Merge tag 'powerpc-6.6-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc...
[platform/kernel/linux-starfive.git] / net / bluetooth / iso.c
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * BlueZ - Bluetooth protocol stack for Linux
4  *
5  * Copyright (C) 2022 Intel Corporation
6  * Copyright 2023 NXP
7  */
8
9 #include <linux/module.h>
10 #include <linux/debugfs.h>
11 #include <linux/seq_file.h>
12 #include <linux/sched/signal.h>
13
14 #include <net/bluetooth/bluetooth.h>
15 #include <net/bluetooth/hci_core.h>
16 #include <net/bluetooth/iso.h>
17
18 static const struct proto_ops iso_sock_ops;
19
20 static struct bt_sock_list iso_sk_list = {
21         .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock)
22 };
23
24 /* ---- ISO connections ---- */
25 struct iso_conn {
26         struct hci_conn *hcon;
27
28         /* @lock: spinlock protecting changes to iso_conn fields */
29         spinlock_t      lock;
30         struct sock     *sk;
31
32         struct delayed_work     timeout_work;
33
34         struct sk_buff  *rx_skb;
35         __u32           rx_len;
36         __u16           tx_sn;
37 };
38
39 #define iso_conn_lock(c)        spin_lock(&(c)->lock)
40 #define iso_conn_unlock(c)      spin_unlock(&(c)->lock)
41
42 static void iso_sock_close(struct sock *sk);
43 static void iso_sock_kill(struct sock *sk);
44
45 /* ----- ISO socket info ----- */
46 #define iso_pi(sk) ((struct iso_pinfo *)sk)
47
48 #define EIR_SERVICE_DATA_LENGTH 4
49 #define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH)
50
51 /* iso_pinfo flags values */
52 enum {
53         BT_SK_BIG_SYNC,
54         BT_SK_PA_SYNC,
55 };
56
57 struct iso_pinfo {
58         struct bt_sock          bt;
59         bdaddr_t                src;
60         __u8                    src_type;
61         bdaddr_t                dst;
62         __u8                    dst_type;
63         __u8                    bc_sid;
64         __u8                    bc_num_bis;
65         __u8                    bc_bis[ISO_MAX_NUM_BIS];
66         __u16                   sync_handle;
67         unsigned long           flags;
68         struct bt_iso_qos       qos;
69         bool                    qos_user_set;
70         __u8                    base_len;
71         __u8                    base[BASE_MAX_LENGTH];
72         struct iso_conn         *conn;
73 };
74
75 static struct bt_iso_qos default_qos;
76
77 static bool check_ucast_qos(struct bt_iso_qos *qos);
78 static bool check_bcast_qos(struct bt_iso_qos *qos);
79 static bool iso_match_sid(struct sock *sk, void *data);
80 static void iso_sock_disconn(struct sock *sk);
81
82 /* ---- ISO timers ---- */
83 #define ISO_CONN_TIMEOUT        (HZ * 40)
84 #define ISO_DISCONN_TIMEOUT     (HZ * 2)
85
86 static void iso_sock_timeout(struct work_struct *work)
87 {
88         struct iso_conn *conn = container_of(work, struct iso_conn,
89                                              timeout_work.work);
90         struct sock *sk;
91
92         iso_conn_lock(conn);
93         sk = conn->sk;
94         if (sk)
95                 sock_hold(sk);
96         iso_conn_unlock(conn);
97
98         if (!sk)
99                 return;
100
101         BT_DBG("sock %p state %d", sk, sk->sk_state);
102
103         lock_sock(sk);
104         sk->sk_err = ETIMEDOUT;
105         sk->sk_state_change(sk);
106         release_sock(sk);
107         sock_put(sk);
108 }
109
110 static void iso_sock_set_timer(struct sock *sk, long timeout)
111 {
112         if (!iso_pi(sk)->conn)
113                 return;
114
115         BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
116         cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
117         schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout);
118 }
119
120 static void iso_sock_clear_timer(struct sock *sk)
121 {
122         if (!iso_pi(sk)->conn)
123                 return;
124
125         BT_DBG("sock %p state %d", sk, sk->sk_state);
126         cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
127 }
128
129 /* ---- ISO connections ---- */
130 static struct iso_conn *iso_conn_add(struct hci_conn *hcon)
131 {
132         struct iso_conn *conn = hcon->iso_data;
133
134         if (conn) {
135                 if (!conn->hcon)
136                         conn->hcon = hcon;
137                 return conn;
138         }
139
140         conn = kzalloc(sizeof(*conn), GFP_KERNEL);
141         if (!conn)
142                 return NULL;
143
144         spin_lock_init(&conn->lock);
145         INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout);
146
147         hcon->iso_data = conn;
148         conn->hcon = hcon;
149         conn->tx_sn = 0;
150
151         BT_DBG("hcon %p conn %p", hcon, conn);
152
153         return conn;
154 }
155
156 /* Delete channel. Must be called on the locked socket. */
157 static void iso_chan_del(struct sock *sk, int err)
158 {
159         struct iso_conn *conn;
160         struct sock *parent;
161
162         conn = iso_pi(sk)->conn;
163
164         BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
165
166         if (conn) {
167                 iso_conn_lock(conn);
168                 conn->sk = NULL;
169                 iso_pi(sk)->conn = NULL;
170                 iso_conn_unlock(conn);
171
172                 if (conn->hcon)
173                         hci_conn_drop(conn->hcon);
174         }
175
176         sk->sk_state = BT_CLOSED;
177         sk->sk_err   = err;
178
179         parent = bt_sk(sk)->parent;
180         if (parent) {
181                 bt_accept_unlink(sk);
182                 parent->sk_data_ready(parent);
183         } else {
184                 sk->sk_state_change(sk);
185         }
186
187         sock_set_flag(sk, SOCK_ZAPPED);
188 }
189
190 static void iso_conn_del(struct hci_conn *hcon, int err)
191 {
192         struct iso_conn *conn = hcon->iso_data;
193         struct sock *sk;
194
195         if (!conn)
196                 return;
197
198         BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
199
200         /* Kill socket */
201         iso_conn_lock(conn);
202         sk = conn->sk;
203         if (sk)
204                 sock_hold(sk);
205         iso_conn_unlock(conn);
206
207         if (sk) {
208                 lock_sock(sk);
209                 iso_sock_clear_timer(sk);
210                 iso_chan_del(sk, err);
211                 release_sock(sk);
212                 sock_put(sk);
213         }
214
215         /* Ensure no more work items will run before freeing conn. */
216         cancel_delayed_work_sync(&conn->timeout_work);
217
218         hcon->iso_data = NULL;
219         kfree(conn);
220 }
221
222 static int __iso_chan_add(struct iso_conn *conn, struct sock *sk,
223                           struct sock *parent)
224 {
225         BT_DBG("conn %p", conn);
226
227         if (iso_pi(sk)->conn == conn && conn->sk == sk)
228                 return 0;
229
230         if (conn->sk) {
231                 BT_ERR("conn->sk already set");
232                 return -EBUSY;
233         }
234
235         iso_pi(sk)->conn = conn;
236         conn->sk = sk;
237
238         if (parent)
239                 bt_accept_enqueue(parent, sk, true);
240
241         return 0;
242 }
243
244 static int iso_chan_add(struct iso_conn *conn, struct sock *sk,
245                         struct sock *parent)
246 {
247         int err;
248
249         iso_conn_lock(conn);
250         err = __iso_chan_add(conn, sk, parent);
251         iso_conn_unlock(conn);
252
253         return err;
254 }
255
256 static inline u8 le_addr_type(u8 bdaddr_type)
257 {
258         if (bdaddr_type == BDADDR_LE_PUBLIC)
259                 return ADDR_LE_DEV_PUBLIC;
260         else
261                 return ADDR_LE_DEV_RANDOM;
262 }
263
264 static int iso_connect_bis(struct sock *sk)
265 {
266         struct iso_conn *conn;
267         struct hci_conn *hcon;
268         struct hci_dev  *hdev;
269         int err;
270
271         BT_DBG("%pMR", &iso_pi(sk)->src);
272
273         hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
274                              iso_pi(sk)->src_type);
275         if (!hdev)
276                 return -EHOSTUNREACH;
277
278         hci_dev_lock(hdev);
279
280         if (!bis_capable(hdev)) {
281                 err = -EOPNOTSUPP;
282                 goto unlock;
283         }
284
285         /* Fail if user set invalid QoS */
286         if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) {
287                 iso_pi(sk)->qos = default_qos;
288                 err = -EINVAL;
