projects / releases.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
GNU Linux-libre 6.9.2-gnu
[releases.git] / net / bluetooth / iso.c
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * BlueZ - Bluetooth protocol stack for Linux
4  *
5  * Copyright (C) 2022 Intel Corporation
6  * Copyright 2023-2024 NXP
7  */
8
9 #include <linux/module.h>
10 #include <linux/debugfs.h>
11 #include <linux/seq_file.h>
12 #include <linux/sched/signal.h>
13
14 #include <net/bluetooth/bluetooth.h>
15 #include <net/bluetooth/hci_core.h>
16 #include <net/bluetooth/iso.h>
17 #include "eir.h"
18
19 static const struct proto_ops iso_sock_ops;
20
21 static struct bt_sock_list iso_sk_list = {
22         .lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock)
23 };
24
25 /* ---- ISO connections ---- */
26 struct iso_conn {
27         struct hci_conn *hcon;
28
29         /* @lock: spinlock protecting changes to iso_conn fields */
30         spinlock_t      lock;
31         struct sock     *sk;
32
33         struct delayed_work     timeout_work;
34
35         struct sk_buff  *rx_skb;
36         __u32           rx_len;
37         __u16           tx_sn;
38 };
39
40 #define iso_conn_lock(c)        spin_lock(&(c)->lock)
41 #define iso_conn_unlock(c)      spin_unlock(&(c)->lock)
42
43 static void iso_sock_close(struct sock *sk);
44 static void iso_sock_kill(struct sock *sk);
45
46 /* ----- ISO socket info ----- */
47 #define iso_pi(sk) ((struct iso_pinfo *)sk)
48
49 #define EIR_SERVICE_DATA_LENGTH 4
50 #define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH)
51 #define EIR_BAA_SERVICE_UUID    0x1851
52
53 /* iso_pinfo flags values */
54 enum {
55         BT_SK_BIG_SYNC,
56         BT_SK_PA_SYNC,
57         BT_SK_PA_SYNC_TERM,
58 };
59
60 struct iso_pinfo {
61         struct bt_sock          bt;
62         bdaddr_t                src;
63         __u8                    src_type;
64         bdaddr_t                dst;
65         __u8                    dst_type;
66         __u8                    bc_sid;
67         __u8                    bc_num_bis;
68         __u8                    bc_bis[ISO_MAX_NUM_BIS];
69         __u16                   sync_handle;
70         unsigned long           flags;
71         struct bt_iso_qos       qos;
72         bool                    qos_user_set;
73         __u8                    base_len;
74         __u8                    base[BASE_MAX_LENGTH];
75         struct iso_conn         *conn;
76 };
77
78 static struct bt_iso_qos default_qos;
79
80 static bool check_ucast_qos(struct bt_iso_qos *qos);
81 static bool check_bcast_qos(struct bt_iso_qos *qos);
82 static bool iso_match_sid(struct sock *sk, void *data);
83 static bool iso_match_sync_handle(struct sock *sk, void *data);
84 static void iso_sock_disconn(struct sock *sk);
85
86 typedef bool (*iso_sock_match_t)(struct sock *sk, void *data);
87
88 static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst,
89                                         iso_sock_match_t match, void *data);
90
91 /* ---- ISO timers ---- */
92 #define ISO_CONN_TIMEOUT        (HZ * 40)
93 #define ISO_DISCONN_TIMEOUT     (HZ * 2)
94
95 static void iso_sock_timeout(struct work_struct *work)
96 {
97         struct iso_conn *conn = container_of(work, struct iso_conn,
98                                              timeout_work.work);
99         struct sock *sk;
100
101         iso_conn_lock(conn);
102         sk = conn->sk;
103         if (sk)
104                 sock_hold(sk);
105         iso_conn_unlock(conn);
106
107         if (!sk)
108                 return;
109
110         BT_DBG("sock %p state %d", sk, sk->sk_state);
111
112         lock_sock(sk);
113         sk->sk_err = ETIMEDOUT;
114         sk->sk_state_change(sk);
115         release_sock(sk);
116         sock_put(sk);
117 }
118
119 static void iso_sock_set_timer(struct sock *sk, long timeout)
120 {
121         if (!iso_pi(sk)->conn)
122                 return;
123
124         BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
125         cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
126         schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout);
127 }
128
129 static void iso_sock_clear_timer(struct sock *sk)
130 {
131         if (!iso_pi(sk)->conn)
132                 return;
133
134         BT_DBG("sock %p state %d", sk, sk->sk_state);
135         cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
136 }
137
138 /* ---- ISO connections ---- */
139 static struct iso_conn *iso_conn_add(struct hci_conn *hcon)
140 {
141         struct iso_conn *conn = hcon->iso_data;
142
143         if (conn) {
144                 if (!conn->hcon)
145                         conn->hcon = hcon;
146                 return conn;
147         }
148
149         conn = kzalloc(sizeof(*conn), GFP_KERNEL);
150         if (!conn)
151                 return NULL;
152
153         spin_lock_init(&conn->lock);
154         INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout);
155
156         hcon->iso_data = conn;
157         conn->hcon = hcon;
158         conn->tx_sn = 0;
159
160         BT_DBG("hcon %p conn %p", hcon, conn);
161
162         return conn;
163 }
164
165 /* Delete channel. Must be called on the locked socket. */
166 static void iso_chan_del(struct sock *sk, int err)
167 {
168         struct iso_conn *conn;
169         struct sock *parent;
170
171         conn = iso_pi(sk)->conn;
172
173         BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
174
175         if (conn) {
176                 iso_conn_lock(conn);
177                 conn->sk = NULL;
178                 iso_pi(sk)->conn = NULL;
179                 iso_conn_unlock(conn);
180
181                 if (conn->hcon)
182                         hci_conn_drop(conn->hcon);
183         }
184
185         sk->sk_state = BT_CLOSED;
186         sk->sk_err   = err;
187
188         parent = bt_sk(sk)->parent;
189         if (parent) {
190                 bt_accept_unlink(sk);
191                 parent->sk_data_ready(parent);
192         } else {
193                 sk->sk_state_change(sk);
194         }
195
196         sock_set_flag(sk, SOCK_ZAPPED);
197 }
198
199 static bool iso_match_conn_sync_handle(struct sock *sk, void *data)
200 {
201         struct hci_conn *hcon = data;
202
203         if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags))
204                 return false;
205
206         return hcon->sync_handle == iso_pi(sk)->sync_handle;
207 }
208
209 static void iso_conn_del(struct hci_conn *hcon, int err)
210 {
211         struct iso_conn *conn = hcon->iso_data;
212         struct sock *sk;
213         struct sock *parent;
214
215         if (!conn)
216                 return;
217
218         BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
219
220         /* Kill socket */
221         iso_conn_lock(conn);
222         sk = conn->sk;
223         if (sk)
224                 sock_hold(sk);
225         iso_conn_unlock(conn);
226
227         if (sk) {
228                 lock_sock(sk);
229
230                 /* While a PA sync hcon is in the process of closing,
231                  * mark parent socket with a flag, so that any residual
232                  * BIGInfo adv reports that arrive before PA sync is
233                  * terminated are not processed anymore.
