
 591 {
 592         struct sock *sk = NULL, *sk1 = NULL;
 593
 594         read_lock(&iso_sk_list.lock);
 595
 596         sk_for_each(sk, &iso_sk_list.head) {
 597                 if (sk->sk_state != BT_LISTEN)
 598                         continue;
 599
 600                 /* Match Broadcast destination */
 601                 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst))
 602                         continue;
 603
 604                 /* Use Match function if provided */
 605                 if (match && !match(sk, data))
 606                         continue;
 607
 608                 /* Exact match. */
 609                 if (!bacmp(&iso_pi(sk)->src, src))
 610                         break;
 611
 612                 /* Closest match */
 613                 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY))
 614                         sk1 = sk;
 615         }
 616
 617         read_unlock(&iso_sk_list.lock);
 618
 619         return sk ? sk : sk1;
 620 }
 621
 622 static void iso_sock_destruct(struct sock *sk)
 623 {
 624         BT_DBG("sk %p", sk);
 625
 626         skb_queue_purge(&sk->sk_receive_queue);
 627         skb_queue_purge(&sk->sk_write_queue);
 628 }
 629
 630 static void iso_sock_cleanup_listen(struct sock *parent)
 631 {
 632         struct sock *sk;
 633
 634         BT_DBG("parent %p", parent);
 635
 636         /* Close not yet accepted channels */
 637         while ((sk = bt_accept_dequeue(parent, NULL))) {
 638                 iso_sock_close(sk);
 639                 iso_sock_kill(sk);
 640         }
 641
 642         /* If listening socket stands for a PA sync connection,
 643          * properly disconnect the hcon and socket.
 644          */
 645         if (iso_pi(parent)->conn && iso_pi(parent)->conn->hcon &&
 646             test_bit(HCI_CONN_PA_SYNC, &iso_pi(parent)->conn->hcon->flags)) {
 647                 iso_sock_disconn(parent);
 648                 return;
 649         }
 650
 651         parent->sk_state  = BT_CLOSED;
 652         sock_set_flag(parent, SOCK_ZAPPED);
 653 }
 654
 655 /* Kill socket (only if zapped and orphan)
 656  * Must be called on unlocked socket.
 657  */
 658 static void iso_sock_kill(struct sock *sk)
 659 {
 660         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
 661             sock_flag(sk, SOCK_DEAD))
 662                 return;
 663
 664         BT_DBG("sk %p state %d", sk, sk->sk_state);
 665
 666         /* Kill poor orphan */
 667         bt_sock_unlink(&iso_sk_list, sk);
 668         sock_set_flag(sk, SOCK_DEAD);
 669         sock_put(sk);
 670 }
 671
 672 static void iso_sock_disconn(struct sock *sk)
 673 {
 674         sk->sk_state = BT_DISCONN;
 675         iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT);
 676         iso_conn_lock(iso_pi(sk)->conn);
 677         hci_conn_drop(iso_pi(sk)->conn->hcon);
 678         iso_pi(sk)->conn->hcon = NULL;
 679         iso_conn_unlock(iso_pi(sk)->conn);
 680 }
 681
 682 static void __iso_sock_close(struct sock *sk)
 683 {
 684         BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
 685
 686         switch (sk->sk_state) {
 687         case BT_LISTEN:
 688                 iso_sock_cleanup_listen(sk);
 689                 break;
 690
 691         case BT_CONNECT:
 692         case BT_CONNECTED:
 693         case BT_CONFIG:
 694                 if (iso_pi(sk)->conn->hcon)
 695                         iso_sock_disconn(sk);
 696                 else
 697                         iso_chan_del(sk, ECONNRESET);
 698                 break;
 699
 700         case BT_CONNECT2:
 701                 if (iso_pi(sk)->conn->hcon &&
 702                     (test_bit(HCI_CONN_PA_SYNC, &iso_pi(sk)->conn->hcon->flags) ||
 703                     test_bit(HCI_CONN_PA_SYNC_FAILED, &iso_pi(sk)->conn->hcon->flags)))
 704                         iso_sock_disconn(sk);
 705                 else
 706                         iso_chan_del(sk, ECONNRESET);
 707                 break;
 708         case BT_DISCONN:
 709                 iso_chan_del(sk, ECONNRESET);
 710                 break;
 711
 712         default:
 713                 sock_set_flag(sk, SOCK_ZAPPED);
 714                 break;
 715         }
 716 }
 717
 718 /* Must be called on unlocked socket. */
 719 static void iso_sock_close(struct sock *sk)
 720 {
 721         iso_sock_clear_timer(sk);
 722         lock_sock(sk);
 723         __iso_sock_close(sk);
 724         release_sock(sk);
 725         iso_sock_kill(sk);
 726 }
 727
 728 static void iso_sock_init(struct sock *sk, struct sock *parent)
 729 {
 730         BT_DBG("sk %p", sk);
 731
 732         if (parent) {
 733                 sk->sk_type = parent->sk_type;
 734                 bt_sk(sk)->flags = bt_sk(parent)->flags;
 735                 security_sk_clone(parent, sk);
 736         }
 737 }
 738
 739 static struct proto iso_proto = {
 740         .name           = "ISO",
 741         .owner          = THIS_MODULE,
 742         .obj_size       = sizeof(struct iso_pinfo)
 743 };
 744
 745 #define DEFAULT_IO_QOS \
 746 { \
 747         .interval       = 10000u, \
 748         .latency        = 10u, \
 749         .sdu            = 40u, \
 750         .phy            = BT_ISO_PHY_2M, \
 751         .rtn            = 2u, \
 752 }
 753
 754 static struct bt_iso_qos default_qos = {
 755         .bcast = {
 756                 .big                    = BT_ISO_QOS_BIG_UNSET,
 757                 .bis                    = BT_ISO_QOS_BIS_UNSET,
 758                 .sync_factor            = 0x01,
 759                 .packing                = 0x00,
 760                 .framing                = 0x00,
 761                 .in                     = DEFAULT_IO_QOS,
 762                 .out                    = DEFAULT_IO_QOS,
 763                 .encryption             = 0x00,
 764                 .bcode                  = {0x00},
 765                 .options                = 0x00,
 766                 .skip                   = 0x0000,
 767                 .sync_timeout           = 0x4000,
 768                 .sync_cte_type          = 0x00,
 769                 .mse                    = 0x00,
 770                 .timeout                = 0x4000,
 771         },
 772 };
 773
 774 static struct sock *iso_sock_alloc(struct net *net, struct socket *sock,
 775                                    int proto, gfp_t prio, int kern)
 776 {
 777         struct sock *sk;
 778
 779         sk = bt_sock_alloc(net, sock, &iso_proto, proto, prio, kern);
 780         if (!sk)
 781                 return NULL;
 782
 783         sk->sk_destruct = iso_sock_destruct;
 784         sk->sk_sndtimeo = ISO_CONN_TIMEOUT;
 785
 786         /* Set address type as public as default src address is BDADDR_ANY */