289                 goto unlock;
290         }
291
292         /* Fail if out PHYs are marked as disabled */
293         if (!iso_pi(sk)->qos.bcast.out.phy) {
294                 err = -EINVAL;
295                 goto unlock;
296         }
297
298         /* Just bind if DEFER_SETUP has been set */
299         if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
300                 hcon = hci_bind_bis(hdev, &iso_pi(sk)->dst,
301                                     &iso_pi(sk)->qos, iso_pi(sk)->base_len,
302                                     iso_pi(sk)->base);
303                 if (IS_ERR(hcon)) {
304                         err = PTR_ERR(hcon);
305                         goto unlock;
306                 }
307         } else {
308                 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst,
309                                        le_addr_type(iso_pi(sk)->dst_type),
310                                        &iso_pi(sk)->qos, iso_pi(sk)->base_len,
311                                        iso_pi(sk)->base);
312                 if (IS_ERR(hcon)) {
313                         err = PTR_ERR(hcon);
314                         goto unlock;
315                 }
316         }
317
318         conn = iso_conn_add(hcon);
319         if (!conn) {
320                 hci_conn_drop(hcon);
321                 err = -ENOMEM;
322                 goto unlock;
323         }
324
325         lock_sock(sk);
326
327         err = iso_chan_add(conn, sk, NULL);
328         if (err) {
329                 release_sock(sk);
330                 goto unlock;
331         }
332
333         /* Update source addr of the socket */
334         bacpy(&iso_pi(sk)->src, &hcon->src);
335
336         if (hcon->state == BT_CONNECTED) {
337                 iso_sock_clear_timer(sk);
338                 sk->sk_state = BT_CONNECTED;
339         } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
340                 iso_sock_clear_timer(sk);
341                 sk->sk_state = BT_CONNECT;
342         } else {
343                 sk->sk_state = BT_CONNECT;
344                 iso_sock_set_timer(sk, sk->sk_sndtimeo);
345         }
346
347         release_sock(sk);
348
349 unlock:
350         hci_dev_unlock(hdev);
351         hci_dev_put(hdev);
352         return err;
353 }
354
355 static int iso_connect_cis(struct sock *sk)
356 {
357         struct iso_conn *conn;
358         struct hci_conn *hcon;
359         struct hci_dev  *hdev;
360         int err;
361
362         BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst);
363
364         hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
365                              iso_pi(sk)->src_type);
366         if (!hdev)
367                 return -EHOSTUNREACH;
368
369         hci_dev_lock(hdev);
370
371         if (!cis_central_capable(hdev)) {
372                 err = -EOPNOTSUPP;
373                 goto unlock;
374         }
375
376         /* Fail if user set invalid QoS */
377         if (iso_pi(sk)->qos_user_set && !check_ucast_qos(&iso_pi(sk)->qos)) {
378                 iso_pi(sk)->qos = default_qos;
379                 err = -EINVAL;
380                 goto unlock;
381         }
382
383         /* Fail if either PHYs are marked as disabled */
384         if (!iso_pi(sk)->qos.ucast.in.phy && !iso_pi(sk)->qos.ucast.out.phy) {
385                 err = -EINVAL;
386                 goto unlock;
387         }
388
389         /* Just bind if DEFER_SETUP has been set */
390         if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
391                 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst,
392                                     le_addr_type(iso_pi(sk)->dst_type),
393                                     &iso_pi(sk)->qos);
394                 if (IS_ERR(hcon)) {
395                         err = PTR_ERR(hcon);
396                         goto unlock;
397                 }
398         } else {
399                 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst,
400                                        le_addr_type(iso_pi(sk)->dst_type),
401                                        &iso_pi(sk)->qos);
402                 if (IS_ERR(hcon)) {
403                         err = PTR_ERR(hcon);
404                         goto unlock;
405                 }
406         }
407
408         conn = iso_conn_add(hcon);
409         if (!conn) {
410                 hci_conn_drop(hcon);
411                 err = -ENOMEM;
412                 goto unlock;
413         }
414
415         lock_sock(sk);
416
417         err = iso_chan_add(conn, sk, NULL);
418         if (err) {
419                 release_sock(sk);
420                 goto unlock;
421         }
422
423         /* Update source addr of the socket */
424         bacpy(&iso_pi(sk)->src, &hcon->src);
425
426         if (hcon->state == BT_CONNECTED) {
427                 iso_sock_clear_timer(sk);
428                 sk->sk_state = BT_CONNECTED;
429         } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
430                 iso_sock_clear_timer(sk);
431                 sk->sk_state = BT_CONNECT;
432         } else {
433                 sk->sk_state = BT_CONNECT;
434                 iso_sock_set_timer(sk, sk->sk_sndtimeo);
435         }
436
437         release_sock(sk);
438
439 unlock:
440         hci_dev_unlock(hdev);
441         hci_dev_put(hdev);
442         return err;
443 }
444
445 static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk)
446 {
447         if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2)
448                 return &iso_pi(sk)->conn->hcon->iso_qos;
449
450         return &iso_pi(sk)->qos;
451 }
452
453 static int iso_send_frame(struct sock *sk, struct sk_buff *skb)
454 {
455         struct iso_conn *conn = iso_pi(sk)->conn;
456         struct bt_iso_qos *qos = iso_sock_get_qos(sk);
457         struct hci_iso_data_hdr *hdr;
458         int len = 0;
459
460         BT_DBG("sk %p len %d", sk, skb->len);
461
462         if (skb->len > qos->ucast.out.sdu)
463                 return -EMSGSIZE;
464
465         len = skb->len;
466
467         /* Push ISO data header */
468         hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE);
469         hdr->sn = cpu_to_le16(conn->tx_sn++);
470         hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len,
471                                                       HCI_ISO_STATUS_VALID));
472
473         if (sk->sk_state == BT_CONNECTED)
474                 hci_send_iso(conn->hcon, skb);
475         else
476                 len = -ENOTCONN;
477
478         return len;
479 }
480
481 static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb)
482 {
483         struct sock *sk;
484
485         iso_conn_lock(conn);
486         sk = conn->sk;
487         iso_conn_unlock(conn);
488
489         if (!sk)
490                 goto drop;
491
492         BT_DBG("sk %p len %d", sk, skb->len);
493
494         if (sk->sk_state != BT_CONNECTED)
495                 goto drop;
496
497         if (!sock_queue_rcv_skb(sk, skb))
498                 return;
499
500 drop:
501         kfree_skb(skb);
502 }
503
504 /* -------- Socket interface ---------- */
505 static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *src, bdaddr_t *dst)
506 {
507         struct sock *sk;
508
509         sk_for_each(sk, &iso_sk_list.head) {
510                 if (sk->sk_state != BT_LISTEN)
511                         continue;
512
513                 if (bacmp(&iso_pi(sk)->dst, dst))
514                         continue;
515
516                 if (!bacmp(&iso_pi(sk)->src, src))
517                         return sk;
518         }
519
520         return NULL;
521 }
522
523 static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc,
524                                                  __u8 sid)
525 {
526         struct sock *sk;
527
528         sk_for_each(sk, &iso_sk_list.head) {
529                 if (sk->sk_state != BT_LISTEN)
530                         continue;
531
532                 if (bacmp(&iso_pi(sk)->src, ba))
533                         continue;
534
535                 if (bacmp(&iso_pi(sk)->dst, bc))
536                         continue;
537
538                 if (iso_pi(sk)->bc_sid == sid)
539                         return sk;
540         }
541
542         return NULL;
543 }
544
545 typedef bool (*iso_sock_match_t)(struct sock *sk, void *data);
546
547 /* Find socket listening:
548  * source bdaddr (Unicast)
549  * destination bdaddr (Broadcast only)
550  * match func - pass NULL to ignore
551  * match func data - pass -1 to ignore
552  * Returns closest match.
