2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth SCO sockets. */
27 #include <linux/module.h>
28 #include <linux/debugfs.h>
29 #include <linux/seq_file.h>
30 #include <linux/sched/signal.h>
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/sco.h>
37 #include <net/bluetooth/mgmt.h>
38 #include <net/bluetooth/mgmt_tizen.h>
41 static bool disable_esco;
43 static const struct proto_ops sco_sock_ops;
45 static struct bt_sock_list sco_sk_list = {
46 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
49 /* ---- SCO connections ---- */
51 struct hci_conn *hcon;
56 struct delayed_work timeout_work;
61 #define sco_conn_lock(c) spin_lock(&c->lock)
62 #define sco_conn_unlock(c) spin_unlock(&c->lock)
64 static void sco_sock_close(struct sock *sk);
65 static void sco_sock_kill(struct sock *sk);
67 /* ----- SCO socket info ----- */
68 #define sco_pi(sk) ((struct sco_pinfo *) sk)
76 struct bt_codec codec;
77 struct sco_conn *conn;
80 /* ---- SCO timers ---- */
81 #define SCO_CONN_TIMEOUT (HZ * 40)
82 #define SCO_DISCONN_TIMEOUT (HZ * 2)
84 static void sco_sock_timeout(struct work_struct *work)
86 struct sco_conn *conn = container_of(work, struct sco_conn,
94 sco_conn_unlock(conn);
99 BT_DBG("sock %p state %d", sk, sk->sk_state);
102 sk->sk_err = ETIMEDOUT;
103 sk->sk_state_change(sk);
108 static void sco_sock_set_timer(struct sock *sk, long timeout)
110 if (!sco_pi(sk)->conn)
113 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
114 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
115 schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout);
118 static void sco_sock_clear_timer(struct sock *sk)
120 if (!sco_pi(sk)->conn)
123 BT_DBG("sock %p state %d", sk, sk->sk_state);
124 cancel_delayed_work(&sco_pi(sk)->conn->timeout_work);
127 /* ---- SCO connections ---- */
128 static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
130 struct hci_dev *hdev = hcon->hdev;
131 struct sco_conn *conn = hcon->sco_data;
139 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
143 spin_lock_init(&conn->lock);
144 INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);
146 hcon->sco_data = conn;
149 if (hdev->sco_mtu > 0)
150 conn->mtu = hdev->sco_mtu;
154 BT_DBG("hcon %p conn %p", hcon, conn);
160 * Must be called on the locked socket. */
161 static void sco_chan_del(struct sock *sk, int err)
163 struct sco_conn *conn;
165 conn = sco_pi(sk)->conn;
167 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
172 sco_pi(sk)->conn = NULL;
173 sco_conn_unlock(conn);
176 hci_conn_drop(conn->hcon);
179 sk->sk_state = BT_CLOSED;
181 sk->sk_state_change(sk);
183 sock_set_flag(sk, SOCK_ZAPPED);
186 static void sco_conn_del(struct hci_conn *hcon, int err)
188 struct sco_conn *conn = hcon->sco_data;
194 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
201 sco_conn_unlock(conn);
205 sco_sock_clear_timer(sk);
206 sco_chan_del(sk, err);
211 /* Ensure no more work items will run before freeing conn. */
212 cancel_delayed_work_sync(&conn->timeout_work);
214 hcon->sco_data = NULL;
218 static void __sco_chan_add(struct sco_conn *conn, struct sock *sk,
221 BT_DBG("conn %p", conn);
223 sco_pi(sk)->conn = conn;
227 bt_accept_enqueue(parent, sk, true);
230 static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
239 __sco_chan_add(conn, sk, parent);
241 sco_conn_unlock(conn);
245 static int sco_connect(struct sock *sk)
247 struct sco_conn *conn;
248 struct hci_conn *hcon;
249 struct hci_dev *hdev;
252 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