 787         iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
 788
 789         iso_pi(sk)->qos = default_qos;
 790
 791         bt_sock_link(&iso_sk_list, sk);
 792         return sk;
 793 }
 794
 795 static int iso_sock_create(struct net *net, struct socket *sock, int protocol,
 796                            int kern)
 797 {
 798         struct sock *sk;
 799
 800         BT_DBG("sock %p", sock);
 801
 802         sock->state = SS_UNCONNECTED;
 803
 804         if (sock->type != SOCK_SEQPACKET)
 805                 return -ESOCKTNOSUPPORT;
 806
 807         sock->ops = &iso_sock_ops;
 808
 809         sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
 810         if (!sk)
 811                 return -ENOMEM;
 812
 813         iso_sock_init(sk, NULL);
 814         return 0;
 815 }
 816
 817 static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr,
 818                             int addr_len)
 819 {
 820         struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
 821         struct sock *sk = sock->sk;
 822         int i;
 823
 824         BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid,
 825                sa->iso_bc->bc_num_bis);
 826
 827         if (addr_len > sizeof(*sa) + sizeof(*sa->iso_bc) ||
 828             sa->iso_bc->bc_num_bis < 0x01 || sa->iso_bc->bc_num_bis > 0x1f)
 829                 return -EINVAL;
 830
 831         bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr);
 832         iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type;
 833         iso_pi(sk)->sync_handle = -1;
 834         iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid;
 835         iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis;
 836
 837         for (i = 0; i < iso_pi(sk)->bc_num_bis; i++) {
 838                 if (sa->iso_bc->bc_bis[i] < 0x01 ||
 839                     sa->iso_bc->bc_bis[i] > 0x1f)
 840                         return -EINVAL;
 841
 842                 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis,
 843                        iso_pi(sk)->bc_num_bis);
 844         }
 845
 846         return 0;
 847 }
 848
 849 static int iso_sock_bind(struct socket *sock, struct sockaddr *addr,
 850                          int addr_len)
 851 {
 852         struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
 853         struct sock *sk = sock->sk;
 854         int err = 0;
 855
 856         BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type);
 857
 858         if (!addr || addr_len < sizeof(struct sockaddr_iso) ||
 859             addr->sa_family != AF_BLUETOOTH)
 860                 return -EINVAL;
 861
 862         lock_sock(sk);
 863
 864         if (sk->sk_state != BT_OPEN) {
 865                 err = -EBADFD;
 866                 goto done;
 867         }
 868
 869         if (sk->sk_type != SOCK_SEQPACKET) {
 870                 err = -EINVAL;
 871                 goto done;
 872         }
 873
 874         /* Check if the address type is of LE type */
 875         if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) {
 876                 err = -EINVAL;
 877                 goto done;
 878         }
 879
 880         bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr);
 881         iso_pi(sk)->src_type = sa->iso_bdaddr_type;
 882
 883         /* Check for Broadcast address */
 884         if (addr_len > sizeof(*sa)) {
 885                 err = iso_sock_bind_bc(sock, addr, addr_len);
 886                 if (err)
 887                         goto done;
 888         }
 889
 890         sk->sk_state = BT_BOUND;
 891
 892 done:
 893         release_sock(sk);
 894         return err;
 895 }
 896
 897 static int iso_sock_connect(struct socket *sock, struct sockaddr *addr,
 898                             int alen, int flags)
 899 {
 900         struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
 901         struct sock *sk = sock->sk;
 902         int err;
 903
 904         BT_DBG("sk %p", sk);
 905
 906         if (alen < sizeof(struct sockaddr_iso) ||
 907             addr->sa_family != AF_BLUETOOTH)
 908                 return -EINVAL;
 909
 910         if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
 911                 return -EBADFD;
 912
 913         if (sk->sk_type != SOCK_SEQPACKET)
 914                 return -EINVAL;
 915
 916         /* Check if the address type is of LE type */
 917         if (!bdaddr_type_is_le(sa->iso_bdaddr_type))
 918                 return -EINVAL;
 919
 920         lock_sock(sk);
 921
 922         bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr);
 923         iso_pi(sk)->dst_type = sa->iso_bdaddr_type;
 924
 925         release_sock(sk);
 926
 927         if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
 928                 err = iso_connect_cis(sk);
 929         else
 930                 err = iso_connect_bis(sk);
 931
 932         if (err)
 933                 return err;
 934
 935         lock_sock(sk);
 936
 937         if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
 938                 err = bt_sock_wait_state(sk, BT_CONNECTED,
 939                                          sock_sndtimeo(sk, flags & O_NONBLOCK));
 940         }
 941
 942         release_sock(sk);
 943         return err;
 944 }
 945
 946 static int iso_listen_bis(struct sock *sk)
 947 {
 948         struct hci_dev *hdev;
 949         int err = 0;
 950
 951         BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src,
 952                &iso_pi(sk)->dst, iso_pi(sk)->bc_sid);
 953
 954         write_lock(&iso_sk_list.lock);
 955
 956         if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst,
 957                                          iso_pi(sk)->bc_sid))
 958                 err = -EADDRINUSE;
 959
 960         write_unlock(&iso_sk_list.lock);
 961
 962         if (err)
 963                 return err;
 964
 965         hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
 966                              iso_pi(sk)->src_type);
 967         if (!hdev)
 968                 return -EHOSTUNREACH;
 969
 970         /* Fail if user set invalid QoS */
 971         if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) {
 972                 iso_pi(sk)->qos = default_qos;
 973                 return -EINVAL;
 974         }
 975
 976         err = hci_pa_create_sync(hdev, &iso_pi(sk)->dst,
 977                                  le_addr_type(iso_pi(sk)->dst_type),
 978                                  iso_pi(sk)->bc_sid, &iso_pi(sk)->qos);
 979
 980         hci_dev_put(hdev);
 981
 982         return err;
 983 }
 984
 985 static int iso_listen_cis(struct sock *sk)
 986 {
 987         int err = 0;
 988
 989         BT_DBG("%pMR", &iso_pi(sk)->src);
 990
 991         write_lock(&iso_sk_list.lock);
 992