553  */
554 static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst,
555                                         iso_sock_match_t match, void *data)
556 {
557         struct sock *sk = NULL, *sk1 = NULL;
558
559         read_lock(&iso_sk_list.lock);
560
561         sk_for_each(sk, &iso_sk_list.head) {
562                 if (sk->sk_state != BT_LISTEN)
563                         continue;
564
565                 /* Match Broadcast destination */
566                 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst))
567                         continue;
568
569                 /* Use Match function if provided */
570                 if (match && !match(sk, data))
571                         continue;
572
573                 /* Exact match. */
574                 if (!bacmp(&iso_pi(sk)->src, src))
575                         break;
576
577                 /* Closest match */
578                 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY))
579                         sk1 = sk;
580         }
581
582         read_unlock(&iso_sk_list.lock);
583
584         return sk ? sk : sk1;
585 }
586
587 static void iso_sock_destruct(struct sock *sk)
588 {
589         BT_DBG("sk %p", sk);
590
591         skb_queue_purge(&sk->sk_receive_queue);
592         skb_queue_purge(&sk->sk_write_queue);
593 }
594
595 static void iso_sock_cleanup_listen(struct sock *parent)
596 {
597         struct sock *sk;
598
599         BT_DBG("parent %p", parent);
600
601         /* Close not yet accepted channels */
602         while ((sk = bt_accept_dequeue(parent, NULL))) {
603                 iso_sock_close(sk);
604                 iso_sock_kill(sk);
605         }
606
607         /* If listening socket stands for a PA sync connection,
608          * properly disconnect the hcon and socket.
609          */
610         if (iso_pi(parent)->conn && iso_pi(parent)->conn->hcon &&
611             test_bit(HCI_CONN_PA_SYNC, &iso_pi(parent)->conn->hcon->flags)) {
612                 iso_sock_disconn(parent);
613                 return;
614         }
615
616         parent->sk_state  = BT_CLOSED;
617         sock_set_flag(parent, SOCK_ZAPPED);
618 }
619
620 /* Kill socket (only if zapped and orphan)
621  * Must be called on unlocked socket.
622  */
623 static void iso_sock_kill(struct sock *sk)
624 {
625         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
626             sock_flag(sk, SOCK_DEAD))
627                 return;
628
629         BT_DBG("sk %p state %d", sk, sk->sk_state);
630
631         /* Kill poor orphan */
632         bt_sock_unlink(&iso_sk_list, sk);
633         sock_set_flag(sk, SOCK_DEAD);
634         sock_put(sk);
635 }
636
637 static void iso_sock_disconn(struct sock *sk)
638 {
639         sk->sk_state = BT_DISCONN;
640         iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT);
641         iso_conn_lock(iso_pi(sk)->conn);
642         hci_conn_drop(iso_pi(sk)->conn->hcon);
643         iso_pi(sk)->conn->hcon = NULL;
644         iso_conn_unlock(iso_pi(sk)->conn);
645 }
646
647 static void __iso_sock_close(struct sock *sk)
648 {
649         BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
650
651         switch (sk->sk_state) {
652         case BT_LISTEN:
653                 iso_sock_cleanup_listen(sk);
654                 break;
655
656         case BT_CONNECT:
657         case BT_CONNECTED:
658         case BT_CONFIG:
659                 if (iso_pi(sk)->conn->hcon)
660                         iso_sock_disconn(sk);
661                 else
662                         iso_chan_del(sk, ECONNRESET);
663                 break;
664
665         case BT_CONNECT2:
666                 if (iso_pi(sk)->conn->hcon &&
667                     (test_bit(HCI_CONN_PA_SYNC, &iso_pi(sk)->conn->hcon->flags) ||
668                     test_bit(HCI_CONN_PA_SYNC_FAILED, &iso_pi(sk)->conn->hcon->flags)))
669                         iso_sock_disconn(sk);
670                 else
671                         iso_chan_del(sk, ECONNRESET);
672                 break;
673         case BT_DISCONN:
674                 iso_chan_del(sk, ECONNRESET);
675                 break;
676
677         default:
678                 sock_set_flag(sk, SOCK_ZAPPED);
679                 break;
680         }
681 }
682
683 /* Must be called on unlocked socket. */
684 static void iso_sock_close(struct sock *sk)
685 {
686         iso_sock_clear_timer(sk);
687         lock_sock(sk);
688         __iso_sock_close(sk);
689         release_sock(sk);
690         iso_sock_kill(sk);
691 }
692
693 static void iso_sock_init(struct sock *sk, struct sock *parent)
694 {
695         BT_DBG("sk %p", sk);
696
697         if (parent) {
698                 sk->sk_type = parent->sk_type;
699                 bt_sk(sk)->flags = bt_sk(parent)->flags;
700                 security_sk_clone(parent, sk);
701         }
702 }
703
704 static struct proto iso_proto = {
705         .name           = "ISO",
706         .owner          = THIS_MODULE,
707         .obj_size       = sizeof(struct iso_pinfo)
708 };
709
710 #define DEFAULT_IO_QOS \
711 { \
712         .interval       = 10000u, \
713         .latency        = 10u, \
714         .sdu            = 40u, \
715         .phy            = BT_ISO_PHY_2M, \
716         .rtn            = 2u, \
717 }
718
719 static struct bt_iso_qos default_qos = {
720         .bcast = {
721                 .big                    = BT_ISO_QOS_BIG_UNSET,
722                 .bis                    = BT_ISO_QOS_BIS_UNSET,
723                 .sync_factor            = 0x01,
724                 .packing                = 0x00,
725                 .framing                = 0x00,
726                 .in                     = DEFAULT_IO_QOS,
727                 .out                    = DEFAULT_IO_QOS,
728                 .encryption             = 0x00,
729                 .bcode                  = {0x00},
730                 .options                = 0x00,
731                 .skip                   = 0x0000,
732                 .sync_timeout           = 0x4000,
733                 .sync_cte_type          = 0x00,
734                 .mse                    = 0x00,
735                 .timeout                = 0x4000,
736         },
737 };
738
739 static struct sock *iso_sock_alloc(struct net *net, struct socket *sock,
740                                    int proto, gfp_t prio, int kern)
741 {
742         struct sock *sk;
743
744         sk = bt_sock_alloc(net, sock, &iso_proto, proto, prio, kern);
745         if (!sk)
746                 return NULL;
747
748         sk->sk_destruct = iso_sock_destruct;
749         sk->sk_sndtimeo = ISO_CONN_TIMEOUT;
750
751         /* Set address type as public as default src address is BDADDR_ANY */
752         iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
753
754         iso_pi(sk)->qos = default_qos;
755
756         bt_sock_link(&iso_sk_list, sk);
757         return sk;
758 }
759
760 static int iso_sock_create(struct net *net, struct socket *sock, int protocol,
761                            int kern)
762 {
763         struct sock *sk;
764
765         BT_DBG("sock %p", sock);
766
767         sock->state = SS_UNCONNECTED;
768
769         if (sock->type != SOCK_SEQPACKET)
770                 return -ESOCKTNOSUPPORT;
771
772         sock->ops = &iso_sock_ops;
773
774         sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
775         if (!sk)
776                 return -ENOMEM;
777
778         iso_sock_init(sk, NULL);
779         return 0;
780 }
781
782 static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr,
783                             int addr_len)
784 {
785         struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
786         struct sock *sk = sock->sk;
787         int i;
788
789         BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid,
790                sa->iso_bc->bc_num_bis);
791
792         if (addr_len > sizeof(*sa) + sizeof(*sa->iso_bc) ||
793             sa->iso_bc->bc_num_bis < 0x01 || sa->iso_bc->bc_num_bis > 0x1f)
794                 return -EINVAL;
795
796         bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr);
797         iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type;
798         iso_pi(sk)->sync_handle = -1;
799         iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid;
800         iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis;
801
802         for (i = 0; i < iso_pi(sk)->bc_num_bis; i++) {
803                 if (sa->iso_bc->bc_bis[i] < 0x01 ||
804                     sa->iso_bc->bc_bis[i] > 0x1f)
805                         return -EINVAL;
806
807                 memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis,
808                        iso_pi(sk)->bc_num_bis);
809         }
810
811         return 0;
812 }
813
814 static int iso_sock_bind(struct socket *sock, struct sockaddr *addr,
815                          int addr_len)
816 {
817         struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
818         struct sock *sk = sock->sk;
819         int err = 0;
820
821         BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type);