234                  */
235                 if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) {
236                         parent = iso_get_sock_listen(&hcon->src,
237                                                      &hcon->dst,
238                                                      iso_match_conn_sync_handle,
239                                                      hcon);
240
241                         if (parent) {
242                                 set_bit(BT_SK_PA_SYNC_TERM,
243                                         &iso_pi(parent)->flags);
244                                 sock_put(parent);
245                         }
246                 }
247
248                 iso_sock_clear_timer(sk);
249                 iso_chan_del(sk, err);
250                 release_sock(sk);
251                 sock_put(sk);
252         }
253
254         /* Ensure no more work items will run before freeing conn. */
255         cancel_delayed_work_sync(&conn->timeout_work);
256
257         hcon->iso_data = NULL;
258         kfree(conn);
259 }
260
261 static int __iso_chan_add(struct iso_conn *conn, struct sock *sk,
262                           struct sock *parent)
263 {
264         BT_DBG("conn %p", conn);
265
266         if (iso_pi(sk)->conn == conn && conn->sk == sk)
267                 return 0;
268
269         if (conn->sk) {
270                 BT_ERR("conn->sk already set");
271                 return -EBUSY;
272         }
273
274         iso_pi(sk)->conn = conn;
275         conn->sk = sk;
276
277         if (parent)
278                 bt_accept_enqueue(parent, sk, true);
279
280         return 0;
281 }
282
283 static int iso_chan_add(struct iso_conn *conn, struct sock *sk,
284                         struct sock *parent)
285 {
286         int err;
287
288         iso_conn_lock(conn);
289         err = __iso_chan_add(conn, sk, parent);
290         iso_conn_unlock(conn);
291
292         return err;
293 }
294
295 static inline u8 le_addr_type(u8 bdaddr_type)
296 {
297         if (bdaddr_type == BDADDR_LE_PUBLIC)
298                 return ADDR_LE_DEV_PUBLIC;
299         else
300                 return ADDR_LE_DEV_RANDOM;
301 }
302
303 static int iso_connect_bis(struct sock *sk)
304 {
305         struct iso_conn *conn;
306         struct hci_conn *hcon;
307         struct hci_dev  *hdev;
308         int err;
309
310         BT_DBG("%pMR", &iso_pi(sk)->src);
311
312         hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
313                              iso_pi(sk)->src_type);
314         if (!hdev)
315                 return -EHOSTUNREACH;
316
317         hci_dev_lock(hdev);
318
319         if (!bis_capable(hdev)) {
320                 err = -EOPNOTSUPP;
321                 goto unlock;
322         }
323
324         /* Fail if user set invalid QoS */
325         if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) {
326                 iso_pi(sk)->qos = default_qos;
327                 err = -EINVAL;
328                 goto unlock;
329         }
330
331         /* Fail if out PHYs are marked as disabled */
332         if (!iso_pi(sk)->qos.bcast.out.phy) {
333                 err = -EINVAL;
334                 goto unlock;
335         }
336
337         /* Just bind if DEFER_SETUP has been set */
338         if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
339                 hcon = hci_bind_bis(hdev, &iso_pi(sk)->dst,
340                                     &iso_pi(sk)->qos, iso_pi(sk)->base_len,
341                                     iso_pi(sk)->base);
342                 if (IS_ERR(hcon)) {
343                         err = PTR_ERR(hcon);
344                         goto unlock;
345                 }
346         } else {
347                 hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst,
348                                        le_addr_type(iso_pi(sk)->dst_type),
349                                        &iso_pi(sk)->qos, iso_pi(sk)->base_len,
350                                        iso_pi(sk)->base);
351                 if (IS_ERR(hcon)) {
352                         err = PTR_ERR(hcon);
353                         goto unlock;
354                 }
355         }
356
357         conn = iso_conn_add(hcon);
358         if (!conn) {
359                 hci_conn_drop(hcon);
360                 err = -ENOMEM;
361                 goto unlock;
362         }
363
364         lock_sock(sk);
365
366         err = iso_chan_add(conn, sk, NULL);
367         if (err) {
368                 release_sock(sk);
369                 goto unlock;
370         }
371
372         /* Update source addr of the socket */
373         bacpy(&iso_pi(sk)->src, &hcon->src);
374
375         if (hcon->state == BT_CONNECTED) {
376                 iso_sock_clear_timer(sk);
377                 sk->sk_state = BT_CONNECTED;
378         } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
379                 iso_sock_clear_timer(sk);
380                 sk->sk_state = BT_CONNECT;
381         } else {
382                 sk->sk_state = BT_CONNECT;
383                 iso_sock_set_timer(sk, sk->sk_sndtimeo);
384         }
385
386         release_sock(sk);
387
388 unlock:
389         hci_dev_unlock(hdev);
390         hci_dev_put(hdev);
391         return err;
392 }
393
394 static int iso_connect_cis(struct sock *sk)
395 {
396         struct iso_conn *conn;
397         struct hci_conn *hcon;
398         struct hci_dev  *hdev;
399         int err;
400
401         BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst);
402
403         hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
404                              iso_pi(sk)->src_type);
405         if (!hdev)
406                 return -EHOSTUNREACH;
407
408         hci_dev_lock(hdev);
409
410         if (!cis_central_capable(hdev)) {
411                 err = -EOPNOTSUPP;
412                 goto unlock;
413         }
414
415         /* Fail if user set invalid QoS */
416         if (iso_pi(sk)->qos_user_set && !check_ucast_qos(&iso_pi(sk)->qos)) {
417                 iso_pi(sk)->qos = default_qos;
418                 err = -EINVAL;
419                 goto unlock;
420         }
421
422         /* Fail if either PHYs are marked as disabled */
423         if (!iso_pi(sk)->qos.ucast.in.phy && !iso_pi(sk)->qos.ucast.out.phy) {
424                 err = -EINVAL;
425                 goto unlock;
426         }
427
428         /* Just bind if DEFER_SETUP has been set */
429         if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
430                 hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst,
431                                     le_addr_type(iso_pi(sk)->dst_type),
432                                     &iso_pi(sk)->qos);
433                 if (IS_ERR(hcon)) {
434                         err = PTR_ERR(hcon);
435                         goto unlock;
436                 }
437         } else {
438                 hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst,
439                                        le_addr_type(iso_pi(sk)->dst_type),
440                                        &iso_pi(sk)->qos);
441                 if (IS_ERR(hcon)) {
442                         err = PTR_ERR(hcon);
443                         goto unlock;
444                 }
445         }
446
447         conn = iso_conn_add(hcon);
448         if (!conn) {
449                 hci_conn_drop(hcon);
450                 err = -ENOMEM;
451                 goto unlock;
452         }
453
454         lock_sock(sk);
455
456         err = iso_chan_add(conn, sk, NULL);
457         if (err) {
458                 release_sock(sk);
459                 goto unlock;
460         }
461
462         /* Update source addr of the socket */
463         bacpy(&iso_pi(sk)->src, &hcon->src);
464
465         if (hcon->state == BT_CONNECTED) {
466                 iso_sock_clear_timer(sk);
467                 sk->sk_state = BT_CONNECTED;
468         } else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
469                 iso_sock_clear_timer(sk);
470                 sk->sk_state = BT_CONNECT;
471         } else {
472                 sk->sk_state = BT_CONNECT;
473                 iso_sock_set_timer(sk, sk->sk_sndtimeo);
474         }
475
476         release_sock(sk);
477
478 unlock:
479         hci_dev_unlock(hdev);
480         hci_dev_put(hdev);
481         return err;
482 }
483
484 static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk)
485 {
486         if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2)
487                 return &iso_pi(sk)->conn->hcon->iso_qos;
488
489         return &iso_pi(sk)->qos;
490 }
491
492 static int iso_send_frame(struct sock *sk, struct sk_buff *skb)
493 {
494         struct iso_conn *conn = iso_pi(sk)->conn;
495         struct bt_iso_qos *qos = iso_sock_get_qos(sk);
496         struct hci_iso_data_hdr *hdr;
497         int len = 0;
498
499         BT_DBG("sk %p len %d", sk, skb->len);
500
501         if (skb->len > qos->ucast.out.sdu)
502                 return -EMSGSIZE;
503
504         len = skb->len;
505
506         /* Push ISO data header */
507         hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE);
508         hdr->sn = cpu_to_le16(conn->tx_sn++);
509         hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len,
510                                                       HCI_ISO_STATUS_VALID));
511
512         if (sk->sk_state == BT_CONNECTED)
513                 hci_send_iso(conn->hcon, skb);
514         else
515                 len = -ENOTCONN;
516
517         return len;
518 }
519
520 static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb)
521 {
522         struct sock *sk;
523
524         iso_conn_lock(conn);
525         sk = conn->sk;
526         iso_conn_unlock(conn);
527
528         if (!sk)
529                 goto drop;
530
531         BT_DBG("sk %p len %d", sk, skb->len);
532
533         if (sk->sk_state != BT_CONNECTED)
534                 goto drop;
535
536         if (!sock_queue_rcv_skb(sk, skb))
537                 return;
538
539 drop:
540         kfree_skb(skb);
541 }
542
543 /* -------- Socket interface ---------- */
544 static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *src, bdaddr_t *dst)
545 {
546         struct sock *sk;
547
548         sk_for_each(sk, &iso_sk_list.head) {
549                 if (sk->sk_state != BT_LISTEN)
550                         continue;
551
552                 if (bacmp(&iso_pi(sk)->dst, dst))
553                         continue;
554
555                 if (!bacmp(&iso_pi(sk)->src, src))
556                         return sk;
557         }
558
559         return NULL;
560 }
561
562 static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc,
563                                                  __u8 sid)
564 {
565         struct sock *sk;
566
567         sk_for_each(sk, &iso_sk_list.head) {
568                 if (sk->sk_state != BT_LISTEN)
569                         continue;
570
571                 if (bacmp(&iso_pi(sk)->src, ba))
572                         continue;
573
574                 if (bacmp(&iso_pi(sk)->dst, bc))
575                         continue;
576
577                 if (iso_pi(sk)->bc_sid == sid)
578                         return sk;
579         }
580
581         return NULL;
582 }
583
584 /* Find socket listening:
585  * source bdaddr (Unicast)
586  * destination bdaddr (Broadcast only)
587  * match func - pass NULL to ignore
588  * match func data - pass -1 to ignore
589  * Returns closest match.