 993         if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src, &iso_pi(sk)->dst))
 994                 err = -EADDRINUSE;
 995
 996         write_unlock(&iso_sk_list.lock);
 997
 998         return err;
 999 }
1000
1001 static int iso_sock_listen(struct socket *sock, int backlog)
1002 {
1003         struct sock *sk = sock->sk;
1004         int err = 0;
1005
1006         BT_DBG("sk %p backlog %d", sk, backlog);
1007
1008         lock_sock(sk);
1009
1010         if (sk->sk_state != BT_BOUND) {
1011                 err = -EBADFD;
1012                 goto done;
1013         }
1014
1015         if (sk->sk_type != SOCK_SEQPACKET) {
1016                 err = -EINVAL;
1017                 goto done;
1018         }
1019
1020         if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
1021                 err = iso_listen_cis(sk);
1022         else
1023                 err = iso_listen_bis(sk);
1024
1025         if (err)
1026                 goto done;
1027
1028         sk->sk_max_ack_backlog = backlog;
1029         sk->sk_ack_backlog = 0;
1030
1031         sk->sk_state = BT_LISTEN;
1032
1033 done:
1034         release_sock(sk);
1035         return err;
1036 }
1037
1038 static int iso_sock_accept(struct socket *sock, struct socket *newsock,
1039                            int flags, bool kern)
1040 {
1041         DEFINE_WAIT_FUNC(wait, woken_wake_function);
1042         struct sock *sk = sock->sk, *ch;
1043         long timeo;
1044         int err = 0;
1045
1046         lock_sock(sk);
1047
1048         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1049
1050         BT_DBG("sk %p timeo %ld", sk, timeo);
1051
1052         /* Wait for an incoming connection. (wake-one). */
1053         add_wait_queue_exclusive(sk_sleep(sk), &wait);
1054         while (1) {
1055                 if (sk->sk_state != BT_LISTEN) {
1056                         err = -EBADFD;
1057                         break;
1058                 }
1059
1060                 ch = bt_accept_dequeue(sk, newsock);
1061                 if (ch)
1062                         break;
1063
1064                 if (!timeo) {
1065                         err = -EAGAIN;
1066                         break;
1067                 }
1068
1069                 if (signal_pending(current)) {
1070                         err = sock_intr_errno(timeo);
1071                         break;
1072                 }
1073
1074                 release_sock(sk);
1075
1076                 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
1077                 lock_sock(sk);
1078         }
1079         remove_wait_queue(sk_sleep(sk), &wait);
1080
1081         if (err)
1082                 goto done;
1083
1084         newsock->state = SS_CONNECTED;
1085
1086         BT_DBG("new socket %p", ch);
1087
1088 done:
1089         release_sock(sk);
1090         return err;
1091 }
1092
1093 static int iso_sock_getname(struct socket *sock, struct sockaddr *addr,
1094                             int peer)
1095 {
1096         struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1097         struct sock *sk = sock->sk;
1098
1099         BT_DBG("sock %p, sk %p", sock, sk);
1100
1101         addr->sa_family = AF_BLUETOOTH;
1102
1103         if (peer) {
1104                 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst);
1105                 sa->iso_bdaddr_type = iso_pi(sk)->dst_type;
1106         } else {
1107                 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src);
1108                 sa->iso_bdaddr_type = iso_pi(sk)->src_type;
1109         }
1110
1111         return sizeof(struct sockaddr_iso);
1112 }
1113
1114 static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1115                             size_t len)
1116 {
1117         struct sock *sk = sock->sk;
1118         struct sk_buff *skb, **frag;
1119         size_t mtu;
1120         int err;
1121
1122         BT_DBG("sock %p, sk %p", sock, sk);
1123
1124         err = sock_error(sk);
1125         if (err)
1126                 return err;
1127
1128         if (msg->msg_flags & MSG_OOB)
1129                 return -EOPNOTSUPP;
1130
1131         lock_sock(sk);
1132
1133         if (sk->sk_state != BT_CONNECTED) {
1134                 release_sock(sk);
1135                 return -ENOTCONN;
1136         }
1137
1138         mtu = iso_pi(sk)->conn->hcon->hdev->iso_mtu;
1139
1140         release_sock(sk);
1141
1142         skb = bt_skb_sendmsg(sk, msg, len, mtu, HCI_ISO_DATA_HDR_SIZE, 0);
1143         if (IS_ERR(skb))
1144                 return PTR_ERR(skb);
1145
1146         len -= skb->len;
1147
1148         BT_DBG("skb %p len %d", sk, skb->len);
1149
1150         /* Continuation fragments */
1151         frag = &skb_shinfo(skb)->frag_list;
1152         while (len) {
1153                 struct sk_buff *tmp;
1154
1155                 tmp = bt_skb_sendmsg(sk, msg, len, mtu, 0, 0);
1156                 if (IS_ERR(tmp)) {
1157                         kfree_skb(skb);
1158                         return PTR_ERR(tmp);
1159                 }
1160
1161                 *frag = tmp;
1162
1163                 len  -= tmp->len;
1164
1165                 skb->len += tmp->len;
1166                 skb->data_len += tmp->len;
1167
1168                 BT_DBG("frag %p len %d", *frag, tmp->len);
1169
1170                 frag = &(*frag)->next;
1171         }
1172
1173         lock_sock(sk);
1174
1175         if (sk->sk_state == BT_CONNECTED)
1176                 err = iso_send_frame(sk, skb);
1177         else
1178                 err = -ENOTCONN;
1179
1180         release_sock(sk);
1181
1182         if (err < 0)
1183                 kfree_skb(skb);
1184         return err;
1185 }
1186
1187 static void iso_conn_defer_accept(struct hci_conn *conn)
1188 {
1189         struct hci_cp_le_accept_cis cp;
1190         struct hci_dev *hdev = conn->hdev;
1191
1192         BT_DBG("conn %p", conn);
1193
1194         conn->state = BT_CONFIG;
1195
1196         cp.handle = cpu_to_le16(conn->handle);
1197
1198         hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp);
1199 }
1200
1201 static void iso_conn_big_sync(struct sock *sk)
1202 {
1203         int err;
1204         struct hci_dev *hdev;
1205
1206         hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
1207                              iso_pi(sk)->src_type);
1208
1209         if (!hdev)
1210                 return;
1211
1212         if (!test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
1213                 err = hci_le_big_create_sync(hdev, iso_pi(sk)->conn->hcon,
1214                                              &iso_pi(sk)->qos,
1215                                              iso_pi(sk)->sync_handle,
1216                                              iso_pi(sk)->bc_num_bis,