254 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
256 return -EHOSTUNREACH;
260 if (lmp_esco_capable(hdev) && !disable_esco)
265 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
266 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
271 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
272 sco_pi(sk)->setting, &sco_pi(sk)->codec);
278 conn = sco_conn_add(hcon);
287 err = sco_chan_add(conn, sk, NULL);
293 /* Update source addr of the socket */
294 bacpy(&sco_pi(sk)->src, &hcon->src);
296 if (hcon->state == BT_CONNECTED) {
297 sco_sock_clear_timer(sk);
298 sk->sk_state = BT_CONNECTED;
300 sk->sk_state = BT_CONNECT;
301 sco_sock_set_timer(sk, sk->sk_sndtimeo);
307 hci_dev_unlock(hdev);
312 static int sco_send_frame(struct sock *sk, struct sk_buff *skb)
314 struct sco_conn *conn = sco_pi(sk)->conn;
317 /* Check outgoing MTU */
321 BT_DBG("sk %p len %d", sk, len);
323 hci_send_sco(conn->hcon, skb);
328 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
334 sco_conn_unlock(conn);
339 BT_DBG("sk %p len %u", sk, skb->len);
341 if (sk->sk_state != BT_CONNECTED)
344 if (!sock_queue_rcv_skb(sk, skb))
351 /* -------- Socket interface ---------- */
352 static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
356 sk_for_each(sk, &sco_sk_list.head) {
357 if (sk->sk_state != BT_LISTEN)
360 if (!bacmp(&sco_pi(sk)->src, ba))
367 /* Find socket listening on source bdaddr.
368 * Returns closest match.
370 static struct sock *sco_get_sock_listen(bdaddr_t *src)
372 struct sock *sk = NULL, *sk1 = NULL;
374 read_lock(&sco_sk_list.lock);
376 sk_for_each(sk, &sco_sk_list.head) {
377 if (sk->sk_state != BT_LISTEN)
381 if (!bacmp(&sco_pi(sk)->src, src))
385 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
389 read_unlock(&sco_sk_list.lock);
391 return sk ? sk : sk1;
394 static void sco_sock_destruct(struct sock *sk)
398 skb_queue_purge(&sk->sk_receive_queue);
399 skb_queue_purge(&sk->sk_write_queue);
402 static void sco_sock_cleanup_listen(struct sock *parent)
406 BT_DBG("parent %p", parent);
408 /* Close not yet accepted channels */
409 while ((sk = bt_accept_dequeue(parent, NULL))) {
414 parent->sk_state = BT_CLOSED;
415 sock_set_flag(parent, SOCK_ZAPPED);
418 /* Kill socket (only if zapped and orphan)
419 * Must be called on unlocked socket.
421 static void sco_sock_kill(struct sock *sk)
423 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
426 BT_DBG("sk %p state %d", sk, sk->sk_state);
428 /* Kill poor orphan */
429 bt_sock_unlink(&sco_sk_list, sk);
430 sock_set_flag(sk, SOCK_DEAD);
434 static void __sco_sock_close(struct sock *sk)
436 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
438 switch (sk->sk_state) {
440 sco_sock_cleanup_listen(sk);
445 if (sco_pi(sk)->conn->hcon) {
446 sk->sk_state = BT_DISCONN;
447 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
448 sco_conn_lock(sco_pi(sk)->conn);
449 hci_conn_drop(sco_pi(sk)->conn->hcon);
450 sco_pi(sk)->conn->hcon = NULL;
451 sco_conn_unlock(sco_pi(sk)->conn);
453 sco_chan_del(sk, ECONNRESET);
459 sco_chan_del(sk, ECONNRESET);
463 sock_set_flag(sk, SOCK_ZAPPED);
469 /* Must be called on unlocked socket. */
470 static void sco_sock_close(struct sock *sk)
473 sco_sock_clear_timer(sk);
474 __sco_sock_close(sk);
478 static void sco_sock_init(struct sock *sk, struct sock *parent)
483 sk->sk_type = parent->sk_type;
484 bt_sk(sk)->flags = bt_sk(parent)->flags;
485 security_sk_clone(parent, sk);
489 static struct proto sco_proto = {