590  */
591 static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst,
592                                         iso_sock_match_t match, void *data)
593 {
594         struct sock *sk = NULL, *sk1 = NULL;
595
596         read_lock(&iso_sk_list.lock);
597
598         sk_for_each(sk, &iso_sk_list.head) {
599                 if (sk->sk_state != BT_LISTEN)
600                         continue;
601
602                 /* Match Broadcast destination */
603                 if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst))
604                         continue;
605
606                 /* Use Match function if provided */
607                 if (match && !match(sk, data))
608                         continue;
609
610                 /* Exact match. */
611                 if (!bacmp(&iso_pi(sk)->src, src)) {
612                         sock_hold(sk);
613                         break;
614                 }
615
616                 /* Closest match */
617                 if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) {
618                         if (sk1)
619                                 sock_put(sk1);
620
621                         sk1 = sk;
622                         sock_hold(sk1);
623                 }
624         }
625
626         if (sk && sk1)
627                 sock_put(sk1);
628
629         read_unlock(&iso_sk_list.lock);
630
631         return sk ? sk : sk1;
632 }
633
634 static struct sock *iso_get_sock_big(struct sock *match_sk, bdaddr_t *src,
635                                      bdaddr_t *dst, uint8_t big)
636 {
637         struct sock *sk = NULL;
638
639         read_lock(&iso_sk_list.lock);
640
641         sk_for_each(sk, &iso_sk_list.head) {
642                 if (match_sk == sk)
643                         continue;
644
645                 /* Look for sockets that have already been
646                  * connected to the BIG
647                  */
648                 if (sk->sk_state != BT_CONNECTED &&
649                     sk->sk_state != BT_CONNECT)
650                         continue;
651
652                 /* Match Broadcast destination */
653                 if (bacmp(&iso_pi(sk)->dst, dst))
654                         continue;
655
656                 /* Match BIG handle */
657                 if (iso_pi(sk)->qos.bcast.big != big)
658                         continue;
659
660                 /* Match source address */
661                 if (bacmp(&iso_pi(sk)->src, src))
662                         continue;
663
664                 sock_hold(sk);
665                 break;
666         }
667
668         read_unlock(&iso_sk_list.lock);
669
670         return sk;
671 }
672
673 static void iso_sock_destruct(struct sock *sk)
674 {
675         BT_DBG("sk %p", sk);
676
677         skb_queue_purge(&sk->sk_receive_queue);
678         skb_queue_purge(&sk->sk_write_queue);
679 }
680
681 static void iso_sock_cleanup_listen(struct sock *parent)
682 {
683         struct sock *sk;
684
685         BT_DBG("parent %p", parent);
686
687         /* Close not yet accepted channels */
688         while ((sk = bt_accept_dequeue(parent, NULL))) {
689                 iso_sock_close(sk);
690                 iso_sock_kill(sk);
691         }
692
693         /* If listening socket has a hcon, properly disconnect it */
694         if (iso_pi(parent)->conn && iso_pi(parent)->conn->hcon) {
695                 iso_sock_disconn(parent);
696                 return;
697         }
698
699         parent->sk_state  = BT_CLOSED;
700         sock_set_flag(parent, SOCK_ZAPPED);
701 }
702
703 /* Kill socket (only if zapped and orphan)
704  * Must be called on unlocked socket.
705  */
706 static void iso_sock_kill(struct sock *sk)
707 {
708         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
709             sock_flag(sk, SOCK_DEAD))
710                 return;
711
712         BT_DBG("sk %p state %d", sk, sk->sk_state);
713
714         /* Kill poor orphan */
715         bt_sock_unlink(&iso_sk_list, sk);
716         sock_set_flag(sk, SOCK_DEAD);
717         sock_put(sk);
718 }
719
720 static void iso_sock_disconn(struct sock *sk)
721 {
722         struct sock *bis_sk;
723         struct hci_conn *hcon = iso_pi(sk)->conn->hcon;
724
725         if (test_bit(HCI_CONN_BIG_CREATED, &hcon->flags)) {
726                 bis_sk = iso_get_sock_big(sk, &iso_pi(sk)->src,
727                                           &iso_pi(sk)->dst,
728                                           iso_pi(sk)->qos.bcast.big);
729
730                 /* If there are any other connected sockets for the
731                  * same BIG, just delete the sk and leave the bis
732                  * hcon active, in case later rebinding is needed.
733                  */
734                 if (bis_sk) {
735                         hcon->state = BT_OPEN;
736                         iso_pi(sk)->conn->hcon = NULL;
737                         iso_sock_clear_timer(sk);
738                         iso_chan_del(sk, bt_to_errno(hcon->abort_reason));
739                         sock_put(bis_sk);
740                         return;
741                 }
742         }
743
744         sk->sk_state = BT_DISCONN;
745         iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT);
746         iso_conn_lock(iso_pi(sk)->conn);
747         hci_conn_drop(iso_pi(sk)->conn->hcon);
748         iso_pi(sk)->conn->hcon = NULL;
749         iso_conn_unlock(iso_pi(sk)->conn);
750 }
751
752 static void __iso_sock_close(struct sock *sk)
753 {
754         BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
755
756         switch (sk->sk_state) {
757         case BT_LISTEN:
758                 iso_sock_cleanup_listen(sk);
759                 break;
760
761         case BT_CONNECT:
762         case BT_CONNECTED:
763         case BT_CONFIG:
764                 if (iso_pi(sk)->conn->hcon)
765                         iso_sock_disconn(sk);
766                 else
767                         iso_chan_del(sk, ECONNRESET);
768                 break;
769
770         case BT_CONNECT2:
771                 if (iso_pi(sk)->conn->hcon &&
772                     (test_bit(HCI_CONN_PA_SYNC, &iso_pi(sk)->conn->hcon->flags) ||
773                     test_bit(HCI_CONN_PA_SYNC_FAILED, &iso_pi(sk)->conn->hcon->flags)))
774                         iso_sock_disconn(sk);
775                 else
776                         iso_chan_del(sk, ECONNRESET);
777                 break;
778         case BT_DISCONN:
779                 iso_chan_del(sk, ECONNRESET);
780                 break;
781
782         default:
783                 sock_set_flag(sk, SOCK_ZAPPED);
784                 break;
785         }
786 }
787
788 /* Must be called on unlocked socket. */
789 static void iso_sock_close(struct sock *sk)
790 {
791         iso_sock_clear_timer(sk);
792         lock_sock(sk);
793         __iso_sock_close(sk);
794         release_sock(sk);
795         iso_sock_kill(sk);
796 }
797
798 static void iso_sock_init(struct sock *sk, struct sock *parent)
799 {
800         BT_DBG("sk %p", sk);
801
802         if (parent) {
803                 sk->sk_type = parent->sk_type;
804                 bt_sk(sk)->flags = bt_sk(parent)->flags;
805                 security_sk_clone(parent, sk);
806         }
807 }
808
809 static struct proto iso_proto = {
810         .name           = "ISO",
811         .owner          = THIS_MODULE,
812         .obj_size       = sizeof(struct iso_pinfo)
813 };
814
815 #define DEFAULT_IO_QOS \
816 { \
817         .interval       = 10000u, \
818         .latency        = 10u, \
819         .sdu            = 40u, \
820         .phy            = BT_ISO_PHY_2M, \
821         .rtn            = 2u, \
822 }
823
824 static struct bt_iso_qos default_qos = {
825         .bcast = {
826                 .big                    = BT_ISO_QOS_BIG_UNSET,
827                 .bis                    = BT_ISO_QOS_BIS_UNSET,
828                 .sync_factor            = 0x01,
829                 .packing                = 0x00,
830                 .framing                = 0x00,
831                 .in                     = DEFAULT_IO_QOS,
832                 .out                    = DEFAULT_IO_QOS,
833                 .encryption             = 0x00,
834                 .bcode                  = {0x00},
835                 .options                = 0x00,
836                 .skip                   = 0x0000,
837                 .sync_timeout           = BT_ISO_SYNC_TIMEOUT,
838                 .sync_cte_type          = 0x00,
839                 .mse                    = 0x00,
840                 .timeout                = BT_ISO_SYNC_TIMEOUT,
841         },
842 };
843
844 static struct sock *iso_sock_alloc(struct net *net, struct socket *sock,
845                                    int proto, gfp_t prio, int kern)
846 {
847         struct sock *sk;
848
849         sk = bt_sock_alloc(net, sock, &iso_proto, proto, prio, kern);
850         if (!sk)
851                 return NULL;
852
853         sk->sk_destruct = iso_sock_destruct;
854         sk->sk_sndtimeo = ISO_CONN_TIMEOUT;
855
856         /* Set address type as public as default src address is BDADDR_ANY */
857         iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
858
859         iso_pi(sk)->qos = default_qos;
860
861         bt_sock_link(&iso_sk_list, sk);
862         return sk;
863 }
864
865 static int iso_sock_create(struct net *net, struct socket *sock, int protocol,
866                            int kern)
867 {
868         struct sock *sk;
869
870         BT_DBG("sock %p", sock);
871
872         sock->state = SS_UNCONNECTED;
873
874         if (sock->type != SOCK_SEQPACKET)
875                 return -ESOCKTNOSUPPORT;
876
877         sock->ops = &iso_sock_ops;
878
879         sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
880         if (!sk)
881                 return -ENOMEM;
882
883         iso_sock_init(sk, NULL);
884         return 0;
885 }
886
887 static int iso_sock_bind_bc(struct socket *sock, struct sockaddr *addr,
888                             int addr_len)
889 {
890         struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
891         struct sock *sk = sock->sk;
892         int i;
893
894         BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid,
895                sa->iso_bc->bc_num_bis);
896
897         if (addr_len != sizeof(*sa) + sizeof(*sa->iso_bc))
898                 return -EINVAL;