1217                                              iso_pi(sk)->bc_bis);
1218                 if (err)
1219                         bt_dev_err(hdev, "hci_le_big_create_sync: %d",
1220                                    err);
1221         }
1222 }
1223
1224 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1225                             size_t len, int flags)
1226 {
1227         struct sock *sk = sock->sk;
1228         struct iso_pinfo *pi = iso_pi(sk);
1229
1230         BT_DBG("sk %p", sk);
1231
1232         if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1233                 lock_sock(sk);
1234                 switch (sk->sk_state) {
1235                 case BT_CONNECT2:
1236                         if (pi->conn->hcon &&
1237                             test_bit(HCI_CONN_PA_SYNC, &pi->conn->hcon->flags)) {
1238                                 iso_conn_big_sync(sk);
1239                                 sk->sk_state = BT_LISTEN;
1240                         } else {
1241                                 iso_conn_defer_accept(pi->conn->hcon);
1242                                 sk->sk_state = BT_CONFIG;
1243                         }
1244                         release_sock(sk);
1245                         return 0;
1246                 case BT_CONNECT:
1247                         release_sock(sk);
1248                         return iso_connect_cis(sk);
1249                 default:
1250                         release_sock(sk);
1251                         break;
1252                 }
1253         }
1254
1255         return bt_sock_recvmsg(sock, msg, len, flags);
1256 }
1257
1258 static bool check_io_qos(struct bt_iso_io_qos *qos)
1259 {
1260         /* If no PHY is enable SDU must be 0 */
1261         if (!qos->phy && qos->sdu)
1262                 return false;
1263
1264         if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff))
1265                 return false;
1266
1267         if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0))
1268                 return false;
1269
1270         if (qos->phy > BT_ISO_PHY_ANY)
1271                 return false;
1272
1273         return true;
1274 }
1275
1276 static bool check_ucast_qos(struct bt_iso_qos *qos)
1277 {
1278         if (qos->ucast.cig > 0xef && qos->ucast.cig != BT_ISO_QOS_CIG_UNSET)
1279                 return false;
1280
1281         if (qos->ucast.cis > 0xef && qos->ucast.cis != BT_ISO_QOS_CIS_UNSET)
1282                 return false;
1283
1284         if (qos->ucast.sca > 0x07)
1285                 return false;
1286
1287         if (qos->ucast.packing > 0x01)
1288                 return false;
1289
1290         if (qos->ucast.framing > 0x01)
1291                 return false;
1292
1293         if (!check_io_qos(&qos->ucast.in))
1294                 return false;
1295
1296         if (!check_io_qos(&qos->ucast.out))
1297                 return false;
1298
1299         return true;
1300 }
1301
1302 static bool check_bcast_qos(struct bt_iso_qos *qos)
1303 {
1304         if (qos->bcast.sync_factor == 0x00)
1305                 return false;
1306
1307         if (qos->bcast.packing > 0x01)
1308                 return false;
1309
1310         if (qos->bcast.framing > 0x01)
1311                 return false;
1312
1313         if (!check_io_qos(&qos->bcast.in))
1314                 return false;
1315
1316         if (!check_io_qos(&qos->bcast.out))
1317                 return false;
1318
1319         if (qos->bcast.encryption > 0x01)
1320                 return false;
1321
1322         if (qos->bcast.options > 0x07)
1323                 return false;
1324
1325         if (qos->bcast.skip > 0x01f3)
1326                 return false;
1327
1328         if (qos->bcast.sync_timeout < 0x000a || qos->bcast.sync_timeout > 0x4000)
1329                 return false;
1330
1331         if (qos->bcast.sync_cte_type > 0x1f)
1332                 return false;
1333
1334         if (qos->bcast.mse > 0x1f)
1335                 return false;
1336
1337         if (qos->bcast.timeout < 0x000a || qos->bcast.timeout > 0x4000)
1338                 return false;
1339
1340         return true;
1341 }
1342
1343 static int iso_sock_setsockopt(struct socket *sock, int level, int optname,
1344                                sockptr_t optval, unsigned int optlen)
1345 {
1346         struct sock *sk = sock->sk;
1347         int len, err = 0;
1348         struct bt_iso_qos qos = default_qos;
1349         u32 opt;
1350
1351         BT_DBG("sk %p", sk);
1352
1353         lock_sock(sk);
1354
1355         switch (optname) {
1356         case BT_DEFER_SETUP:
1357                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1358                         err = -EINVAL;
1359                         break;
1360                 }
1361
1362                 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
1363                         err = -EFAULT;
1364                         break;
1365                 }
1366
1367                 if (opt)
1368                         set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1369                 else
1370                         clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1371                 break;
1372
1373         case BT_PKT_STATUS:
1374                 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
1375                         err = -EFAULT;
1376                         break;
1377                 }
1378
1379                 if (opt)
1380                         set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1381                 else
1382                         clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1383                 break;
1384
1385         case BT_ISO_QOS:
1386                 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1387                     sk->sk_state != BT_CONNECT2) {
1388                         err = -EINVAL;
1389                         break;
1390                 }
1391
1392                 len = min_t(unsigned int, sizeof(qos), optlen);
1393
1394                 if (copy_from_sockptr(&qos, optval, len)) {
1395                         err = -EFAULT;
1396                         break;
1397                 }
1398
1399                 if (len == sizeof(qos.ucast) && !check_ucast_qos(&qos)) {
1400                         err = -EINVAL;
1401                         break;
1402                 }
1403
1404                 iso_pi(sk)->qos = qos;
1405                 iso_pi(sk)->qos_user_set = true;
1406
1407                 break;
1408
1409         case BT_ISO_BASE:
1410                 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1411                     sk->sk_state != BT_CONNECT2) {
1412                         err = -EINVAL;
1413                         break;