491 .owner = THIS_MODULE,
492 .obj_size = sizeof(struct sco_pinfo)
495 static struct sock *sco_sock_alloc(struct net *net, struct socket *sock,
496 int proto, gfp_t prio, int kern)
500 sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern);
504 sk->sk_destruct = sco_sock_destruct;
505 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
507 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
508 sco_pi(sk)->codec.id = BT_CODEC_CVSD;
509 sco_pi(sk)->codec.cid = 0xffff;
510 sco_pi(sk)->codec.vid = 0xffff;
511 sco_pi(sk)->codec.data_path = 0x00;
513 bt_sock_link(&sco_sk_list, sk);
517 static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
522 BT_DBG("sock %p", sock);
524 sock->state = SS_UNCONNECTED;
526 if (sock->type != SOCK_SEQPACKET)
527 return -ESOCKTNOSUPPORT;
529 sock->ops = &sco_sock_ops;
531 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
535 sco_sock_init(sk, NULL);
539 static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
542 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
543 struct sock *sk = sock->sk;
546 if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
547 addr->sa_family != AF_BLUETOOTH)
550 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
554 if (sk->sk_state != BT_OPEN) {
559 if (sk->sk_type != SOCK_SEQPACKET) {
564 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
566 sk->sk_state = BT_BOUND;
573 static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
575 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
576 struct sock *sk = sock->sk;
581 if (alen < sizeof(struct sockaddr_sco) ||
582 addr->sa_family != AF_BLUETOOTH)
585 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
588 if (sk->sk_type != SOCK_SEQPACKET)
592 /* Set destination address and psm */
593 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
596 err = sco_connect(sk);
602 err = bt_sock_wait_state(sk, BT_CONNECTED,
603 sock_sndtimeo(sk, flags & O_NONBLOCK));
609 static int sco_sock_listen(struct socket *sock, int backlog)
611 struct sock *sk = sock->sk;
612 bdaddr_t *src = &sco_pi(sk)->src;
615 BT_DBG("sk %p backlog %d", sk, backlog);
619 if (sk->sk_state != BT_BOUND) {
624 if (sk->sk_type != SOCK_SEQPACKET) {
629 write_lock(&sco_sk_list.lock);
631 if (__sco_get_sock_listen_by_addr(src)) {
636 sk->sk_max_ack_backlog = backlog;
637 sk->sk_ack_backlog = 0;
639 sk->sk_state = BT_LISTEN;
642 write_unlock(&sco_sk_list.lock);
649 static int sco_sock_accept(struct socket *sock, struct socket *newsock,
650 int flags, bool kern)
652 DEFINE_WAIT_FUNC(wait, woken_wake_function);
653 struct sock *sk = sock->sk, *ch;
659 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
661 BT_DBG("sk %p timeo %ld", sk, timeo);
663 /* Wait for an incoming connection. (wake-one). */
664 add_wait_queue_exclusive(sk_sleep(sk), &wait);
666 if (sk->sk_state != BT_LISTEN) {
671 ch = bt_accept_dequeue(sk, newsock);
680 if (signal_pending(current)) {
681 err = sock_intr_errno(timeo);
687 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
690 remove_wait_queue(sk_sleep(sk), &wait);
695 newsock->state = SS_CONNECTED;
697 BT_DBG("new socket %p", ch);
704 static int sco_sock_getname(struct socket *sock, struct sockaddr *addr,
707 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
708 struct sock *sk = sock->sk;
710 BT_DBG("sock %p, sk %p", sock, sk);
712 addr->sa_family = AF_BLUETOOTH;
715 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
717 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