822
823         if (!addr || addr_len < sizeof(struct sockaddr_iso) ||
824             addr->sa_family != AF_BLUETOOTH)
825                 return -EINVAL;
826
827         lock_sock(sk);
828
829         if (sk->sk_state != BT_OPEN) {
830                 err = -EBADFD;
831                 goto done;
832         }
833
834         if (sk->sk_type != SOCK_SEQPACKET) {
835                 err = -EINVAL;
836                 goto done;
837         }
838
839         /* Check if the address type is of LE type */
840         if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) {
841                 err = -EINVAL;
842                 goto done;
843         }
844
845         bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr);
846         iso_pi(sk)->src_type = sa->iso_bdaddr_type;
847
848         /* Check for Broadcast address */
849         if (addr_len > sizeof(*sa)) {
850                 err = iso_sock_bind_bc(sock, addr, addr_len);
851                 if (err)
852                         goto done;
853         }
854
855         sk->sk_state = BT_BOUND;
856
857 done:
858         release_sock(sk);
859         return err;
860 }
861
862 static int iso_sock_connect(struct socket *sock, struct sockaddr *addr,
863                             int alen, int flags)
864 {
865         struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
866         struct sock *sk = sock->sk;
867         int err;
868
869         BT_DBG("sk %p", sk);
870
871         if (alen < sizeof(struct sockaddr_iso) ||
872             addr->sa_family != AF_BLUETOOTH)
873                 return -EINVAL;
874
875         if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
876                 return -EBADFD;
877
878         if (sk->sk_type != SOCK_SEQPACKET)
879                 return -EINVAL;
880
881         /* Check if the address type is of LE type */
882         if (!bdaddr_type_is_le(sa->iso_bdaddr_type))
883                 return -EINVAL;
884
885         lock_sock(sk);
886
887         bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr);
888         iso_pi(sk)->dst_type = sa->iso_bdaddr_type;
889
890         release_sock(sk);
891
892         if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
893                 err = iso_connect_cis(sk);
894         else
895                 err = iso_connect_bis(sk);
896
897         if (err)
898                 return err;
899
900         lock_sock(sk);
901
902         if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
903                 err = bt_sock_wait_state(sk, BT_CONNECTED,
904                                          sock_sndtimeo(sk, flags & O_NONBLOCK));
905         }
906
907         release_sock(sk);
908         return err;
909 }
910
911 static int iso_listen_bis(struct sock *sk)
912 {
913         struct hci_dev *hdev;
914         int err = 0;
915
916         BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src,
917                &iso_pi(sk)->dst, iso_pi(sk)->bc_sid);
918
919         write_lock(&iso_sk_list.lock);
920
921         if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst,
922                                          iso_pi(sk)->bc_sid))
923                 err = -EADDRINUSE;
924
925         write_unlock(&iso_sk_list.lock);
926
927         if (err)
928                 return err;
929
930         hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
931                              iso_pi(sk)->src_type);
932         if (!hdev)
933                 return -EHOSTUNREACH;
934
935         /* Fail if user set invalid QoS */
936         if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) {
937                 iso_pi(sk)->qos = default_qos;
938                 return -EINVAL;
939         }
940
941         err = hci_pa_create_sync(hdev, &iso_pi(sk)->dst,
942                                  le_addr_type(iso_pi(sk)->dst_type),
943                                  iso_pi(sk)->bc_sid, &iso_pi(sk)->qos);
944
945         hci_dev_put(hdev);
946
947         return err;
948 }
949
950 static int iso_listen_cis(struct sock *sk)
951 {
952         int err = 0;
953
954         BT_DBG("%pMR", &iso_pi(sk)->src);
955
956         write_lock(&iso_sk_list.lock);
957
958         if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src, &iso_pi(sk)->dst))
959                 err = -EADDRINUSE;
960
961         write_unlock(&iso_sk_list.lock);
962
963         return err;
964 }
965
966 static int iso_sock_listen(struct socket *sock, int backlog)
967 {
968         struct sock *sk = sock->sk;
969         int err = 0;
970
971         BT_DBG("sk %p backlog %d", sk, backlog);
972
973         lock_sock(sk);
974
975         if (sk->sk_state != BT_BOUND) {
976                 err = -EBADFD;
977                 goto done;
978         }
979
980         if (sk->sk_type != SOCK_SEQPACKET) {
981                 err = -EINVAL;
982                 goto done;
983         }
984
985         if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
986                 err = iso_listen_cis(sk);
987         else
988                 err = iso_listen_bis(sk);
989
990         if (err)
991                 goto done;
992
993         sk->sk_max_ack_backlog = backlog;
994         sk->sk_ack_backlog = 0;
995
996         sk->sk_state = BT_LISTEN;
997
998 done:
999         release_sock(sk);
1000         return err;
1001 }
1002
1003 static int iso_sock_accept(struct socket *sock, struct socket *newsock,
1004                            int flags, bool kern)
1005 {
1006         DEFINE_WAIT_FUNC(wait, woken_wake_function);
1007         struct sock *sk = sock->sk, *ch;
1008         long timeo;
1009         int err = 0;
1010
1011         lock_sock(sk);
1012
1013         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1014
1015         BT_DBG("sk %p timeo %ld", sk, timeo);
1016
1017         /* Wait for an incoming connection. (wake-one). */
1018         add_wait_queue_exclusive(sk_sleep(sk), &wait);
1019         while (1) {
1020                 if (sk->sk_state != BT_LISTEN) {
1021                         err = -EBADFD;
1022                         break;
1023                 }
1024
1025                 ch = bt_accept_dequeue(sk, newsock);
1026                 if (ch)
1027                         break;
1028
1029                 if (!timeo) {
1030                         err = -EAGAIN;
1031                         break;
1032                 }
1033
1034                 if (signal_pending(current)) {
1035                         err = sock_intr_errno(timeo);
1036                         break;
1037                 }
1038
1039                 release_sock(sk);
1040
1041                 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
1042                 lock_sock(sk);
1043         }
1044         remove_wait_queue(sk_sleep(sk), &wait);
1045
1046         if (err)
1047                 goto done;
1048
1049         newsock->state = SS_CONNECTED;
1050
1051         BT_DBG("new socket %p", ch);
1052
1053 done:
1054         release_sock(sk);
1055         return err;
1056 }
1057
1058 static int iso_sock_getname(struct socket *sock, struct sockaddr *addr,
1059                             int peer)
1060 {
1061         struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1062         struct sock *sk = sock->sk;
1063
1064         BT_DBG("sock %p, sk %p", sock, sk);
1065
1066         addr->sa_family = AF_BLUETOOTH;
1067
1068         if (peer) {
1069                 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst);
1070                 sa->iso_bdaddr_type = iso_pi(sk)->dst_type;
1071         } else {
1072                 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src);
1073                 sa->iso_bdaddr_type = iso_pi(sk)->src_type;
1074         }
1075
1076         return sizeof(struct sockaddr_iso);
1077 }
1078
1079 static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1080                             size_t len)
1081 {
1082         struct sock *sk = sock->sk;
1083         struct sk_buff *skb, **frag;
1084         size_t mtu;
1085         int err;
1086
1087         BT_DBG("sock %p, sk %p", sock, sk);
1088
1089         err = sock_error(sk);
1090         if (err)
1091                 return err;
1092
1093         if (msg->msg_flags & MSG_OOB)
1094                 return -EOPNOTSUPP;
1095
1096         lock_sock(sk);
1097
1098         if (sk->sk_state != BT_CONNECTED) {
1099                 release_sock(sk);
1100                 return -ENOTCONN;
1101         }
1102
1103         mtu = iso_pi(sk)->conn->hcon->hdev->iso_mtu;
1104
1105         release_sock(sk);
1106
1107         skb = bt_skb_sendmsg(sk, msg, len, mtu, HCI_ISO_DATA_HDR_SIZE, 0);
1108         if (IS_ERR(skb))
1109                 return PTR_ERR(skb);
1110
1111         len -= skb->len;
1112
1113         BT_DBG("skb %p len %d", sk, skb->len);
1114
1115         /* Continuation fragments */
1116         frag = &skb_shinfo(skb)->frag_list;
1117         while (len) {
1118                 struct sk_buff *tmp;
1119
1120                 tmp = bt_skb_sendmsg(sk, msg, len, mtu, 0, 0);
1121                 if (IS_ERR(tmp)) {