1414                 }
1415
1416                 if (optlen > sizeof(iso_pi(sk)->base)) {
1417                         err = -EOVERFLOW;
1418                         break;
1419                 }
1420
1421                 len = min_t(unsigned int, sizeof(iso_pi(sk)->base), optlen);
1422
1423                 if (copy_from_sockptr(iso_pi(sk)->base, optval, len)) {
1424                         err = -EFAULT;
1425                         break;
1426                 }
1427
1428                 iso_pi(sk)->base_len = len;
1429
1430                 break;
1431
1432         default:
1433                 err = -ENOPROTOOPT;
1434                 break;
1435         }
1436
1437         release_sock(sk);
1438         return err;
1439 }
1440
1441 static int iso_sock_getsockopt(struct socket *sock, int level, int optname,
1442                                char __user *optval, int __user *optlen)
1443 {
1444         struct sock *sk = sock->sk;
1445         int len, err = 0;
1446         struct bt_iso_qos *qos;
1447         u8 base_len;
1448         u8 *base;
1449
1450         BT_DBG("sk %p", sk);
1451
1452         if (get_user(len, optlen))
1453                 return -EFAULT;
1454
1455         lock_sock(sk);
1456
1457         switch (optname) {
1458         case BT_DEFER_SETUP:
1459                 if (sk->sk_state == BT_CONNECTED) {
1460                         err = -EINVAL;
1461                         break;
1462                 }
1463
1464                 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1465                              (u32 __user *)optval))
1466                         err = -EFAULT;
1467
1468                 break;
1469
1470         case BT_PKT_STATUS:
1471                 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1472                              (int __user *)optval))
1473                         err = -EFAULT;
1474                 break;
1475
1476         case BT_ISO_QOS:
1477                 qos = iso_sock_get_qos(sk);
1478
1479                 len = min_t(unsigned int, len, sizeof(*qos));
1480                 if (copy_to_user(optval, qos, len))
1481                         err = -EFAULT;
1482
1483                 break;
1484
1485         case BT_ISO_BASE:
1486                 if (sk->sk_state == BT_CONNECTED &&
1487                     !bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) {
1488                         base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len;
1489                         base = iso_pi(sk)->conn->hcon->le_per_adv_data;
1490                 } else {
1491                         base_len = iso_pi(sk)->base_len;
1492                         base = iso_pi(sk)->base;
1493                 }
1494
1495                 len = min_t(unsigned int, len, base_len);
1496                 if (copy_to_user(optval, base, len))
1497                         err = -EFAULT;
1498
1499                 break;
1500
1501         default:
1502                 err = -ENOPROTOOPT;
1503                 break;
1504         }
1505
1506         release_sock(sk);
1507         return err;
1508 }
1509
1510 static int iso_sock_shutdown(struct socket *sock, int how)
1511 {
1512         struct sock *sk = sock->sk;
1513         int err = 0;
1514
1515         BT_DBG("sock %p, sk %p, how %d", sock, sk, how);
1516
1517         if (!sk)
1518                 return 0;
1519
1520         sock_hold(sk);
1521         lock_sock(sk);
1522
1523         switch (how) {
1524         case SHUT_RD:
1525                 if (sk->sk_shutdown & RCV_SHUTDOWN)
1526                         goto unlock;
1527                 sk->sk_shutdown |= RCV_SHUTDOWN;
1528                 break;
1529         case SHUT_WR:
1530                 if (sk->sk_shutdown & SEND_SHUTDOWN)
1531                         goto unlock;
1532                 sk->sk_shutdown |= SEND_SHUTDOWN;
1533                 break;
1534         case SHUT_RDWR:
1535                 if (sk->sk_shutdown & SHUTDOWN_MASK)
1536                         goto unlock;
1537                 sk->sk_shutdown |= SHUTDOWN_MASK;
1538                 break;
1539         }
1540
1541         iso_sock_clear_timer(sk);
1542         __iso_sock_close(sk);
1543
1544         if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1545             !(current->flags & PF_EXITING))
1546                 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1547
1548 unlock:
1549         release_sock(sk);
1550         sock_put(sk);
1551
1552         return err;
1553 }
1554
1555 static int iso_sock_release(struct socket *sock)
1556 {
1557         struct sock *sk = sock->sk;
1558         int err = 0;
1559
1560         BT_DBG("sock %p, sk %p", sock, sk);
1561
1562         if (!sk)
1563                 return 0;
1564
1565         iso_sock_close(sk);
1566
1567         if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
1568             !(current->flags & PF_EXITING)) {
1569                 lock_sock(sk);
1570                 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1571                 release_sock(sk);
1572         }
1573
1574         sock_orphan(sk);
1575         iso_sock_kill(sk);
1576         return err;
1577 }
1578
1579 static void iso_sock_ready(struct sock *sk)
1580 {
1581         BT_DBG("sk %p", sk);
1582
1583         if (!sk)
1584                 return;
1585
1586         lock_sock(sk);
1587         iso_sock_clear_timer(sk);
1588         sk->sk_state = BT_CONNECTED;
1589         sk->sk_state_change(sk);
1590         release_sock(sk);
1591 }
1592
1593 struct iso_list_data {
1594         struct hci_conn *hcon;
1595         int count;
1596 };
1597
1598 static bool iso_match_big(struct sock *sk, void *data)
1599 {
1600         struct hci_evt_le_big_sync_estabilished *ev = data;
1601
1602         return ev->handle == iso_pi(sk)->qos.bcast.big;
1603 }
1604
1605 static bool iso_match_pa_sync_flag(struct sock *sk, void *data)
1606 {
1607         return test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags);
1608 }
1609
1610 static void iso_conn_ready(struct iso_conn *conn)
1611 {
1612         struct sock *parent = NULL;
1613         struct sock *sk = conn->sk;
1614         struct hci_ev_le_big_sync_estabilished *ev = NULL;
1615         struct hci_ev_le_pa_sync_established *ev2 = NULL;
1616         struct hci_evt_le_big_info_adv_report *ev3 = NULL;
1617         struct hci_conn *hcon;
1618
1619         BT_DBG("conn %p", conn);
1620
1621         if (sk) {
1622                 iso_sock_ready(conn->sk);
1623         } else {
1624                 hcon = conn->hcon;
1625                 if (!hcon)
1626                         return;
1627
1628                 if (test_bit(HCI_CONN_BIG_SYNC, &hcon->flags) ||
1629                     test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags)) {