899
900         bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr);
901
902         /* Check if the address type is of LE type */
903         if (!bdaddr_type_is_le(sa->iso_bc->bc_bdaddr_type))
904                 return -EINVAL;
905
906         iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type;
907         iso_pi(sk)->sync_handle = -1;
908
909         if (sa->iso_bc->bc_sid > 0x0f)
910                 return -EINVAL;
911
912         iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid;
913
914         if (sa->iso_bc->bc_num_bis > ISO_MAX_NUM_BIS)
915                 return -EINVAL;
916
917         iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis;
918
919         for (i = 0; i < iso_pi(sk)->bc_num_bis; i++)
920                 if (sa->iso_bc->bc_bis[i] < 0x01 ||
921                     sa->iso_bc->bc_bis[i] > 0x1f)
922                         return -EINVAL;
923
924         memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis,
925                iso_pi(sk)->bc_num_bis);
926
927         return 0;
928 }
929
930 static int iso_sock_bind_pa_sk(struct sock *sk, struct sockaddr_iso *sa,
931                                int addr_len)
932 {
933         int err = 0;
934
935         if (sk->sk_type != SOCK_SEQPACKET) {
936                 err = -EINVAL;
937                 goto done;
938         }
939
940         if (addr_len != sizeof(*sa) + sizeof(*sa->iso_bc)) {
941                 err = -EINVAL;
942                 goto done;
943         }
944
945         if (sa->iso_bc->bc_num_bis > ISO_MAX_NUM_BIS) {
946                 err = -EINVAL;
947                 goto done;
948         }
949
950         iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis;
951
952         for (int i = 0; i < iso_pi(sk)->bc_num_bis; i++)
953                 if (sa->iso_bc->bc_bis[i] < 0x01 ||
954                     sa->iso_bc->bc_bis[i] > 0x1f) {
955                         err = -EINVAL;
956                         goto done;
957                 }
958
959         memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis,
960                iso_pi(sk)->bc_num_bis);
961
962 done:
963         return err;
964 }
965
966 static int iso_sock_bind(struct socket *sock, struct sockaddr *addr,
967                          int addr_len)
968 {
969         struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
970         struct sock *sk = sock->sk;
971         int err = 0;
972
973         BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type);
974
975         if (!addr || addr_len < sizeof(struct sockaddr_iso) ||
976             addr->sa_family != AF_BLUETOOTH)
977                 return -EINVAL;
978
979         lock_sock(sk);
980
981         /* Allow the user to bind a PA sync socket to a number
982          * of BISes to sync to.
983          */
984         if (sk->sk_state == BT_CONNECT2 &&
985             test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) {
986                 err = iso_sock_bind_pa_sk(sk, sa, addr_len);
987                 goto done;
988         }
989
990         if (sk->sk_state != BT_OPEN) {
991                 err = -EBADFD;
992                 goto done;
993         }
994
995         if (sk->sk_type != SOCK_SEQPACKET) {
996                 err = -EINVAL;
997                 goto done;
998         }
999
1000         /* Check if the address type is of LE type */
1001         if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) {
1002                 err = -EINVAL;
1003                 goto done;
1004         }
1005
1006         bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr);
1007         iso_pi(sk)->src_type = sa->iso_bdaddr_type;
1008
1009         /* Check for Broadcast address */
1010         if (addr_len > sizeof(*sa)) {
1011                 err = iso_sock_bind_bc(sock, addr, addr_len);
1012                 if (err)
1013                         goto done;
1014         }
1015
1016         sk->sk_state = BT_BOUND;
1017
1018 done:
1019         release_sock(sk);
1020         return err;
1021 }
1022
1023 static int iso_sock_connect(struct socket *sock, struct sockaddr *addr,
1024                             int alen, int flags)
1025 {
1026         struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1027         struct sock *sk = sock->sk;
1028         int err;
1029
1030         BT_DBG("sk %p", sk);
1031
1032         if (alen < sizeof(struct sockaddr_iso) ||
1033             addr->sa_family != AF_BLUETOOTH)
1034                 return -EINVAL;
1035
1036         if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
1037                 return -EBADFD;
1038
1039         if (sk->sk_type != SOCK_SEQPACKET)
1040                 return -EINVAL;
1041
1042         /* Check if the address type is of LE type */
1043         if (!bdaddr_type_is_le(sa->iso_bdaddr_type))
1044                 return -EINVAL;
1045
1046         lock_sock(sk);
1047
1048         bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr);
1049         iso_pi(sk)->dst_type = sa->iso_bdaddr_type;
1050
1051         release_sock(sk);
1052
1053         if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
1054                 err = iso_connect_cis(sk);
1055         else
1056                 err = iso_connect_bis(sk);
1057
1058         if (err)
1059                 return err;
1060
1061         lock_sock(sk);
1062
1063         if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1064                 err = bt_sock_wait_state(sk, BT_CONNECTED,
1065                                          sock_sndtimeo(sk, flags & O_NONBLOCK));
1066         }
1067
1068         release_sock(sk);
1069         return err;
1070 }
1071
1072 static int iso_listen_bis(struct sock *sk)
1073 {
1074         struct hci_dev *hdev;
1075         int err = 0;
1076         struct iso_conn *conn;
1077         struct hci_conn *hcon;
1078
1079         BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src,
1080                &iso_pi(sk)->dst, iso_pi(sk)->bc_sid);
1081
1082         write_lock(&iso_sk_list.lock);
1083
1084         if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst,
1085                                          iso_pi(sk)->bc_sid))
1086                 err = -EADDRINUSE;
1087
1088         write_unlock(&iso_sk_list.lock);
1089
1090         if (err)
1091                 return err;
1092
1093         hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
1094                              iso_pi(sk)->src_type);
1095         if (!hdev)
1096                 return -EHOSTUNREACH;
1097
1098         hci_dev_lock(hdev);
1099
1100         /* Fail if user set invalid QoS */
1101         if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) {
1102                 iso_pi(sk)->qos = default_qos;
1103                 err = -EINVAL;
1104                 goto unlock;
1105         }
1106
1107         hcon = hci_pa_create_sync(hdev, &iso_pi(sk)->dst,
1108                                   le_addr_type(iso_pi(sk)->dst_type),
1109                                   iso_pi(sk)->bc_sid, &iso_pi(sk)->qos);
1110         if (IS_ERR(hcon)) {
1111                 err = PTR_ERR(hcon);
1112                 goto unlock;
1113         }
1114
1115         conn = iso_conn_add(hcon);
1116         if (!conn) {
1117                 hci_conn_drop(hcon);
1118                 err = -ENOMEM;
1119                 goto unlock;
1120         }
1121
1122         err = iso_chan_add(conn, sk, NULL);
1123         if (err) {
1124                 hci_conn_drop(hcon);
1125                 goto unlock;
1126         }
1127
1128         hci_dev_put(hdev);
1129
1130 unlock:
1131         hci_dev_unlock(hdev);
1132         return err;
1133 }
1134
1135 static int iso_listen_cis(struct sock *sk)
1136 {
1137         int err = 0;
1138
1139         BT_DBG("%pMR", &iso_pi(sk)->src);
1140
1141         write_lock(&iso_sk_list.lock);
1142
1143         if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src, &iso_pi(sk)->dst))
1144                 err = -EADDRINUSE;
1145
1146         write_unlock(&iso_sk_list.lock);
1147
1148         return err;
1149 }
1150
1151 static int iso_sock_listen(struct socket *sock, int backlog)
1152 {
1153         struct sock *sk = sock->sk;
1154         int err = 0;
1155
1156         BT_DBG("sk %p backlog %d", sk, backlog);
1157
1158         lock_sock(sk);
1159
1160         if (sk->sk_state != BT_BOUND) {
1161                 err = -EBADFD;
1162                 goto done;
1163         }
1164
1165         if (sk->sk_type != SOCK_SEQPACKET) {
1166                 err = -EINVAL;
1167                 goto done;
1168         }
1169
1170         if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
1171                 err = iso_listen_cis(sk);
1172         else
1173                 err = iso_listen_bis(sk);
1174
1175         if (err)
1176                 goto done;
1177
1178         sk->sk_max_ack_backlog = backlog;
1179         sk->sk_ack_backlog = 0;
1180
1181         sk->sk_state = BT_LISTEN;
1182
1183 done:
1184         release_sock(sk);
1185         return err;
1186 }
1187
1188 static int iso_sock_accept(struct socket *sock, struct socket *newsock,
1189                            int flags, bool kern)
1190 {
1191         DEFINE_WAIT_FUNC(wait, woken_wake_function);
1192         struct sock *sk = sock->sk, *ch;
1193         long timeo;
1194         int err = 0;
1195
1196         lock_sock(sk);
1197
1198         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1199
1200         BT_DBG("sk %p timeo %ld", sk, timeo);
1201
1202         /* Wait for an incoming connection. (wake-one). */
1203         add_wait_queue_exclusive(sk_sleep(sk), &wait);
1204         while (1) {
1205                 if (sk->sk_state != BT_LISTEN) {
1206                         err = -EBADFD;
1207                         break;
1208                 }
1209
1210                 ch = bt_accept_dequeue(sk, newsock);
1211                 if (ch)
1212                         break;
1213
1214                 if (!timeo) {
1215                         err = -EAGAIN;
1216                         break;
1217                 }
1218
1219                 if (signal_pending(current)) {
1220                         err = sock_intr_errno(timeo);
1221                         break;
1222                 }
1223
1224                 release_sock(sk);
1225
1226                 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
1227                 lock_sock(sk);
1228         }