1122                         kfree_skb(skb);
1123                         return PTR_ERR(tmp);
1124                 }
1125
1126                 *frag = tmp;
1127
1128                 len  -= tmp->len;
1129
1130                 skb->len += tmp->len;
1131                 skb->data_len += tmp->len;
1132
1133                 BT_DBG("frag %p len %d", *frag, tmp->len);
1134
1135                 frag = &(*frag)->next;
1136         }
1137
1138         lock_sock(sk);
1139
1140         if (sk->sk_state == BT_CONNECTED)
1141                 err = iso_send_frame(sk, skb);
1142         else
1143                 err = -ENOTCONN;
1144
1145         release_sock(sk);
1146
1147         if (err < 0)
1148                 kfree_skb(skb);
1149         return err;
1150 }
1151
1152 static void iso_conn_defer_accept(struct hci_conn *conn)
1153 {
1154         struct hci_cp_le_accept_cis cp;
1155         struct hci_dev *hdev = conn->hdev;
1156
1157         BT_DBG("conn %p", conn);
1158
1159         conn->state = BT_CONFIG;
1160
1161         cp.handle = cpu_to_le16(conn->handle);
1162
1163         hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp);
1164 }
1165
1166 static void iso_conn_big_sync(struct sock *sk)
1167 {
1168         int err;
1169         struct hci_dev *hdev;
1170
1171         hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
1172                              iso_pi(sk)->src_type);
1173
1174         if (!hdev)
1175                 return;
1176
1177         if (!test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
1178                 err = hci_le_big_create_sync(hdev, iso_pi(sk)->conn->hcon,
1179                                              &iso_pi(sk)->qos,
1180                                              iso_pi(sk)->sync_handle,
1181                                              iso_pi(sk)->bc_num_bis,
1182                                              iso_pi(sk)->bc_bis);
1183                 if (err)
1184                         bt_dev_err(hdev, "hci_le_big_create_sync: %d",
1185                                    err);
1186         }
1187 }
1188
1189 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1190                             size_t len, int flags)
1191 {
1192         struct sock *sk = sock->sk;
1193         struct iso_pinfo *pi = iso_pi(sk);
1194
1195         BT_DBG("sk %p", sk);
1196
1197         if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1198                 lock_sock(sk);
1199                 switch (sk->sk_state) {
1200                 case BT_CONNECT2:
1201                         if (pi->conn->hcon &&
1202                             test_bit(HCI_CONN_PA_SYNC, &pi->conn->hcon->flags)) {
1203                                 iso_conn_big_sync(sk);
1204                                 sk->sk_state = BT_LISTEN;
1205                                 set_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags);
1206                         } else {
1207                                 iso_conn_defer_accept(pi->conn->hcon);
1208                                 sk->sk_state = BT_CONFIG;
1209                         }
1210                         release_sock(sk);
1211                         return 0;
1212                 case BT_CONNECT:
1213                         release_sock(sk);
1214                         return iso_connect_cis(sk);
1215                 default:
1216                         release_sock(sk);
1217                         break;
1218                 }
1219         }
1220
1221         return bt_sock_recvmsg(sock, msg, len, flags);
1222 }
1223
1224 static bool check_io_qos(struct bt_iso_io_qos *qos)
1225 {
1226         /* If no PHY is enable SDU must be 0 */
1227         if (!qos->phy && qos->sdu)
1228                 return false;
1229
1230         if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff))
1231                 return false;
1232
1233         if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0))
1234                 return false;
1235
1236         if (qos->phy > BT_ISO_PHY_ANY)
1237                 return false;
1238
1239         return true;
1240 }
1241
1242 static bool check_ucast_qos(struct bt_iso_qos *qos)
1243 {
1244         if (qos->ucast.cig > 0xef && qos->ucast.cig != BT_ISO_QOS_CIG_UNSET)
1245                 return false;
1246
1247         if (qos->ucast.cis > 0xef && qos->ucast.cis != BT_ISO_QOS_CIS_UNSET)
1248                 return false;
1249
1250         if (qos->ucast.sca > 0x07)
1251                 return false;
1252
1253         if (qos->ucast.packing > 0x01)
1254                 return false;
1255
1256         if (qos->ucast.framing > 0x01)
1257                 return false;
1258
1259         if (!check_io_qos(&qos->ucast.in))
1260                 return false;
1261
1262         if (!check_io_qos(&qos->ucast.out))
1263                 return false;
1264
1265         return true;
1266 }
1267
1268 static bool check_bcast_qos(struct bt_iso_qos *qos)
1269 {
1270         if (qos->bcast.sync_factor == 0x00)
1271                 return false;
1272
1273         if (qos->bcast.packing > 0x01)
1274                 return false;
1275
1276         if (qos->bcast.framing > 0x01)
1277                 return false;
1278
1279         if (!check_io_qos(&qos->bcast.in))
1280                 return false;
1281
1282         if (!check_io_qos(&qos->bcast.out))
1283                 return false;
1284
1285         if (qos->bcast.encryption > 0x01)
1286                 return false;
1287
1288         if (qos->bcast.options > 0x07)
1289                 return false;
1290
1291         if (qos->bcast.skip > 0x01f3)
1292                 return false;
1293
1294         if (qos->bcast.sync_timeout < 0x000a || qos->bcast.sync_timeout > 0x4000)
1295                 return false;
1296
1297         if (qos->bcast.sync_cte_type > 0x1f)
1298                 return false;
1299
1300         if (qos->bcast.mse > 0x1f)
1301                 return false;
1302
1303         if (qos->bcast.timeout < 0x000a || qos->bcast.timeout > 0x4000)
1304                 return false;
1305
1306         return true;
1307 }
1308
1309 static int iso_sock_setsockopt(struct socket *sock, int level, int optname,
1310                                sockptr_t optval, unsigned int optlen)
1311 {
1312         struct sock *sk = sock->sk;
1313         int len, err = 0;
1314         struct bt_iso_qos qos = default_qos;
1315         u32 opt;
1316
1317         BT_DBG("sk %p", sk);
1318
1319         lock_sock(sk);
1320
1321         switch (optname) {
1322         case BT_DEFER_SETUP:
1323                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1324                         err = -EINVAL;
1325                         break;
1326                 }
1327
1328                 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
1329                         err = -EFAULT;
1330                         break;
1331                 }
1332
1333                 if (opt)
1334                         set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1335                 else
1336                         clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1337                 break;
1338
1339         case BT_PKT_STATUS:
1340                 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
1341                         err = -EFAULT;
1342                         break;
1343                 }
1344
1345                 if (opt)
1346                         set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1347                 else
1348                         clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1349                 break;
1350
1351         case BT_ISO_QOS:
1352                 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1353                     sk->sk_state != BT_CONNECT2) {
1354                         err = -EINVAL;
1355                         break;
1356                 }
1357
1358                 len = min_t(unsigned int, sizeof(qos), optlen);
1359
1360                 if (copy_from_sockptr(&qos, optval, len)) {
1361                         err = -EFAULT;
1362                         break;
1363                 }
1364
1365                 if (len == sizeof(qos.ucast) && !check_ucast_qos(&qos)) {
1366                         err = -EINVAL;
1367                         break;
1368                 }
1369
1370                 iso_pi(sk)->qos = qos;
1371                 iso_pi(sk)->qos_user_set = true;
1372
1373                 break;
1374
1375         case BT_ISO_BASE:
1376                 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1377                     sk->sk_state != BT_CONNECT2) {
1378                         err = -EINVAL;
1379                         break;
1380                 }
1381
1382                 if (optlen > sizeof(iso_pi(sk)->base)) {
1383                         err = -EOVERFLOW;
1384                         break;
1385                 }
1386
1387                 len = min_t(unsigned int, sizeof(iso_pi(sk)->base), optlen);
1388
1389                 if (copy_from_sockptr(iso_pi(sk)->base, optval, len)) {