1630                         ev = hci_recv_event_data(hcon->hdev,
1631                                                  HCI_EVT_LE_BIG_SYNC_ESTABILISHED);
1632
1633                         /* Get reference to PA sync parent socket, if it exists */
1634                         parent = iso_get_sock_listen(&hcon->src,
1635                                                      &hcon->dst,
1636                                                      iso_match_pa_sync_flag, NULL);
1637                         if (!parent && ev)
1638                                 parent = iso_get_sock_listen(&hcon->src,
1639                                                              &hcon->dst,
1640                                                              iso_match_big, ev);
1641                 } else if (test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) {
1642                         ev2 = hci_recv_event_data(hcon->hdev,
1643                                                   HCI_EV_LE_PA_SYNC_ESTABLISHED);
1644                         if (ev2)
1645                                 parent = iso_get_sock_listen(&hcon->src,
1646                                                              &hcon->dst,
1647                                                              iso_match_sid, ev2);
1648                 } else if (test_bit(HCI_CONN_PA_SYNC, &hcon->flags)) {
1649                         ev3 = hci_recv_event_data(hcon->hdev,
1650                                                   HCI_EVT_LE_BIG_INFO_ADV_REPORT);
1651                         if (ev3)
1652                                 parent = iso_get_sock_listen(&hcon->src,
1653                                                              &hcon->dst,
1654                                                              iso_match_sync_handle, ev3);
1655                 }
1656
1657                 if (!parent)
1658                         parent = iso_get_sock_listen(&hcon->src,
1659                                                         BDADDR_ANY, NULL, NULL);
1660
1661                 if (!parent)
1662                         return;
1663
1664                 lock_sock(parent);
1665
1666                 sk = iso_sock_alloc(sock_net(parent), NULL,
1667                                     BTPROTO_ISO, GFP_ATOMIC, 0);
1668                 if (!sk) {
1669                         release_sock(parent);
1670                         return;
1671                 }
1672
1673                 iso_sock_init(sk, parent);
1674
1675                 bacpy(&iso_pi(sk)->src, &hcon->src);
1676
1677                 /* Convert from HCI to three-value type */
1678                 if (hcon->src_type == ADDR_LE_DEV_PUBLIC)
1679                         iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
1680                 else
1681                         iso_pi(sk)->src_type = BDADDR_LE_RANDOM;
1682
1683                 /* If hcon has no destination address (BDADDR_ANY) it means it
1684                  * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED or
1685                  * HCI_EV_LE_PA_SYNC_ESTABLISHED so we need to initialize using
1686                  * the parent socket destination address.
1687                  */
1688                 if (!bacmp(&hcon->dst, BDADDR_ANY)) {
1689                         bacpy(&hcon->dst, &iso_pi(parent)->dst);
1690                         hcon->dst_type = iso_pi(parent)->dst_type;
1691                         hcon->sync_handle = iso_pi(parent)->sync_handle;
1692                 }
1693
1694                 if (ev3) {
1695                         iso_pi(sk)->qos = iso_pi(parent)->qos;
1696                         iso_pi(sk)->qos.bcast.encryption = ev3->encryption;
1697                         hcon->iso_qos = iso_pi(sk)->qos;
1698                         iso_pi(sk)->bc_num_bis = iso_pi(parent)->bc_num_bis;
1699                         memcpy(iso_pi(sk)->bc_bis, iso_pi(parent)->bc_bis, ISO_MAX_NUM_BIS);
1700                         set_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags);
1701                 }
1702
1703                 bacpy(&iso_pi(sk)->dst, &hcon->dst);
1704                 iso_pi(sk)->dst_type = hcon->dst_type;
1705                 iso_pi(sk)->sync_handle = iso_pi(parent)->sync_handle;
1706                 memcpy(iso_pi(sk)->base, iso_pi(parent)->base, iso_pi(parent)->base_len);
1707                 iso_pi(sk)->base_len = iso_pi(parent)->base_len;
1708
1709                 hci_conn_hold(hcon);
1710                 iso_chan_add(conn, sk, parent);
1711
1712                 if ((ev && ((struct hci_evt_le_big_sync_estabilished *)ev)->status) ||
1713                     (ev2 && ev2->status)) {
1714                         /* Trigger error signal on child socket */
1715                         sk->sk_err = ECONNREFUSED;
1716                         sk->sk_error_report(sk);
1717                 }
1718
1719                 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1720                         sk->sk_state = BT_CONNECT2;
1721                 else
1722                         sk->sk_state = BT_CONNECTED;
1723
1724                 /* Wake up parent */
1725                 parent->sk_data_ready(parent);
1726
1727                 release_sock(parent);
1728         }
1729 }
1730
1731 static bool iso_match_sid(struct sock *sk, void *data)
1732 {
1733         struct hci_ev_le_pa_sync_established *ev = data;
1734
1735         return ev->sid == iso_pi(sk)->bc_sid;
1736 }
1737
1738 static bool iso_match_sync_handle(struct sock *sk, void *data)
1739 {
1740         struct hci_evt_le_big_info_adv_report *ev = data;
1741
1742         return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
1743 }
1744
1745 static bool iso_match_sync_handle_pa_report(struct sock *sk, void *data)
1746 {
1747         struct hci_ev_le_per_adv_report *ev = data;
1748
1749         return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
1750 }
1751
1752 /* ----- ISO interface with lower layer (HCI) ----- */
1753
1754 int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1755 {
1756         struct hci_ev_le_pa_sync_established *ev1;
1757         struct hci_evt_le_big_info_adv_report *ev2;
1758         struct hci_ev_le_per_adv_report *ev3;
1759         struct sock *sk;
1760         int lm = 0;
1761
1762         bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
1763
1764         /* Broadcast receiver requires handling of some events before it can
1765          * proceed to establishing a BIG sync:
1766          *
1767          * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific
1768          * SID to listen to and once sync is estabilished its handle needs to
1769          * be stored in iso_pi(sk)->sync_handle so it can be matched once
1770          * receiving the BIG Info.