719 return sizeof(struct sockaddr_sco);
722 static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
725 struct sock *sk = sock->sk;
729 BT_DBG("sock %p, sk %p", sock, sk);
731 err = sock_error(sk);
735 if (msg->msg_flags & MSG_OOB)
738 skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0);
744 if (sk->sk_state == BT_CONNECTED)
745 err = sco_send_frame(sk, skb);
756 static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
758 struct hci_dev *hdev = conn->hdev;
760 BT_DBG("conn %p", conn);
762 conn->state = BT_CONFIG;
764 if (!lmp_esco_capable(hdev)) {
765 struct hci_cp_accept_conn_req cp;
767 bacpy(&cp.bdaddr, &conn->dst);
768 cp.role = 0x00; /* Ignored */
770 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
772 struct hci_cp_accept_sync_conn_req cp;
774 bacpy(&cp.bdaddr, &conn->dst);
775 cp.pkt_type = cpu_to_le16(conn->pkt_type);
777 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
778 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
779 cp.content_format = cpu_to_le16(setting);
781 switch (setting & SCO_AIRMODE_MASK) {
782 case SCO_AIRMODE_TRANSP:
783 if (conn->pkt_type & ESCO_2EV3)
784 cp.max_latency = cpu_to_le16(0x0008);
786 cp.max_latency = cpu_to_le16(0x000D);
787 cp.retrans_effort = 0x02;
789 case SCO_AIRMODE_CVSD:
790 cp.max_latency = cpu_to_le16(0xffff);
791 cp.retrans_effort = 0xff;
794 /* use CVSD settings as fallback */
795 cp.max_latency = cpu_to_le16(0xffff);
796 cp.retrans_effort = 0xff;
800 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
805 static int sco_sock_recvmsg(struct socket *sock, struct msghdr *msg,
806 size_t len, int flags)
808 struct sock *sk = sock->sk;
809 struct sco_pinfo *pi = sco_pi(sk);
813 if (sk->sk_state == BT_CONNECT2 &&
814 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
815 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
816 sk->sk_state = BT_CONFIG;
824 return bt_sock_recvmsg(sock, msg, len, flags);
827 static int sco_sock_setsockopt(struct socket *sock, int level, int optname,
828 sockptr_t optval, unsigned int optlen)
830 struct sock *sk = sock->sk;
832 struct bt_voice voice;
834 struct bt_codecs *codecs;
835 struct hci_dev *hdev;
845 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
850 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
856 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
858 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
862 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
863 sk->sk_state != BT_CONNECT2) {
868 voice.setting = sco_pi(sk)->setting;
870 len = min_t(unsigned int, sizeof(voice), optlen);
871 if (copy_from_sockptr(&voice, optval, len)) {
876 /* Explicitly check for these values */
878 /* Codec defer accept */
879 if (voice.setting != (BT_VOICE_TRANSPARENT |
880 BT_VOICE_CVSD_16BIT) &&
881 voice.setting != BT_VOICE_CVSD_16BIT) {
883 if (voice.setting != BT_VOICE_TRANSPARENT &&
884 voice.setting != BT_VOICE_CVSD_16BIT) {
890 sco_pi(sk)->setting = voice.setting;
891 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
897 if (enhanced_sync_conn_capable(hdev) &&
898 voice.setting == BT_VOICE_TRANSPARENT)
899 sco_pi(sk)->codec.id = BT_CODEC_TRANSPARENT;
904 if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
910 set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
912 clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
916 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
917 sk->sk_state != BT_CONNECT2) {
922 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src,