1390                         err = -EFAULT;
1391                         break;
1392                 }
1393
1394                 iso_pi(sk)->base_len = len;
1395
1396                 break;
1397
1398         default:
1399                 err = -ENOPROTOOPT;
1400                 break;
1401         }
1402
1403         release_sock(sk);
1404         return err;
1405 }
1406
1407 static int iso_sock_getsockopt(struct socket *sock, int level, int optname,
1408                                char __user *optval, int __user *optlen)
1409 {
1410         struct sock *sk = sock->sk;
1411         int len, err = 0;
1412         struct bt_iso_qos *qos;
1413         u8 base_len;
1414         u8 *base;
1415
1416         BT_DBG("sk %p", sk);
1417
1418         if (get_user(len, optlen))
1419                 return -EFAULT;
1420
1421         lock_sock(sk);
1422
1423         switch (optname) {
1424         case BT_DEFER_SETUP:
1425                 if (sk->sk_state == BT_CONNECTED) {
1426                         err = -EINVAL;
1427                         break;
1428                 }
1429
1430                 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1431                              (u32 __user *)optval))
1432                         err = -EFAULT;
1433
1434                 break;
1435
1436         case BT_PKT_STATUS:
1437                 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1438                              (int __user *)optval))
1439                         err = -EFAULT;
1440                 break;
1441
1442         case BT_ISO_QOS:
1443                 qos = iso_sock_get_qos(sk);
1444
1445                 len = min_t(unsigned int, len, sizeof(*qos));
1446                 if (copy_to_user(optval, qos, len))
1447                         err = -EFAULT;
1448
1449                 break;
1450
1451         case BT_ISO_BASE:
1452                 if (sk->sk_state == BT_CONNECTED &&
1453                     !bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) {
1454                         base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len;
1455                         base = iso_pi(sk)->conn->hcon->le_per_adv_data;
1456                 } else {
1457                         base_len = iso_pi(sk)->base_len;
1458                         base = iso_pi(sk)->base;
1459                 }
1460
1461                 len = min_t(unsigned int, len, base_len);
1462                 if (copy_to_user(optval, base, len))
1463                         err = -EFAULT;
1464
1465                 break;
1466
1467         default:
1468                 err = -ENOPROTOOPT;
1469                 break;
1470         }
1471
1472         release_sock(sk);
1473         return err;
1474 }
1475
1476 static int iso_sock_shutdown(struct socket *sock, int how)
1477 {
1478         struct sock *sk = sock->sk;
1479         int err = 0;
1480
1481         BT_DBG("sock %p, sk %p, how %d", sock, sk, how);
1482
1483         if (!sk)
1484                 return 0;
1485
1486         sock_hold(sk);
1487         lock_sock(sk);
1488
1489         switch (how) {
1490         case SHUT_RD:
1491                 if (sk->sk_shutdown & RCV_SHUTDOWN)
1492                         goto unlock;
1493                 sk->sk_shutdown |= RCV_SHUTDOWN;
1494                 break;
1495         case SHUT_WR:
1496                 if (sk->sk_shutdown & SEND_SHUTDOWN)
1497                         goto unlock;
1498                 sk->sk_shutdown |= SEND_SHUTDOWN;
1499                 break;
1500         case SHUT_RDWR:
1501                 if (sk->sk_shutdown & SHUTDOWN_MASK)
1502                         goto unlock;
1503                 sk->sk_shutdown |= SHUTDOWN_MASK;
1504                 break;
1505         }
1506
1507         iso_sock_clear_timer(sk);
1508         __iso_sock_close(sk);
1509
1510         if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1511             !(current->flags & PF_EXITING))
1512                 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1513
1514 unlock:
1515         release_sock(sk);
1516         sock_put(sk);
1517
1518         return err;
1519 }
1520
1521 static int iso_sock_release(struct socket *sock)
1522 {
1523         struct sock *sk = sock->sk;
1524         int err = 0;
1525
1526         BT_DBG("sock %p, sk %p", sock, sk);
1527
1528         if (!sk)
1529                 return 0;
1530
1531         iso_sock_close(sk);
1532
1533         if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
1534             !(current->flags & PF_EXITING)) {
1535                 lock_sock(sk);
1536                 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1537                 release_sock(sk);
1538         }
1539
1540         sock_orphan(sk);
1541         iso_sock_kill(sk);
1542         return err;
1543 }
1544
1545 static void iso_sock_ready(struct sock *sk)
1546 {
1547         BT_DBG("sk %p", sk);
1548
1549         if (!sk)
1550                 return;
1551
1552         lock_sock(sk);
1553         iso_sock_clear_timer(sk);
1554         sk->sk_state = BT_CONNECTED;
1555         sk->sk_state_change(sk);
1556         release_sock(sk);
1557 }
1558
1559 struct iso_list_data {
1560         struct hci_conn *hcon;
1561         int count;
1562 };
1563
1564 static bool iso_match_big(struct sock *sk, void *data)
1565 {
1566         struct hci_evt_le_big_sync_estabilished *ev = data;
1567
1568         return ev->handle == iso_pi(sk)->qos.bcast.big;
1569 }
1570
1571 static bool iso_match_pa_sync_flag(struct sock *sk, void *data)
1572 {
1573         return test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags);
1574 }
1575
1576 static void iso_conn_ready(struct iso_conn *conn)
1577 {
1578         struct sock *parent = NULL;
1579         struct sock *sk = conn->sk;
1580         struct hci_ev_le_big_sync_estabilished *ev = NULL;
1581         struct hci_ev_le_pa_sync_established *ev2 = NULL;
1582         struct hci_conn *hcon;
1583
1584         BT_DBG("conn %p", conn);
1585
1586         if (sk) {
1587                 iso_sock_ready(conn->sk);
1588         } else {
1589                 hcon = conn->hcon;
1590                 if (!hcon)
1591                         return;
1592
1593                 if (test_bit(HCI_CONN_BIG_SYNC, &hcon->flags) ||
1594                     test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags)) {
1595                         ev = hci_recv_event_data(hcon->hdev,
1596                                                  HCI_EVT_LE_BIG_SYNC_ESTABILISHED);
1597
1598                         /* Get reference to PA sync parent socket, if it exists */
1599                         parent = iso_get_sock_listen(&hcon->src,
1600                                                      &hcon->dst,
1601                                                      iso_match_pa_sync_flag, NULL);
1602                         if (!parent && ev)
1603                                 parent = iso_get_sock_listen(&hcon->src,
1604                                                              &hcon->dst,
1605                                                              iso_match_big, ev);
1606                 } else if (test_bit(HCI_CONN_PA_SYNC, &hcon->flags) ||
1607                                 test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) {
1608                         ev2 = hci_recv_event_data(hcon->hdev,
1609                                                   HCI_EV_LE_PA_SYNC_ESTABLISHED);
1610                         if (ev2)
1611                                 parent = iso_get_sock_listen(&hcon->src,
1612                                                              &hcon->dst,
1613                                                              iso_match_sid, ev2);
1614                 }
1615
1616                 if (!parent)
1617                         parent = iso_get_sock_listen(&hcon->src,
1618                                                         BDADDR_ANY, NULL, NULL);
1619
1620                 if (!parent)
1621                         return;
1622
1623                 lock_sock(parent);
1624
1625                 sk = iso_sock_alloc(sock_net(parent), NULL,
1626                                     BTPROTO_ISO, GFP_ATOMIC, 0);
1627                 if (!sk) {
1628                         release_sock(parent);
1629                         return;
1630                 }
1631
1632                 iso_sock_init(sk, parent);
1633
1634                 bacpy(&iso_pi(sk)->src, &hcon->src);
1635
1636                 /* Convert from HCI to three-value type */
1637                 if (hcon->src_type == ADDR_LE_DEV_PUBLIC)
1638                         iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
1639                 else
1640                         iso_pi(sk)->src_type = BDADDR_LE_RANDOM;
1641
1642                 /* If hcon has no destination address (BDADDR_ANY) it means it
1643                  * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED or
1644                  * HCI_EV_LE_PA_SYNC_ESTABLISHED so we need to initialize using
1645                  * the parent socket destination address.