1771          * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a
1772          * a BIG Info it attempts to check if there any listening socket with
1773          * the same sync_handle and if it does then attempt to create a sync.
1774          * 3. HCI_EV_LE_PER_ADV_REPORT: When a PA report is received, it is stored
1775          * in iso_pi(sk)->base so it can be passed up to user, in the case of a
1776          * broadcast sink.
1777          */
1778         ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED);
1779         if (ev1) {
1780                 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, iso_match_sid,
1781                                          ev1);
1782                 if (sk && !ev1->status)
1783                         iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle);
1784
1785                 goto done;
1786         }
1787
1788         ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT);
1789         if (ev2) {
1790                 /* Try to get PA sync listening socket, if it exists */
1791                 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr,
1792                                                 iso_match_pa_sync_flag, NULL);
1793
1794                 if (!sk) {
1795                         sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr,
1796                                                  iso_match_sync_handle, ev2);
1797
1798                         /* If PA Sync is in process of terminating,
1799                          * do not handle any more BIGInfo adv reports.
1800                          */
1801
1802                         if (sk && test_bit(BT_SK_PA_SYNC_TERM,
1803                                            &iso_pi(sk)->flags))
1804                                 return lm;
1805                 }
1806
1807                 if (sk) {
1808                         int err;
1809
1810                         if (ev2->num_bis < iso_pi(sk)->bc_num_bis)
1811                                 iso_pi(sk)->bc_num_bis = ev2->num_bis;
1812
1813                         if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) &&
1814                             !test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
1815                                 err = hci_le_big_create_sync(hdev, NULL,
1816                                                              &iso_pi(sk)->qos,
1817                                                              iso_pi(sk)->sync_handle,
1818                                                              iso_pi(sk)->bc_num_bis,
1819                                                              iso_pi(sk)->bc_bis);
1820                                 if (err) {
1821                                         bt_dev_err(hdev, "hci_le_big_create_sync: %d",
1822                                                    err);
1823                                         sk = NULL;
1824                                 }
1825                         }
1826                 }
1827         }
1828
1829         ev3 = hci_recv_event_data(hdev, HCI_EV_LE_PER_ADV_REPORT);
1830         if (ev3) {
1831                 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr,
1832                                          iso_match_sync_handle_pa_report, ev3);
1833
1834                 if (sk) {
1835                         memcpy(iso_pi(sk)->base, ev3->data, ev3->length);
1836                         iso_pi(sk)->base_len = ev3->length;
1837                 }
1838         } else {
1839                 sk = iso_get_sock_listen(&hdev->bdaddr, BDADDR_ANY, NULL, NULL);
1840         }
1841
1842 done:
1843         if (!sk)
1844                 return lm;
1845
1846         lm |= HCI_LM_ACCEPT;
1847
1848         if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1849                 *flags |= HCI_PROTO_DEFER;
1850
1851         return lm;
1852 }
1853
1854 static void iso_connect_cfm(struct hci_conn *hcon, __u8 status)
1855 {
1856         if (hcon->type != ISO_LINK) {
1857                 if (hcon->type != LE_LINK)
1858                         return;
1859
1860                 /* Check if LE link has failed */
1861                 if (status) {
1862                         struct hci_link *link, *t;
1863
1864                         list_for_each_entry_safe(link, t, &hcon->link_list,
1865                                                  list)
1866                                 iso_conn_del(link->conn, bt_to_errno(status));
1867
1868                         return;
1869                 }
1870
1871                 /* Create CIS if pending */
1872                 hci_le_create_cis_pending(hcon->hdev);
1873                 return;
1874         }
1875
1876         BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1877
1878         /* Similar to the success case, if HCI_CONN_BIG_SYNC_FAILED or
1879          * HCI_CONN_PA_SYNC_FAILED is set, queue the failed connection
1880          * into the accept queue of the listening socket and wake up
1881          * userspace, to inform the user about the event.
1882          */
1883         if (!status || test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags) ||
1884             test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) {
1885                 struct iso_conn *conn;
1886
1887                 conn = iso_conn_add(hcon);
1888                 if (conn)
1889                         iso_conn_ready(conn);
1890         } else {
1891                 iso_conn_del(hcon, bt_to_errno(status));
1892         }
1893 }
1894
1895 static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1896 {
1897         if (hcon->type != ISO_LINK)
1898                 return;
1899
1900         BT_DBG("hcon %p reason %d", hcon, reason);
1901
1902         iso_conn_del(hcon, bt_to_errno(reason));
1903 }
1904
1905 void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
1906 {
1907         struct iso_conn *conn = hcon->iso_data;
1908         __u16 pb, ts, len;
1909
1910         if (!conn)
1911                 goto drop;
1912
1913         pb     = hci_iso_flags_pb(flags);
1914         ts     = hci_iso_flags_ts(flags);
1915
1916         BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts);
1917
1918         switch (pb) {
1919         case ISO_START:
1920         case ISO_SINGLE:
1921                 if (conn->rx_len) {
1922                         BT_ERR("Unexpected start frame (len %d)", skb->len);
1923                         kfree_skb(conn->rx_skb);
1924                         conn->rx_skb = NULL;
1925                         conn->rx_len = 0;
1926                 }
1927
1928                 if (ts) {
1929                         struct hci_iso_ts_data_hdr *hdr;
1930
1931                         /* TODO: add timestamp to the packet? */
1932                         hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE);
1933                         if (!hdr) {
1934                                 BT_ERR("Frame is too short (len %d)", skb->len);
1935                                 goto drop;
1936                         }
1937
1938                         len = __le16_to_cpu(hdr->slen);
1939                 } else {
1940                         struct hci_iso_data_hdr *hdr;
1941
1942                         hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE);
1943                         if (!hdr) {