929 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
935 if (!hdev->get_data_path_id) {
941 if (optlen < sizeof(struct bt_codecs) ||
942 optlen > sizeof(buffer)) {
948 if (copy_from_sockptr(buffer, optval, optlen)) {
954 codecs = (void *)buffer;
956 if (codecs->num_codecs > 1) {
962 sco_pi(sk)->codec = codecs->codecs[0];
975 static int sco_sock_getsockopt_old(struct socket *sock, int optname,
976 char __user *optval, int __user *optlen)
978 struct sock *sk = sock->sk;
979 struct sco_options opts;
980 struct sco_conninfo cinfo;
985 if (get_user(len, optlen))
992 if (sk->sk_state != BT_CONNECTED &&
993 !(sk->sk_state == BT_CONNECT2 &&
994 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
999 opts.mtu = sco_pi(sk)->conn->mtu;
1001 BT_DBG("mtu %u", opts.mtu);
1003 len = min_t(unsigned int, len, sizeof(opts));
1004 if (copy_to_user(optval, (char *)&opts, len))
1010 if (sk->sk_state != BT_CONNECTED &&
1011 !(sk->sk_state == BT_CONNECT2 &&
1012 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
1017 memset(&cinfo, 0, sizeof(cinfo));
1018 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
1019 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
1021 len = min_t(unsigned int, len, sizeof(cinfo));
1022 if (copy_to_user(optval, (char *)&cinfo, len))
1036 static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
1037 char __user *optval, int __user *optlen)
1039 struct sock *sk = sock->sk;
1041 struct bt_voice voice;
1044 struct codec_list *c;
1045 u8 num_codecs, i, __user *ptr;
1046 struct hci_dev *hdev;
1047 struct hci_codec_caps *caps;
1048 struct bt_codec codec;
1050 BT_DBG("sk %p", sk);
1052 if (level == SOL_SCO)
1053 return sco_sock_getsockopt_old(sock, optname, optval, optlen);
1055 if (get_user(len, optlen))
1062 case BT_DEFER_SETUP:
1063 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1068 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1069 (u32 __user *)optval))
1075 voice.setting = sco_pi(sk)->setting;
1077 len = min_t(unsigned int, len, sizeof(voice));
1078 if (copy_to_user(optval, (char *)&voice, len))
1084 if (sk->sk_state != BT_CONNECTED) {
1089 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon);
1091 if (put_user(phys, (u32 __user *) optval))
1096 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1097 (int __user *)optval))
1103 if (sk->sk_state != BT_CONNECTED) {
1108 if (put_user(sco_pi(sk)->conn->mtu, (u32 __user *)optval))
1116 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR);
1122 if (!hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) {
1128 if (!hdev->get_data_path_id) {
1136 /* find total buffer size required to copy codec + caps */
1138 list_for_each_entry(c, &hdev->local_codecs, list) {
1139 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1142 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1143 buf_len += 1 + caps->len;
1144 caps = (void *)&caps->data[caps->len];
1146 buf_len += sizeof(struct bt_codec);
1148 hci_dev_unlock(hdev);
1150 buf_len += sizeof(struct bt_codecs);
1151 if (buf_len > len) {
1157 if (put_user(num_codecs, ptr)) {
1161 ptr += sizeof(num_codecs);
1163 /* Iterate all the codecs supported over SCO and populate
1167 list_for_each_entry(c, &hdev->local_codecs, list) {
1168 if (c->transport != HCI_TRANSPORT_SCO_ESCO)
1174 err = hdev->get_data_path_id(hdev, &codec.data_path);
1177 codec.num_caps = c->num_caps;
1178 if (copy_to_user(ptr, &codec, sizeof(codec))) {
1182 ptr += sizeof(codec);
1184 /* find codec capabilities data length */