1646                  */
1647                 if (!bacmp(&hcon->dst, BDADDR_ANY)) {
1648                         bacpy(&hcon->dst, &iso_pi(parent)->dst);
1649                         hcon->dst_type = iso_pi(parent)->dst_type;
1650                         hcon->sync_handle = iso_pi(parent)->sync_handle;
1651                 }
1652
1653                 if (ev2 && !ev2->status) {
1654                         iso_pi(sk)->sync_handle = iso_pi(parent)->sync_handle;
1655                         iso_pi(sk)->qos = iso_pi(parent)->qos;
1656                         iso_pi(sk)->bc_num_bis = iso_pi(parent)->bc_num_bis;
1657                         memcpy(iso_pi(sk)->bc_bis, iso_pi(parent)->bc_bis, ISO_MAX_NUM_BIS);
1658                 }
1659
1660                 bacpy(&iso_pi(sk)->dst, &hcon->dst);
1661                 iso_pi(sk)->dst_type = hcon->dst_type;
1662                 iso_pi(sk)->sync_handle = iso_pi(parent)->sync_handle;
1663                 memcpy(iso_pi(sk)->base, iso_pi(parent)->base, iso_pi(parent)->base_len);
1664                 iso_pi(sk)->base_len = iso_pi(parent)->base_len;
1665
1666                 hci_conn_hold(hcon);
1667                 iso_chan_add(conn, sk, parent);
1668
1669                 if ((ev && ((struct hci_evt_le_big_sync_estabilished *)ev)->status) ||
1670                     (ev2 && ev2->status)) {
1671                         /* Trigger error signal on child socket */
1672                         sk->sk_err = ECONNREFUSED;
1673                         sk->sk_error_report(sk);
1674                 }
1675
1676                 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1677                         sk->sk_state = BT_CONNECT2;
1678                 else
1679                         sk->sk_state = BT_CONNECTED;
1680
1681                 /* Wake up parent */
1682                 parent->sk_data_ready(parent);
1683
1684                 release_sock(parent);
1685         }
1686 }
1687
1688 static bool iso_match_sid(struct sock *sk, void *data)
1689 {
1690         struct hci_ev_le_pa_sync_established *ev = data;
1691
1692         return ev->sid == iso_pi(sk)->bc_sid;
1693 }
1694
1695 static bool iso_match_sync_handle(struct sock *sk, void *data)
1696 {
1697         struct hci_evt_le_big_info_adv_report *ev = data;
1698
1699         return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
1700 }
1701
1702 static bool iso_match_sync_handle_pa_report(struct sock *sk, void *data)
1703 {
1704         struct hci_ev_le_per_adv_report *ev = data;
1705
1706         return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
1707 }
1708
1709 /* ----- ISO interface with lower layer (HCI) ----- */
1710
1711 int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1712 {
1713         struct hci_ev_le_pa_sync_established *ev1;
1714         struct hci_evt_le_big_info_adv_report *ev2;
1715         struct hci_ev_le_per_adv_report *ev3;
1716         struct sock *sk;
1717         int lm = 0;
1718
1719         bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
1720
1721         /* Broadcast receiver requires handling of some events before it can
1722          * proceed to establishing a BIG sync:
1723          *
1724          * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific
1725          * SID to listen to and once sync is estabilished its handle needs to
1726          * be stored in iso_pi(sk)->sync_handle so it can be matched once
1727          * receiving the BIG Info.
1728          * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a
1729          * a BIG Info it attempts to check if there any listening socket with
1730          * the same sync_handle and if it does then attempt to create a sync.
1731          * 3. HCI_EV_LE_PER_ADV_REPORT: When a PA report is received, it is stored
1732          * in iso_pi(sk)->base so it can be passed up to user, in the case of a
1733          * broadcast sink.
1734          */
1735         ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED);
1736         if (ev1) {
1737                 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, iso_match_sid,
1738                                          ev1);
1739                 if (sk && !ev1->status)
1740                         iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle);
1741
1742                 goto done;
1743         }
1744
1745         ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT);
1746         if (ev2) {
1747                 /* Try to get PA sync listening socket, if it exists */
1748                 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr,
1749                                                 iso_match_pa_sync_flag, NULL);
1750                 if (!sk)
1751                         sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr,
1752                                                  iso_match_sync_handle, ev2);
1753                 if (sk) {
1754                         int err;
1755
1756                         if (ev2->num_bis < iso_pi(sk)->bc_num_bis)
1757                                 iso_pi(sk)->bc_num_bis = ev2->num_bis;
1758
1759                         if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) &&
1760                             !test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
1761                                 err = hci_le_big_create_sync(hdev, NULL,
1762                                                              &iso_pi(sk)->qos,
1763                                                              iso_pi(sk)->sync_handle,
1764                                                              iso_pi(sk)->bc_num_bis,
1765                                                              iso_pi(sk)->bc_bis);
1766                                 if (err) {
1767                                         bt_dev_err(hdev, "hci_le_big_create_sync: %d",
1768                                                    err);
1769                                         sk = NULL;
1770                                 }
1771                         }
1772                 }
1773         }
1774
1775         ev3 = hci_recv_event_data(hdev, HCI_EV_LE_PER_ADV_REPORT);
1776         if (ev3) {
1777                 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr,
1778                                          iso_match_sync_handle_pa_report, ev3);
1779
1780                 if (sk) {
1781                         memcpy(iso_pi(sk)->base, ev3->data, ev3->length);
1782                         iso_pi(sk)->base_len = ev3->length;
1783                 }
1784         } else {
1785                 sk = iso_get_sock_listen(&hdev->bdaddr, BDADDR_ANY, NULL, NULL);
1786         }
1787
1788 done:
1789         if (!sk)
1790                 return lm;
1791
1792         lm |= HCI_LM_ACCEPT;
1793
1794         if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1795                 *flags |= HCI_PROTO_DEFER;
1796
1797         return lm;
1798 }
1799
1800 static void iso_connect_cfm(struct hci_conn *hcon, __u8 status)
1801 {
1802         if (hcon->type != ISO_LINK) {
1803                 if (hcon->type != LE_LINK)
1804                         return;
1805
1806                 /* Check if LE link has failed */
1807                 if (status) {
1808                         struct hci_link *link, *t;
1809
1810                         list_for_each_entry_safe(link, t, &hcon->link_list,
1811                                                  list)
1812                                 iso_conn_del(link->conn, bt_to_errno(status));
1813
1814                         return;
1815                 }
1816
1817                 /* Create CIS if pending */
1818                 hci_le_create_cis_pending(hcon->hdev);
1819                 return;
1820         }
1821
1822         BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1823
1824         /* Similar to the success case, if HCI_CONN_BIG_SYNC_FAILED or
1825          * HCI_CONN_PA_SYNC_FAILED is set, queue the failed connection
1826          * into the accept queue of the listening socket and wake up
1827          * userspace, to inform the user about the event.