1229         remove_wait_queue(sk_sleep(sk), &wait);
1230
1231         if (err)
1232                 goto done;
1233
1234         newsock->state = SS_CONNECTED;
1235
1236         BT_DBG("new socket %p", ch);
1237
1238 done:
1239         release_sock(sk);
1240         return err;
1241 }
1242
1243 static int iso_sock_getname(struct socket *sock, struct sockaddr *addr,
1244                             int peer)
1245 {
1246         struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1247         struct sock *sk = sock->sk;
1248
1249         BT_DBG("sock %p, sk %p", sock, sk);
1250
1251         addr->sa_family = AF_BLUETOOTH;
1252
1253         if (peer) {
1254                 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst);
1255                 sa->iso_bdaddr_type = iso_pi(sk)->dst_type;
1256         } else {
1257                 bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src);
1258                 sa->iso_bdaddr_type = iso_pi(sk)->src_type;
1259         }
1260
1261         return sizeof(struct sockaddr_iso);
1262 }
1263
1264 static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1265                             size_t len)
1266 {
1267         struct sock *sk = sock->sk;
1268         struct sk_buff *skb, **frag;
1269         size_t mtu;
1270         int err;
1271
1272         BT_DBG("sock %p, sk %p", sock, sk);
1273
1274         err = sock_error(sk);
1275         if (err)
1276                 return err;
1277
1278         if (msg->msg_flags & MSG_OOB)
1279                 return -EOPNOTSUPP;
1280
1281         lock_sock(sk);
1282
1283         if (sk->sk_state != BT_CONNECTED) {
1284                 release_sock(sk);
1285                 return -ENOTCONN;
1286         }
1287
1288         mtu = iso_pi(sk)->conn->hcon->mtu;
1289
1290         release_sock(sk);
1291
1292         skb = bt_skb_sendmsg(sk, msg, len, mtu, HCI_ISO_DATA_HDR_SIZE, 0);
1293         if (IS_ERR(skb))
1294                 return PTR_ERR(skb);
1295
1296         len -= skb->len;
1297
1298         BT_DBG("skb %p len %d", sk, skb->len);
1299
1300         /* Continuation fragments */
1301         frag = &skb_shinfo(skb)->frag_list;
1302         while (len) {
1303                 struct sk_buff *tmp;
1304
1305                 tmp = bt_skb_sendmsg(sk, msg, len, mtu, 0, 0);
1306                 if (IS_ERR(tmp)) {
1307                         kfree_skb(skb);
1308                         return PTR_ERR(tmp);
1309                 }
1310
1311                 *frag = tmp;
1312
1313                 len  -= tmp->len;
1314
1315                 skb->len += tmp->len;
1316                 skb->data_len += tmp->len;
1317
1318                 BT_DBG("frag %p len %d", *frag, tmp->len);
1319
1320                 frag = &(*frag)->next;
1321         }
1322
1323         lock_sock(sk);
1324
1325         if (sk->sk_state == BT_CONNECTED)
1326                 err = iso_send_frame(sk, skb);
1327         else
1328                 err = -ENOTCONN;
1329
1330         release_sock(sk);
1331
1332         if (err < 0)
1333                 kfree_skb(skb);
1334         return err;
1335 }
1336
1337 static void iso_conn_defer_accept(struct hci_conn *conn)
1338 {
1339         struct hci_cp_le_accept_cis cp;
1340         struct hci_dev *hdev = conn->hdev;
1341
1342         BT_DBG("conn %p", conn);
1343
1344         conn->state = BT_CONFIG;
1345
1346         cp.handle = cpu_to_le16(conn->handle);
1347
1348         hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp);
1349 }
1350
1351 static void iso_conn_big_sync(struct sock *sk)
1352 {
1353         int err;
1354         struct hci_dev *hdev;
1355
1356         hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
1357                              iso_pi(sk)->src_type);
1358
1359         if (!hdev)
1360                 return;
1361
1362         if (!test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
1363                 err = hci_le_big_create_sync(hdev, iso_pi(sk)->conn->hcon,
1364                                              &iso_pi(sk)->qos,
1365                                              iso_pi(sk)->sync_handle,
1366                                              iso_pi(sk)->bc_num_bis,
1367                                              iso_pi(sk)->bc_bis);
1368                 if (err)
1369                         bt_dev_err(hdev, "hci_le_big_create_sync: %d",
1370                                    err);
1371         }
1372 }
1373
1374 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1375                             size_t len, int flags)
1376 {
1377         struct sock *sk = sock->sk;
1378         struct iso_pinfo *pi = iso_pi(sk);
1379
1380         BT_DBG("sk %p", sk);
1381
1382         if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1383                 lock_sock(sk);
1384                 switch (sk->sk_state) {
1385                 case BT_CONNECT2:
1386                         if (pi->conn->hcon &&
1387                             test_bit(HCI_CONN_PA_SYNC, &pi->conn->hcon->flags)) {
1388                                 iso_conn_big_sync(sk);
1389                                 sk->sk_state = BT_LISTEN;
1390                         } else {
1391                                 iso_conn_defer_accept(pi->conn->hcon);
1392                                 sk->sk_state = BT_CONFIG;
1393                         }
1394                         release_sock(sk);
1395                         return 0;
1396                 case BT_CONNECT:
1397                         release_sock(sk);
1398                         return iso_connect_cis(sk);
1399                 default:
1400                         release_sock(sk);
1401                         break;
1402                 }
1403         }
1404
1405         return bt_sock_recvmsg(sock, msg, len, flags);
1406 }
1407
1408 static bool check_io_qos(struct bt_iso_io_qos *qos)
1409 {
1410         /* If no PHY is enable SDU must be 0 */
1411         if (!qos->phy && qos->sdu)
1412                 return false;
1413
1414         if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff))
1415                 return false;
1416
1417         if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0))
1418                 return false;
1419
1420         if (qos->phy > BT_ISO_PHY_ANY)
1421                 return false;
1422
1423         return true;
1424 }
1425
1426 static bool check_ucast_qos(struct bt_iso_qos *qos)
1427 {
1428         if (qos->ucast.cig > 0xef && qos->ucast.cig != BT_ISO_QOS_CIG_UNSET)
1429                 return false;
1430
1431         if (qos->ucast.cis > 0xef && qos->ucast.cis != BT_ISO_QOS_CIS_UNSET)
1432                 return false;
1433
1434         if (qos->ucast.sca > 0x07)
1435                 return false;
1436
1437         if (qos->ucast.packing > 0x01)
1438                 return false;
1439
1440         if (qos->ucast.framing > 0x01)
1441                 return false;
1442
1443         if (!check_io_qos(&qos->ucast.in))
1444                 return false;
1445
1446         if (!check_io_qos(&qos->ucast.out))
1447                 return false;
1448
1449         return true;
1450 }
1451
1452 static bool check_bcast_qos(struct bt_iso_qos *qos)
1453 {
1454         if (!qos->bcast.sync_factor)
1455                 qos->bcast.sync_factor = 0x01;
1456
1457         if (qos->bcast.packing > 0x01)
1458                 return false;
1459
1460         if (qos->bcast.framing > 0x01)
1461                 return false;
1462
1463         if (!check_io_qos(&qos->bcast.in))
1464                 return false;
1465
1466         if (!check_io_qos(&qos->bcast.out))
1467                 return false;
1468
1469         if (qos->bcast.encryption > 0x01)
1470                 return false;
1471
1472         if (qos->bcast.options > 0x07)
1473                 return false;
1474
1475         if (qos->bcast.skip > 0x01f3)
1476                 return false;
1477
1478         if (!qos->bcast.sync_timeout)
1479                 qos->bcast.sync_timeout = BT_ISO_SYNC_TIMEOUT;
1480
1481         if (qos->bcast.sync_timeout < 0x000a || qos->bcast.sync_timeout > 0x4000)
1482                 return false;
1483
1484         if (qos->bcast.sync_cte_type > 0x1f)
1485                 return false;
1486
1487         if (qos->bcast.mse > 0x1f)
1488                 return false;
1489
1490         if (!qos->bcast.timeout)
1491                 qos->bcast.sync_timeout = BT_ISO_SYNC_TIMEOUT;
1492
1493         if (qos->bcast.timeout < 0x000a || qos->bcast.timeout > 0x4000)
1494                 return false;
1495
1496         return true;
1497 }
1498
1499 static int iso_sock_setsockopt(struct socket *sock, int level, int optname,
1500                                sockptr_t optval, unsigned int optlen)
1501 {
1502         struct sock *sk = sock->sk;
1503         int err = 0;
1504         struct bt_iso_qos qos = default_qos;
1505         u32 opt;
1506
1507         BT_DBG("sk %p", sk);
1508
1509         lock_sock(sk);
1510
1511         switch (optname) {
1512         case BT_DEFER_SETUP:
1513                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1514                         err = -EINVAL;
1515                         break;
1516                 }
1517
1518                 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen);
1519                 if (err)
1520                         break;
1521
1522                 if (opt)
1523                         set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1524                 else
1525                         clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1526                 break;
1527
1528         case BT_PKT_STATUS:
1529                 err = bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen);
1530                 if (err)
1531                         break;
1532
1533                 if (opt)
1534                         set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1535                 else
1536                         clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1537                 break;
1538
1539         case BT_ISO_QOS:
1540                 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1541                     sk->sk_state != BT_CONNECT2) {
1542                         err = -EINVAL;
1543                         break;
1544                 }
1545
1546                 err = bt_copy_from_sockptr(&qos, sizeof(qos), optval, optlen);
1547                 if (err)