1186 for (i = 0, caps = c->caps; i < c->num_caps; i++) {
1187 len += 1 + caps->len;
1188 caps = (void *)&caps->data[caps->len];
1191 /* copy codec capabilities data */
1192 if (len && copy_to_user(ptr, c->caps, len)) {
1199 hci_dev_unlock(hdev);
1204 if (!err && put_user(buf_len, optlen))
1218 static int sco_sock_shutdown(struct socket *sock, int how)
1220 struct sock *sk = sock->sk;
1223 BT_DBG("sock %p, sk %p", sock, sk);
1231 if (!sk->sk_shutdown) {
1232 sk->sk_shutdown = SHUTDOWN_MASK;
1233 sco_sock_clear_timer(sk);
1234 __sco_sock_close(sk);
1236 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1237 !(current->flags & PF_EXITING))
1238 err = bt_sock_wait_state(sk, BT_CLOSED,
1248 static int sco_sock_release(struct socket *sock)
1250 struct sock *sk = sock->sk;
1253 BT_DBG("sock %p, sk %p", sock, sk);
1260 if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
1261 !(current->flags & PF_EXITING)) {
1263 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1268 /* SCO kernel panic fix */
1269 bt_sock_unlink(&sco_sk_list, sk);
1276 static void sco_conn_ready(struct sco_conn *conn)
1278 struct sock *parent;
1279 struct sock *sk = conn->sk;
1281 BT_DBG("conn %p", conn);
1285 sco_sock_clear_timer(sk);
1286 sk->sk_state = BT_CONNECTED;
1287 sk->sk_state_change(sk);
1290 sco_conn_lock(conn);
1293 sco_conn_unlock(conn);
1298 /* Multiple SCO accept feature */
1299 parent = sco_get_sock_listen(&conn->hcon->dst);
1301 parent = sco_get_sock_listen(&conn->hcon->src);
1304 sco_conn_unlock(conn);
1310 sk = sco_sock_alloc(sock_net(parent), NULL,
1311 BTPROTO_SCO, GFP_ATOMIC, 0);
1313 release_sock(parent);
1314 sco_conn_unlock(conn);
1318 sco_sock_init(sk, parent);
1320 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1321 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1323 hci_conn_hold(conn->hcon);
1324 __sco_chan_add(conn, sk, parent);
1326 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1327 sk->sk_state = BT_CONNECT2;
1329 sk->sk_state = BT_CONNECTED;
1331 /* Wake up parent */
1332 parent->sk_data_ready(parent);
1334 release_sock(parent);
1336 sco_conn_unlock(conn);
1341 /* WBC/NBC feature */
1342 void sco_connect_set_gw_nbc(struct hci_dev *hdev)
1344 struct hci_cp_write_voice_setting cp1;
1345 struct hci_cp_bcm_wbs_req cp2;
1346 struct hci_cp_i2c_pcm_req cp3;
1347 struct hci_cp_sco_pcm_req cp4;
1349 BT_DBG("Setting the NBC params, hdev = %p", hdev);
1351 cp1.voice_setting = cpu_to_le16(0x0060);
1352 hci_send_cmd(hdev, HCI_OP_WRITE_VOICE_SETTING, sizeof(cp1), &cp1);
1353 hdev->voice_setting = cpu_to_le16(0x0060);
1355 cp2.role = 0x00; /* WbDisable */
1356 cp2.pkt_type = cpu_to_le16(0x0002);
1357 hci_send_cmd(hdev, HCI_BCM_ENABLE_WBS_REQ, sizeof(cp2), &cp2);
1359 cp3.i2c_enable = 0x01;
1360 cp3.is_master = 0x00;
1361 cp3.pcm_rate = 0x00;
1362 cp3.clock_rate = 0x01;
1363 hci_send_cmd(hdev, HCI_BCM_I2C_PCM_REQ, sizeof(cp3), &cp3);
1365 cp4.sco_routing = 0x00;
1366 cp4.pcm_rate = 0x01;
1367 cp4.frame_type = 0x00;
1368 cp4.sync_mode = 0x00;
1369 cp4.clock_mode = 0x00;
1370 hci_send_cmd(hdev, HCI_BCM_SCO_PCM_REQ, sizeof(cp4), &cp4);
1373 void sco_connect_set_gw_wbc(struct hci_dev *hdev)
1375 struct hci_cp_write_voice_setting cp1;
1376 struct hci_cp_bcm_wbs_req cp2;
1377 struct hci_cp_i2c_pcm_req cp3;
1378 struct hci_cp_sco_pcm_req cp4;
1380 BT_DBG("Setting the WBC params, hdev = %p", hdev);
1381 cp1.voice_setting = cpu_to_le16(0x0003 | 0x0060);
1382 hci_send_cmd(hdev, HCI_OP_WRITE_VOICE_SETTING, sizeof(cp1), &cp1);