1944                                 BT_ERR("Frame is too short (len %d)", skb->len);
1945                                 goto drop;
1946                         }
1947
1948                         len = __le16_to_cpu(hdr->slen);
1949                 }
1950
1951                 flags  = hci_iso_data_flags(len);
1952                 len    = hci_iso_data_len(len);
1953
1954                 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len,
1955                        skb->len, flags);
1956
1957                 if (len == skb->len) {
1958                         /* Complete frame received */
1959                         hci_skb_pkt_status(skb) = flags & 0x03;
1960                         iso_recv_frame(conn, skb);
1961                         return;
1962                 }
1963
1964                 if (pb == ISO_SINGLE) {
1965                         BT_ERR("Frame malformed (len %d, expected len %d)",
1966                                skb->len, len);
1967                         goto drop;
1968                 }
1969
1970                 if (skb->len > len) {
1971                         BT_ERR("Frame is too long (len %d, expected len %d)",
1972                                skb->len, len);
1973                         goto drop;
1974                 }
1975
1976                 /* Allocate skb for the complete frame (with header) */
1977                 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL);
1978                 if (!conn->rx_skb)
1979                         goto drop;
1980
1981                 hci_skb_pkt_status(conn->rx_skb) = flags & 0x03;
1982                 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
1983                                           skb->len);
1984                 conn->rx_len = len - skb->len;
1985                 break;
1986
1987         case ISO_CONT:
1988                 BT_DBG("Cont: frag len %d (expecting %d)", skb->len,
1989                        conn->rx_len);
1990
1991                 if (!conn->rx_len) {
1992                         BT_ERR("Unexpected continuation frame (len %d)",
1993                                skb->len);
1994                         goto drop;
1995                 }
1996
1997                 if (skb->len > conn->rx_len) {
1998                         BT_ERR("Fragment is too long (len %d, expected %d)",
1999                                skb->len, conn->rx_len);
2000                         kfree_skb(conn->rx_skb);
2001                         conn->rx_skb = NULL;
2002                         conn->rx_len = 0;
2003                         goto drop;
2004                 }
2005
2006                 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2007                                           skb->len);
2008                 conn->rx_len -= skb->len;
2009                 return;
2010
2011         case ISO_END:
2012                 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2013                                           skb->len);
2014                 conn->rx_len -= skb->len;
2015
2016                 if (!conn->rx_len) {
2017                         struct sk_buff *rx_skb = conn->rx_skb;
2018
2019                         /* Complete frame received. iso_recv_frame
2020                          * takes ownership of the skb so set the global
2021                          * rx_skb pointer to NULL first.
2022                          */
2023                         conn->rx_skb = NULL;
2024                         iso_recv_frame(conn, rx_skb);
2025                 }
2026                 break;
2027         }
2028
2029 drop:
2030         kfree_skb(skb);
2031 }
2032
2033 static struct hci_cb iso_cb = {
2034         .name           = "ISO",
2035         .connect_cfm    = iso_connect_cfm,
2036         .disconn_cfm    = iso_disconn_cfm,
2037 };
2038
2039 static int iso_debugfs_show(struct seq_file *f, void *p)
2040 {
2041         struct sock *sk;
2042
2043         read_lock(&iso_sk_list.lock);
2044
2045         sk_for_each(sk, &iso_sk_list.head) {
2046                 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src,
2047                            &iso_pi(sk)->dst, sk->sk_state);
2048         }
2049
2050         read_unlock(&iso_sk_list.lock);
2051
2052         return 0;
2053 }
2054
2055 DEFINE_SHOW_ATTRIBUTE(iso_debugfs);
2056
2057 static struct dentry *iso_debugfs;
2058
2059 static const struct proto_ops iso_sock_ops = {
2060         .family         = PF_BLUETOOTH,
2061         .owner          = THIS_MODULE,
2062         .release        = iso_sock_release,
2063         .bind           = iso_sock_bind,
2064         .connect        = iso_sock_connect,
2065         .listen         = iso_sock_listen,
2066         .accept         = iso_sock_accept,
2067         .getname        = iso_sock_getname,
2068         .sendmsg        = iso_sock_sendmsg,
2069         .recvmsg        = iso_sock_recvmsg,
2070         .poll           = bt_sock_poll,
2071         .ioctl          = bt_sock_ioctl,
2072         .mmap           = sock_no_mmap,
2073         .socketpair     = sock_no_socketpair,
2074         .shutdown       = iso_sock_shutdown,
2075         .setsockopt     = iso_sock_setsockopt,
2076         .getsockopt     = iso_sock_getsockopt
2077 };
2078
2079 static const struct net_proto_family iso_sock_family_ops = {
2080         .family = PF_BLUETOOTH,
2081         .owner  = THIS_MODULE,
2082         .create = iso_sock_create,
2083 };
2084
2085 static bool iso_inited;
2086
2087 bool iso_enabled(void)
2088 {
2089         return iso_inited;
2090 }
2091
2092 int iso_init(void)
2093 {
2094         int err;
2095
2096         BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr));
2097
2098         if (iso_inited)
2099                 return -EALREADY;
2100
2101         err = proto_register(&iso_proto, 0);
2102         if (err < 0)
2103                 return err;
2104
2105         err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops);
2106         if (err < 0) {
2107                 BT_ERR("ISO socket registration failed");
2108                 goto error;
2109         }
2110
2111         err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL);
2112         if (err < 0) {
2113                 BT_ERR("Failed to create ISO proc file");
2114                 bt_sock_unregister(BTPROTO_ISO);
2115                 goto error;
2116         }
2117
2118         BT_INFO("ISO socket layer initialized");
2119
2120         hci_register_cb(&iso_cb);
2121
2122         if (IS_ERR_OR_NULL(bt_debugfs))
2123                 return 0;
2124
2125         if (!iso_debugfs) {
2126                 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs,
2127                                                   NULL, &iso_debugfs_fops);
2128         }
2129
2130         iso_inited = true;
2131
2132         return 0;
2133
2134 error:
2135         proto_unregister(&iso_proto);
2136         return err;
2137 }
2138
2139 int iso_exit(void)
2140 {
2141         if (!iso_inited)
2142                 return -EALREADY;
2143
2144         bt_procfs_cleanup(&init_net, "iso");
2145
2146         debugfs_remove(iso_debugfs);
2147         iso_debugfs = NULL;
2148
2149         hci_unregister_cb(&iso_cb);
2150
2151         bt_sock_unregister(BTPROTO_ISO);
2152
2153         proto_unregister(&iso_proto);
2154
2155         iso_inited = false;
2156
2157         return 0;
2158 }