1548                         break;
1549
1550                 iso_pi(sk)->qos = qos;
1551                 iso_pi(sk)->qos_user_set = true;
1552
1553                 break;
1554
1555         case BT_ISO_BASE:
1556                 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1557                     sk->sk_state != BT_CONNECT2) {
1558                         err = -EINVAL;
1559                         break;
1560                 }
1561
1562                 if (optlen > sizeof(iso_pi(sk)->base)) {
1563                         err = -EINVAL;
1564                         break;
1565                 }
1566
1567                 err = bt_copy_from_sockptr(iso_pi(sk)->base, optlen, optval,
1568                                            optlen);
1569                 if (err)
1570                         break;
1571
1572                 iso_pi(sk)->base_len = optlen;
1573
1574                 break;
1575
1576         default:
1577                 err = -ENOPROTOOPT;
1578                 break;
1579         }
1580
1581         release_sock(sk);
1582         return err;
1583 }
1584
1585 static int iso_sock_getsockopt(struct socket *sock, int level, int optname,
1586                                char __user *optval, int __user *optlen)
1587 {
1588         struct sock *sk = sock->sk;
1589         int len, err = 0;
1590         struct bt_iso_qos *qos;
1591         u8 base_len;
1592         u8 *base;
1593
1594         BT_DBG("sk %p", sk);
1595
1596         if (get_user(len, optlen))
1597                 return -EFAULT;
1598
1599         lock_sock(sk);
1600
1601         switch (optname) {
1602         case BT_DEFER_SETUP:
1603                 if (sk->sk_state == BT_CONNECTED) {
1604                         err = -EINVAL;
1605                         break;
1606                 }
1607
1608                 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1609                              (u32 __user *)optval))
1610                         err = -EFAULT;
1611
1612                 break;
1613
1614         case BT_PKT_STATUS:
1615                 if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1616                              (int __user *)optval))
1617                         err = -EFAULT;
1618                 break;
1619
1620         case BT_ISO_QOS:
1621                 qos = iso_sock_get_qos(sk);
1622
1623                 len = min_t(unsigned int, len, sizeof(*qos));
1624                 if (copy_to_user(optval, qos, len))
1625                         err = -EFAULT;
1626
1627                 break;
1628
1629         case BT_ISO_BASE:
1630                 if (sk->sk_state == BT_CONNECTED &&
1631                     !bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) {
1632                         base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len;
1633                         base = iso_pi(sk)->conn->hcon->le_per_adv_data;
1634                 } else {
1635                         base_len = iso_pi(sk)->base_len;
1636                         base = iso_pi(sk)->base;
1637                 }
1638
1639                 len = min_t(unsigned int, len, base_len);
1640                 if (copy_to_user(optval, base, len))
1641                         err = -EFAULT;
1642                 if (put_user(len, optlen))
1643                         err = -EFAULT;
1644
1645                 break;
1646
1647         default:
1648                 err = -ENOPROTOOPT;
1649                 break;
1650         }
1651
1652         release_sock(sk);
1653         return err;
1654 }
1655
1656 static int iso_sock_shutdown(struct socket *sock, int how)
1657 {
1658         struct sock *sk = sock->sk;
1659         int err = 0;
1660
1661         BT_DBG("sock %p, sk %p, how %d", sock, sk, how);
1662
1663         if (!sk)
1664                 return 0;
1665
1666         sock_hold(sk);
1667         lock_sock(sk);
1668
1669         switch (how) {
1670         case SHUT_RD:
1671                 if (sk->sk_shutdown & RCV_SHUTDOWN)
1672                         goto unlock;
1673                 sk->sk_shutdown |= RCV_SHUTDOWN;
1674                 break;
1675         case SHUT_WR:
1676                 if (sk->sk_shutdown & SEND_SHUTDOWN)
1677                         goto unlock;
1678                 sk->sk_shutdown |= SEND_SHUTDOWN;
1679                 break;
1680         case SHUT_RDWR:
1681                 if (sk->sk_shutdown & SHUTDOWN_MASK)
1682                         goto unlock;
1683                 sk->sk_shutdown |= SHUTDOWN_MASK;
1684                 break;
1685         }
1686
1687         iso_sock_clear_timer(sk);
1688         __iso_sock_close(sk);
1689
1690         if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1691             !(current->flags & PF_EXITING))
1692                 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1693
1694 unlock:
1695         release_sock(sk);
1696         sock_put(sk);
1697
1698         return err;
1699 }
1700
1701 static int iso_sock_release(struct socket *sock)
1702 {
1703         struct sock *sk = sock->sk;
1704         int err = 0;
1705
1706         BT_DBG("sock %p, sk %p", sock, sk);
1707
1708         if (!sk)
1709                 return 0;
1710
1711         iso_sock_close(sk);
1712
1713         if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
1714             !(current->flags & PF_EXITING)) {
1715                 lock_sock(sk);
1716                 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1717                 release_sock(sk);
1718         }
1719
1720         sock_orphan(sk);
1721         iso_sock_kill(sk);
1722         return err;
1723 }
1724
1725 static void iso_sock_ready(struct sock *sk)
1726 {
1727         BT_DBG("sk %p", sk);
1728
1729         if (!sk)
1730                 return;
1731
1732         lock_sock(sk);
1733         iso_sock_clear_timer(sk);
1734         sk->sk_state = BT_CONNECTED;
1735         sk->sk_state_change(sk);
1736         release_sock(sk);
1737 }
1738
1739 struct iso_list_data {
1740         struct hci_conn *hcon;
1741         int count;
1742 };
1743
1744 static bool iso_match_big(struct sock *sk, void *data)
1745 {
1746         struct hci_evt_le_big_sync_estabilished *ev = data;
1747
1748         return ev->handle == iso_pi(sk)->qos.bcast.big;
1749 }
1750
1751 static bool iso_match_pa_sync_flag(struct sock *sk, void *data)
1752 {
1753         return test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags);
1754 }
1755
1756 static void iso_conn_ready(struct iso_conn *conn)
1757 {
1758         struct sock *parent = NULL;
1759         struct sock *sk = conn->sk;
1760         struct hci_ev_le_big_sync_estabilished *ev = NULL;
1761         struct hci_ev_le_pa_sync_established *ev2 = NULL;
1762         struct hci_evt_le_big_info_adv_report *ev3 = NULL;
1763         struct hci_conn *hcon;
1764
1765         BT_DBG("conn %p", conn);
1766
1767         if (sk) {
1768                 iso_sock_ready(conn->sk);
1769         } else {
1770                 hcon = conn->hcon;
1771                 if (!hcon)
1772                         return;
1773
1774                 if (test_bit(HCI_CONN_BIG_SYNC, &hcon->flags) ||
1775                     test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags)) {
1776                         ev = hci_recv_event_data(hcon->hdev,
1777                                                  HCI_EVT_LE_BIG_SYNC_ESTABILISHED);
1778
1779                         /* Get reference to PA sync parent socket, if it exists */
1780                         parent = iso_get_sock_listen(&hcon->src,
1781                                                      &hcon->dst,
1782                                                      iso_match_pa_sync_flag, NULL);
1783                         if (!parent && ev)
1784                                 parent = iso_get_sock_listen(&hcon->src,
1785                                                              &hcon->dst,
1786                                                              iso_match_big, ev);
1787                 } else if (test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) {
1788                         ev2 = hci_recv_event_data(hcon->hdev,
1789                                                   HCI_EV_LE_PA_SYNC_ESTABLISHED);
1790                         if (ev2)
1791                                 parent = iso_get_sock_listen(&hcon->src,
1792                                                              &hcon->dst,
1793                                                              iso_match_sid, ev2);
1794                 } else if (test_bit(HCI_CONN_PA_SYNC, &hcon->flags)) {
1795                         ev3 = hci_recv_event_data(hcon->hdev,
1796                                                   HCI_EVT_LE_BIG_INFO_ADV_REPORT);
1797                         if (ev3)
1798                                 parent = iso_get_sock_listen(&hcon->src,
1799                                                              &hcon->dst,
1800                                                              iso_match_sync_handle, ev3);
1801                 }
1802
1803                 if (!parent)
1804                         parent = iso_get_sock_listen(&hcon->src,
1805                                                         BDADDR_ANY, NULL, NULL);
1806
1807                 if (!parent)
1808                         return;
1809
1810                 lock_sock(parent);
1811
1812                 sk = iso_sock_alloc(sock_net(parent), NULL,
1813                                     BTPROTO_ISO, GFP_ATOMIC, 0);
1814                 if (!sk) {
1815                         release_sock(parent);
1816                         return;
1817                 }
1818
1819                 iso_sock_init(sk, parent);
1820
1821                 bacpy(&iso_pi(sk)->src, &hcon->src);
1822
1823                 /* Convert from HCI to three-value type */
1824                 if (hcon->src_type == ADDR_LE_DEV_PUBLIC)
1825                         iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
1826                 else
1827                         iso_pi(sk)->src_type = BDADDR_LE_RANDOM;
1828
1829                 /* If hcon has no destination address (BDADDR_ANY) it means it
1830                  * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED or
1831                  * HCI_EV_LE_PA_SYNC_ESTABLISHED so we need to initialize using
1832                  * the parent socket destination address.