1383 hdev->voice_setting = cpu_to_le16(0x0003 | 0x0060);
1385 cp2.role = 0x01; /* Enable */
1386 cp2.pkt_type = cpu_to_le16(0x0002);
1387 hci_send_cmd(hdev, HCI_BCM_ENABLE_WBS_REQ, sizeof(cp2), &cp2);
1389 cp3.i2c_enable = 0x00;
1390 cp3.is_master = 0x00;
1391 cp3.pcm_rate = 0x01;
1392 cp3.clock_rate = 0x02;
1393 hci_send_cmd(hdev, HCI_BCM_I2C_PCM_REQ, sizeof(cp3), &cp3);
1395 cp4.sco_routing = 0x00;
1396 cp4.pcm_rate = 0x00;
1397 cp4.frame_type = 0x00;
1398 cp4.sync_mode = 0x00;
1399 cp4.clock_mode = 0x00;
1400 hci_send_cmd(hdev, HCI_BCM_SCO_PCM_REQ, sizeof(cp4), &cp4);
1403 void sco_connect_set_nbc(struct hci_dev *hdev)
1405 struct hci_cp_write_voice_setting cp1;
1406 struct hci_cp_bcm_wbs_req cp2;
1407 struct hci_cp_i2c_pcm_req cp3;
1408 struct hci_cp_sco_pcm_req cp4;
1410 BT_DBG("Setting the NBC params, hdev = %p", hdev);
1412 cp1.voice_setting = cpu_to_le16(0x0060);
1413 hci_send_cmd(hdev, HCI_OP_WRITE_VOICE_SETTING, sizeof(cp1), &cp1);
1414 hdev->voice_setting = cpu_to_le16(0x0060);
1416 cp2.role = 0x00; /* WbDisable */
1417 cp2.pkt_type = cpu_to_le16(0x0002);
1418 hci_send_cmd(hdev, HCI_BCM_ENABLE_WBS_REQ, sizeof(cp2), &cp2);
1420 cp3.i2c_enable = 0x00;
1421 cp3.is_master = 0x00;
1422 cp3.pcm_rate = 0x00;
1423 cp3.clock_rate = 0x04;
1424 hci_send_cmd(hdev, HCI_BCM_I2C_PCM_REQ, sizeof(cp3), &cp3);
1426 cp4.sco_routing = 0x00;
1427 cp4.pcm_rate = 0x04;
1428 cp4.frame_type = 0x00;
1429 cp4.sync_mode = 0x00;
1430 cp4.clock_mode = 0x00;
1431 hci_send_cmd(hdev, HCI_BCM_SCO_PCM_REQ, sizeof(cp4), &cp4);
1434 void sco_connect_set_wbc(struct hci_dev *hdev)
1436 struct hci_cp_write_voice_setting cp1;
1437 struct hci_cp_bcm_wbs_req cp2;
1438 struct hci_cp_i2c_pcm_req cp3;
1439 struct hci_cp_sco_pcm_req cp4;
1441 BT_DBG("Setting the WBC params, hdev = %p", hdev);
1442 cp1.voice_setting = cpu_to_le16(0x0003 | 0x0060);
1443 hci_send_cmd(hdev, HCI_OP_WRITE_VOICE_SETTING, sizeof(cp1), &cp1);
1444 hdev->voice_setting = cpu_to_le16(0x0003 | 0x0060);
1446 cp2.role = 0x01; /* Enable */
1447 cp2.pkt_type = cpu_to_le16(0x0002);
1448 hci_send_cmd(hdev, HCI_BCM_ENABLE_WBS_REQ, sizeof(cp2), &cp2);
1450 cp3.i2c_enable = 0x00;
1451 cp3.is_master = 0x00;
1452 cp3.pcm_rate = 0x01;
1453 cp3.clock_rate = 0x04;
1454 hci_send_cmd(hdev, HCI_BCM_I2C_PCM_REQ, sizeof(cp3), &cp3);
1456 cp4.sco_routing = 0x00;
1457 cp4.pcm_rate = 0x04;
1458 cp4.frame_type = 0x00;
1459 cp4.sync_mode = 0x00;
1460 cp4.clock_mode = 0x00;
1461 hci_send_cmd(hdev, HCI_BCM_SCO_PCM_REQ, sizeof(cp4), &cp4);
1465 /* ----- SCO interface with lower layer (HCI) ----- */
1466 int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1471 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
1473 /* Find listening sockets */
1474 read_lock(&sco_sk_list.lock);
1475 sk_for_each(sk, &sco_sk_list.head) {
1476 if (sk->sk_state != BT_LISTEN)
1480 /* Multiple SCO accept feature */
1481 if (!bacmp(&sco_pi(sk)->src, bdaddr) ||
1482 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1484 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1485 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1487 lm |= HCI_LM_ACCEPT;
1489 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
1490 *flags |= HCI_PROTO_DEFER;
1494 read_unlock(&sco_sk_list.lock);
1497 /* WBC/NBC feature */
1498 if ((lm & HCI_LM_ACCEPT) && !hci_conn_hash_lookup_sco(hdev)) {
1499 struct hci_conn *hcon_acl;
1501 hcon_acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1503 BT_ERR("ACL doesn't alive. Use 0x%X",