1828          */
1829         if (!status || test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags) ||
1830             test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) {
1831                 struct iso_conn *conn;
1832
1833                 conn = iso_conn_add(hcon);
1834                 if (conn)
1835                         iso_conn_ready(conn);
1836         } else {
1837                 iso_conn_del(hcon, bt_to_errno(status));
1838         }
1839 }
1840
1841 static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1842 {
1843         if (hcon->type != ISO_LINK)
1844                 return;
1845
1846         BT_DBG("hcon %p reason %d", hcon, reason);
1847
1848         iso_conn_del(hcon, bt_to_errno(reason));
1849 }
1850
1851 void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
1852 {
1853         struct iso_conn *conn = hcon->iso_data;
1854         __u16 pb, ts, len;
1855
1856         if (!conn)
1857                 goto drop;
1858
1859         pb     = hci_iso_flags_pb(flags);
1860         ts     = hci_iso_flags_ts(flags);
1861
1862         BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts);
1863
1864         switch (pb) {
1865         case ISO_START:
1866         case ISO_SINGLE:
1867                 if (conn->rx_len) {
1868                         BT_ERR("Unexpected start frame (len %d)", skb->len);
1869                         kfree_skb(conn->rx_skb);
1870                         conn->rx_skb = NULL;
1871                         conn->rx_len = 0;
1872                 }
1873
1874                 if (ts) {
1875                         struct hci_iso_ts_data_hdr *hdr;
1876
1877                         /* TODO: add timestamp to the packet? */
1878                         hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE);
1879                         if (!hdr) {
1880                                 BT_ERR("Frame is too short (len %d)", skb->len);
1881                                 goto drop;
1882                         }
1883
1884                         len = __le16_to_cpu(hdr->slen);
1885                 } else {
1886                         struct hci_iso_data_hdr *hdr;
1887
1888                         hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE);
1889                         if (!hdr) {
1890                                 BT_ERR("Frame is too short (len %d)", skb->len);
1891                                 goto drop;
1892                         }
1893
1894                         len = __le16_to_cpu(hdr->slen);
1895                 }
1896
1897                 flags  = hci_iso_data_flags(len);
1898                 len    = hci_iso_data_len(len);
1899
1900                 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len,
1901                        skb->len, flags);
1902
1903                 if (len == skb->len) {
1904                         /* Complete frame received */
1905                         hci_skb_pkt_status(skb) = flags & 0x03;
1906                         iso_recv_frame(conn, skb);
1907                         return;
1908                 }
1909
1910                 if (pb == ISO_SINGLE) {
1911                         BT_ERR("Frame malformed (len %d, expected len %d)",
1912                                skb->len, len);
1913                         goto drop;
1914                 }
1915
1916                 if (skb->len > len) {
1917                         BT_ERR("Frame is too long (len %d, expected len %d)",
1918                                skb->len, len);
1919                         goto drop;
1920                 }
1921
1922                 /* Allocate skb for the complete frame (with header) */
1923                 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL);
1924                 if (!conn->rx_skb)
1925                         goto drop;
1926
1927                 hci_skb_pkt_status(conn->rx_skb) = flags & 0x03;
1928                 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
1929                                           skb->len);
1930                 conn->rx_len = len - skb->len;
1931                 break;
1932
1933         case ISO_CONT:
1934                 BT_DBG("Cont: frag len %d (expecting %d)", skb->len,
1935                        conn->rx_len);
1936
1937                 if (!conn->rx_len) {
1938                         BT_ERR("Unexpected continuation frame (len %d)",
1939                                skb->len);
1940                         goto drop;
1941                 }
1942
1943                 if (skb->len > conn->rx_len) {
1944                         BT_ERR("Fragment is too long (len %d, expected %d)",
1945                                skb->len, conn->rx_len);
1946                         kfree_skb(conn->rx_skb);
1947                         conn->rx_skb = NULL;
1948                         conn->rx_len = 0;
1949                         goto drop;
1950                 }
1951
1952                 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
1953                                           skb->len);
1954                 conn->rx_len -= skb->len;
1955                 return;
1956
1957         case ISO_END:
1958                 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
1959                                           skb->len);
1960                 conn->rx_len -= skb->len;
1961
1962                 if (!conn->rx_len) {
1963                         struct sk_buff *rx_skb = conn->rx_skb;
1964
1965                         /* Complete frame received. iso_recv_frame
1966                          * takes ownership of the skb so set the global
1967                          * rx_skb pointer to NULL first.
1968                          */
1969                         conn->rx_skb = NULL;
1970                         iso_recv_frame(conn, rx_skb);
1971                 }
1972                 break;
1973         }
1974
1975 drop:
1976         kfree_skb(skb);
1977 }
1978
1979 static struct hci_cb iso_cb = {
1980         .name           = "ISO",
1981         .connect_cfm    = iso_connect_cfm,
1982         .disconn_cfm    = iso_disconn_cfm,
1983 };
1984
1985 static int iso_debugfs_show(struct seq_file *f, void *p)
1986 {
1987         struct sock *sk;
1988
1989         read_lock(&iso_sk_list.lock);
1990
1991         sk_for_each(sk, &iso_sk_list.head) {
1992                 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src,
1993                            &iso_pi(sk)->dst, sk->sk_state);
1994         }
1995
1996         read_unlock(&iso_sk_list.lock);
1997
1998         return 0;
1999 }
2000
2001 DEFINE_SHOW_ATTRIBUTE(iso_debugfs);
2002
2003 static struct dentry *iso_debugfs;
2004
2005 static const struct proto_ops iso_sock_ops = {
2006         .family         = PF_BLUETOOTH,
2007         .owner          = THIS_MODULE,
2008         .release        = iso_sock_release,
2009         .bind           = iso_sock_bind,
2010         .connect        = iso_sock_connect,
2011         .listen         = iso_sock_listen,
2012         .accept         = iso_sock_accept,
2013         .getname        = iso_sock_getname,
2014         .sendmsg        = iso_sock_sendmsg,
2015         .recvmsg        = iso_sock_recvmsg,
2016         .poll           = bt_sock_poll,
2017         .ioctl          = bt_sock_ioctl,
2018         .mmap           = sock_no_mmap,
2019         .socketpair     = sock_no_socketpair,
2020         .shutdown       = iso_sock_shutdown,
2021         .setsockopt     = iso_sock_setsockopt,
2022         .getsockopt     = iso_sock_getsockopt
2023 };
2024
2025 static const struct net_proto_family iso_sock_family_ops = {
2026         .family = PF_BLUETOOTH,
2027         .owner  = THIS_MODULE,
2028         .create = iso_sock_create,
2029 };
2030
2031 static bool iso_inited;
2032
2033 bool iso_enabled(void)
2034 {
2035         return iso_inited;
2036 }
2037
2038 int iso_init(void)
2039 {
2040         int err;
2041
2042         BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr));
2043
2044         if (iso_inited)
2045                 return -EALREADY;
2046
2047         err = proto_register(&iso_proto, 0);
2048         if (err < 0)
2049                 return err;
2050
2051         err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops);
2052         if (err < 0) {
2053                 BT_ERR("ISO socket registration failed");
2054                 goto error;
2055         }
2056
2057         err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL);
2058         if (err < 0) {
2059                 BT_ERR("Failed to create ISO proc file");
2060                 bt_sock_unregister(BTPROTO_ISO);
2061                 goto error;
2062         }
2063
2064         BT_INFO("ISO socket layer initialized");
2065
2066         hci_register_cb(&iso_cb);
2067
2068         if (IS_ERR_OR_NULL(bt_debugfs))
2069                 return 0;
2070
2071         if (!iso_debugfs) {
2072                 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs,
2073                                                   NULL, &iso_debugfs_fops);
2074         }
2075
2076         iso_inited = true;
2077
2078         return 0;
2079
2080 error:
2081         proto_unregister(&iso_proto);
2082         return err;
2083 }
2084
2085 int iso_exit(void)
2086 {
2087         if (!iso_inited)
2088                 return -EALREADY;
2089
2090         bt_procfs_cleanup(&init_net, "iso");
2091
2092         debugfs_remove(iso_debugfs);
2093         iso_debugfs = NULL;
2094
2095         hci_unregister_cb(&iso_cb);
2096
2097         bt_sock_unregister(BTPROTO_ISO);
2098
2099         proto_unregister(&iso_proto);
2100
2101         iso_inited = false;
2102
2103         return 0;
2104 }