1833                  */
1834                 if (!bacmp(&hcon->dst, BDADDR_ANY)) {
1835                         bacpy(&hcon->dst, &iso_pi(parent)->dst);
1836                         hcon->dst_type = iso_pi(parent)->dst_type;
1837                         hcon->sync_handle = iso_pi(parent)->sync_handle;
1838                 }
1839
1840                 if (ev3) {
1841                         iso_pi(sk)->qos = iso_pi(parent)->qos;
1842                         iso_pi(sk)->qos.bcast.encryption = ev3->encryption;
1843                         hcon->iso_qos = iso_pi(sk)->qos;
1844                         iso_pi(sk)->bc_num_bis = iso_pi(parent)->bc_num_bis;
1845                         memcpy(iso_pi(sk)->bc_bis, iso_pi(parent)->bc_bis, ISO_MAX_NUM_BIS);
1846                         set_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags);
1847                 }
1848
1849                 bacpy(&iso_pi(sk)->dst, &hcon->dst);
1850                 iso_pi(sk)->dst_type = hcon->dst_type;
1851                 iso_pi(sk)->sync_handle = iso_pi(parent)->sync_handle;
1852                 memcpy(iso_pi(sk)->base, iso_pi(parent)->base, iso_pi(parent)->base_len);
1853                 iso_pi(sk)->base_len = iso_pi(parent)->base_len;
1854
1855                 hci_conn_hold(hcon);
1856                 iso_chan_add(conn, sk, parent);
1857
1858                 if ((ev && ((struct hci_evt_le_big_sync_estabilished *)ev)->status) ||
1859                     (ev2 && ev2->status)) {
1860                         /* Trigger error signal on child socket */
1861                         sk->sk_err = ECONNREFUSED;
1862                         sk->sk_error_report(sk);
1863                 }
1864
1865                 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1866                         sk->sk_state = BT_CONNECT2;
1867                 else
1868                         sk->sk_state = BT_CONNECTED;
1869
1870                 /* Wake up parent */
1871                 parent->sk_data_ready(parent);
1872
1873                 release_sock(parent);
1874                 sock_put(parent);
1875         }
1876 }
1877
1878 static bool iso_match_sid(struct sock *sk, void *data)
1879 {
1880         struct hci_ev_le_pa_sync_established *ev = data;
1881
1882         return ev->sid == iso_pi(sk)->bc_sid;
1883 }
1884
1885 static bool iso_match_sync_handle(struct sock *sk, void *data)
1886 {
1887         struct hci_evt_le_big_info_adv_report *ev = data;
1888
1889         return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
1890 }
1891
1892 static bool iso_match_sync_handle_pa_report(struct sock *sk, void *data)
1893 {
1894         struct hci_ev_le_per_adv_report *ev = data;
1895
1896         return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
1897 }
1898
1899 /* ----- ISO interface with lower layer (HCI) ----- */
1900
1901 int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1902 {
1903         struct hci_ev_le_pa_sync_established *ev1;
1904         struct hci_evt_le_big_info_adv_report *ev2;
1905         struct hci_ev_le_per_adv_report *ev3;
1906         struct sock *sk;
1907
1908         bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
1909
1910         /* Broadcast receiver requires handling of some events before it can
1911          * proceed to establishing a BIG sync:
1912          *
1913          * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific
1914          * SID to listen to and once sync is estabilished its handle needs to
1915          * be stored in iso_pi(sk)->sync_handle so it can be matched once
1916          * receiving the BIG Info.
1917          * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a
1918          * a BIG Info it attempts to check if there any listening socket with
1919          * the same sync_handle and if it does then attempt to create a sync.
1920          * 3. HCI_EV_LE_PER_ADV_REPORT: When a PA report is received, it is stored
1921          * in iso_pi(sk)->base so it can be passed up to user, in the case of a
1922          * broadcast sink.
1923          */
1924         ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED);
1925         if (ev1) {
1926                 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, iso_match_sid,
1927                                          ev1);
1928                 if (sk && !ev1->status)
1929                         iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle);
1930
1931                 goto done;
1932         }
1933
1934         ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT);
1935         if (ev2) {
1936                 /* Try to get PA sync listening socket, if it exists */
1937                 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr,
1938                                                 iso_match_pa_sync_flag, NULL);
1939
1940                 if (!sk) {
1941                         sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr,
1942                                                  iso_match_sync_handle, ev2);
1943
1944                         /* If PA Sync is in process of terminating,
1945                          * do not handle any more BIGInfo adv reports.
1946                          */
1947
1948                         if (sk && test_bit(BT_SK_PA_SYNC_TERM,
1949                                            &iso_pi(sk)->flags))
1950                                 return 0;
1951                 }
1952
1953                 if (sk) {
1954                         int err;
1955
1956                         if (ev2->num_bis < iso_pi(sk)->bc_num_bis)
1957                                 iso_pi(sk)->bc_num_bis = ev2->num_bis;
1958
1959                         if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) &&
1960                             !test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
1961                                 err = hci_le_big_create_sync(hdev, NULL,
1962                                                              &iso_pi(sk)->qos,
1963                                                              iso_pi(sk)->sync_handle,
1964                                                              iso_pi(sk)->bc_num_bis,
1965                                                              iso_pi(sk)->bc_bis);
1966                                 if (err) {
1967                                         bt_dev_err(hdev, "hci_le_big_create_sync: %d",
1968                                                    err);
1969                                         sock_put(sk);
1970                                         sk = NULL;
1971                                 }
1972                         }
1973                 }
1974         }
1975
1976         ev3 = hci_recv_event_data(hdev, HCI_EV_LE_PER_ADV_REPORT);
1977         if (ev3) {
1978                 size_t base_len = 0;
1979                 u8 *base;
1980                 struct hci_conn *hcon;
1981
1982                 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr,
1983                                          iso_match_sync_handle_pa_report, ev3);
1984                 if (!sk)
1985                         goto done;
1986
1987                 hcon = iso_pi(sk)->conn->hcon;
1988                 if (!hcon)
1989                         goto done;
1990
1991                 if (ev3->data_status == LE_PA_DATA_TRUNCATED) {
1992                         /* The controller was unable to retrieve PA data. */
1993                         memset(hcon->le_per_adv_data, 0,
1994                                HCI_MAX_PER_AD_TOT_LEN);
1995                         hcon->le_per_adv_data_len = 0;
1996                         hcon->le_per_adv_data_offset = 0;
1997                         goto done;
1998                 }
1999
2000                 if (hcon->le_per_adv_data_offset + ev3->length >
2001                     HCI_MAX_PER_AD_TOT_LEN)
2002                         goto done;
2003
2004                 memcpy(hcon->le_per_adv_data + hcon->le_per_adv_data_offset,
2005                        ev3->data, ev3->length);
2006                 hcon->le_per_adv_data_offset += ev3->length;
2007
2008                 if (ev3->data_status == LE_PA_DATA_COMPLETE) {
2009                         /* All PA data has been received. */
2010                         hcon->le_per_adv_data_len =
2011                                 hcon->le_per_adv_data_offset;
2012                         hcon->le_per_adv_data_offset = 0;
2013
2014                         /* Extract BASE */
2015                         base = eir_get_service_data(hcon->le_per_adv_data,
2016                                                     hcon->le_per_adv_data_len,
2017                                                     EIR_BAA_SERVICE_UUID,
2018                                                     &base_len);
2019
2020                         if (!base || base_len > BASE_MAX_LENGTH)
2021                                 goto done;
2022
2023                         memcpy(iso_pi(sk)->base, base, base_len);
2024                         iso_pi(sk)->base_len = base_len;
2025                 } else {
2026                         /* This is a PA data fragment. Keep pa_data_len set to 0
2027                          * until all data has been reassembled.