1504 hdev->voice_setting);
1506 if (hdev->voice_setting == 0x0063)
1507 sco_connect_set_wbc(hdev);
1509 sco_connect_set_nbc(hdev);
1510 } else if (hcon_acl->sco_role == MGMT_SCO_ROLE_HANDSFREE) {
1511 BT_DBG("Handsfree SCO 0x%X", hcon_acl->voice_setting);
1512 if (hcon_acl->voice_setting == 0x0063)
1513 sco_connect_set_wbc(hdev);
1515 sco_connect_set_nbc(hdev);
1517 BT_DBG("Gateway SCO 0x%X", hcon_acl->voice_setting);
1518 if (hcon_acl->voice_setting == 0x0063)
1519 sco_connect_set_gw_wbc(hdev);
1521 sco_connect_set_gw_nbc(hdev);
1529 static void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
1531 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1534 BT_DBG("hcon %p bdaddr %pMR status %u", hcon, &hcon->dst, status);
1537 struct sco_conn *conn;
1539 conn = sco_conn_add(hcon);
1541 sco_conn_ready(conn);
1543 sco_conn_del(hcon, bt_to_errno(status));
1546 static void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
1548 if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
1551 BT_DBG("hcon %p reason %d", hcon, reason);
1553 sco_conn_del(hcon, bt_to_errno(reason));
1556 void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1558 struct sco_conn *conn = hcon->sco_data;
1563 BT_DBG("conn %p len %u", conn, skb->len);
1566 sco_recv_frame(conn, skb);
1574 static struct hci_cb sco_cb = {
1576 .connect_cfm = sco_connect_cfm,
1577 .disconn_cfm = sco_disconn_cfm,
1580 static int sco_debugfs_show(struct seq_file *f, void *p)
1584 read_lock(&sco_sk_list.lock);
1586 sk_for_each(sk, &sco_sk_list.head) {
1587 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1588 &sco_pi(sk)->dst, sk->sk_state);
1591 read_unlock(&sco_sk_list.lock);
1596 DEFINE_SHOW_ATTRIBUTE(sco_debugfs);
1598 static struct dentry *sco_debugfs;
1600 static const struct proto_ops sco_sock_ops = {
1601 .family = PF_BLUETOOTH,
1602 .owner = THIS_MODULE,
1603 .release = sco_sock_release,
1604 .bind = sco_sock_bind,
1605 .connect = sco_sock_connect,
1606 .listen = sco_sock_listen,
1607 .accept = sco_sock_accept,
1608 .getname = sco_sock_getname,
1609 .sendmsg = sco_sock_sendmsg,
1610 .recvmsg = sco_sock_recvmsg,
1611 .poll = bt_sock_poll,
1612 .ioctl = bt_sock_ioctl,
1613 .gettstamp = sock_gettstamp,
1614 .mmap = sock_no_mmap,
1615 .socketpair = sock_no_socketpair,
1616 .shutdown = sco_sock_shutdown,
1617 .setsockopt = sco_sock_setsockopt,
1618 .getsockopt = sco_sock_getsockopt
1621 static const struct net_proto_family sco_sock_family_ops = {
1622 .family = PF_BLUETOOTH,
1623 .owner = THIS_MODULE,
1624 .create = sco_sock_create,
1627 int __init sco_init(void)
1631 BUILD_BUG_ON(sizeof(struct sockaddr_sco) > sizeof(struct sockaddr));
1633 err = proto_register(&sco_proto, 0);
1637 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1639 BT_ERR("SCO socket registration failed");
1643 err = bt_procfs_init(&init_net, "sco", &sco_sk_list, NULL);
1645 BT_ERR("Failed to create SCO proc file");
1646 bt_sock_unregister(BTPROTO_SCO);
1650 BT_INFO("SCO socket layer initialized");
1652 hci_register_cb(&sco_cb);
1654 if (IS_ERR_OR_NULL(bt_debugfs))
1657 sco_debugfs = debugfs_create_file("sco", 0444, bt_debugfs,
1658 NULL, &sco_debugfs_fops);
1663 proto_unregister(&sco_proto);
1669 bt_procfs_cleanup(&init_net, "sco");
1671 debugfs_remove(sco_debugfs);
1673 hci_unregister_cb(&sco_cb);
1675 bt_sock_unregister(BTPROTO_SCO);
1677 proto_unregister(&sco_proto);
1680 module_param(disable_esco, bool, 0644);
1681 MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");