2028                          */
2029                         hcon->le_per_adv_data_len = 0;
2030                 }
2031         } else {
2032                 sk = iso_get_sock_listen(&hdev->bdaddr, BDADDR_ANY, NULL, NULL);
2033         }
2034
2035 done:
2036         if (!sk)
2037                 return 0;
2038
2039         if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
2040                 *flags |= HCI_PROTO_DEFER;
2041
2042         sock_put(sk);
2043
2044         return HCI_LM_ACCEPT;
2045 }
2046
2047 static void iso_connect_cfm(struct hci_conn *hcon, __u8 status)
2048 {
2049         if (hcon->type != ISO_LINK) {
2050                 if (hcon->type != LE_LINK)
2051                         return;
2052
2053                 /* Check if LE link has failed */
2054                 if (status) {
2055                         struct hci_link *link, *t;
2056
2057                         list_for_each_entry_safe(link, t, &hcon->link_list,
2058                                                  list)
2059                                 iso_conn_del(link->conn, bt_to_errno(status));
2060
2061                         return;
2062                 }
2063
2064                 /* Create CIS if pending */
2065                 hci_le_create_cis_pending(hcon->hdev);
2066                 return;
2067         }
2068
2069         BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
2070
2071         /* Similar to the success case, if HCI_CONN_BIG_SYNC_FAILED or
2072          * HCI_CONN_PA_SYNC_FAILED is set, queue the failed connection
2073          * into the accept queue of the listening socket and wake up
2074          * userspace, to inform the user about the event.
2075          */
2076         if (!status || test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags) ||
2077             test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) {
2078                 struct iso_conn *conn;
2079
2080                 conn = iso_conn_add(hcon);
2081                 if (conn)
2082                         iso_conn_ready(conn);
2083         } else {
2084                 iso_conn_del(hcon, bt_to_errno(status));
2085         }
2086 }
2087
2088 static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason)
2089 {
2090         if (hcon->type != ISO_LINK)
2091                 return;
2092
2093         BT_DBG("hcon %p reason %d", hcon, reason);
2094
2095         iso_conn_del(hcon, bt_to_errno(reason));
2096 }
2097
2098 void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2099 {
2100         struct iso_conn *conn = hcon->iso_data;
2101         __u16 pb, ts, len;
2102
2103         if (!conn)
2104                 goto drop;
2105
2106         pb     = hci_iso_flags_pb(flags);
2107         ts     = hci_iso_flags_ts(flags);
2108
2109         BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts);
2110
2111         switch (pb) {
2112         case ISO_START:
2113         case ISO_SINGLE:
2114                 if (conn->rx_len) {
2115                         BT_ERR("Unexpected start frame (len %d)", skb->len);
2116                         kfree_skb(conn->rx_skb);
2117                         conn->rx_skb = NULL;
2118                         conn->rx_len = 0;
2119                 }
2120
2121                 if (ts) {
2122                         struct hci_iso_ts_data_hdr *hdr;
2123
2124                         /* TODO: add timestamp to the packet? */
2125                         hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE);
2126                         if (!hdr) {
2127                                 BT_ERR("Frame is too short (len %d)", skb->len);
2128                                 goto drop;
2129                         }
2130
2131                         len = __le16_to_cpu(hdr->slen);
2132                 } else {
2133                         struct hci_iso_data_hdr *hdr;
2134
2135                         hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE);
2136                         if (!hdr) {
2137                                 BT_ERR("Frame is too short (len %d)", skb->len);
2138                                 goto drop;
2139                         }
2140
2141                         len = __le16_to_cpu(hdr->slen);
2142                 }
2143
2144                 flags  = hci_iso_data_flags(len);
2145                 len    = hci_iso_data_len(len);
2146
2147                 BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x", len,
2148                        skb->len, flags);
2149
2150                 if (len == skb->len) {
2151                         /* Complete frame received */
2152                         hci_skb_pkt_status(skb) = flags & 0x03;
2153                         iso_recv_frame(conn, skb);
2154                         return;
2155                 }
2156
2157                 if (pb == ISO_SINGLE) {
2158                         BT_ERR("Frame malformed (len %d, expected len %d)",
2159                                skb->len, len);
2160                         goto drop;
2161                 }
2162
2163                 if (skb->len > len) {
2164                         BT_ERR("Frame is too long (len %d, expected len %d)",
2165                                skb->len, len);
2166                         goto drop;
2167                 }
2168
2169                 /* Allocate skb for the complete frame (with header) */
2170                 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL);
2171                 if (!conn->rx_skb)
2172                         goto drop;
2173
2174                 hci_skb_pkt_status(conn->rx_skb) = flags & 0x03;
2175                 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2176                                           skb->len);
2177                 conn->rx_len = len - skb->len;
2178                 break;
2179
2180         case ISO_CONT:
2181                 BT_DBG("Cont: frag len %d (expecting %d)", skb->len,
2182                        conn->rx_len);
2183
2184                 if (!conn->rx_len) {
2185                         BT_ERR("Unexpected continuation frame (len %d)",
2186                                skb->len);
2187                         goto drop;
2188                 }
2189
2190                 if (skb->len > conn->rx_len) {
2191                         BT_ERR("Fragment is too long (len %d, expected %d)",
2192                                skb->len, conn->rx_len);
2193                         kfree_skb(conn->rx_skb);
2194                         conn->rx_skb = NULL;
2195                         conn->rx_len = 0;
2196                         goto drop;
2197                 }
2198
2199                 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2200                                           skb->len);
2201                 conn->rx_len -= skb->len;
2202                 return;
2203
2204         case ISO_END:
2205                 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2206                                           skb->len);
2207                 conn->rx_len -= skb->len;
2208
2209                 if (!conn->rx_len) {
2210                         struct sk_buff *rx_skb = conn->rx_skb;
2211
2212                         /* Complete frame received. iso_recv_frame
2213                          * takes ownership of the skb so set the global
2214                          * rx_skb pointer to NULL first.
2215                          */
2216                         conn->rx_skb = NULL;
2217                         iso_recv_frame(conn, rx_skb);
2218                 }
2219                 break;
2220         }
2221
2222 drop:
2223         kfree_skb(skb);
2224 }
2225
2226 static struct hci_cb iso_cb = {
2227         .name           = "ISO",
2228         .connect_cfm    = iso_connect_cfm,
2229         .disconn_cfm    = iso_disconn_cfm,
2230 };
2231
2232 static int iso_debugfs_show(struct seq_file *f, void *p)
2233 {
2234         struct sock *sk;
2235
2236         read_lock(&iso_sk_list.lock);
2237
2238         sk_for_each(sk, &iso_sk_list.head) {
2239                 seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src,
2240                            &iso_pi(sk)->dst, sk->sk_state);
2241         }
2242
2243         read_unlock(&iso_sk_list.lock);
2244
2245         return 0;
2246 }
2247
2248 DEFINE_SHOW_ATTRIBUTE(iso_debugfs);
2249
2250 static struct dentry *iso_debugfs;
2251
2252 static const struct proto_ops iso_sock_ops = {
2253         .family         = PF_BLUETOOTH,
2254         .owner          = THIS_MODULE,
2255         .release        = iso_sock_release,
2256         .bind           = iso_sock_bind,
2257         .connect        = iso_sock_connect,
2258         .listen         = iso_sock_listen,
2259         .accept         = iso_sock_accept,
2260         .getname        = iso_sock_getname,
2261         .sendmsg        = iso_sock_sendmsg,
2262         .recvmsg        = iso_sock_recvmsg,
2263         .poll           = bt_sock_poll,
2264         .ioctl          = bt_sock_ioctl,
2265         .mmap           = sock_no_mmap,
2266         .socketpair     = sock_no_socketpair,
2267         .shutdown       = iso_sock_shutdown,
2268         .setsockopt     = iso_sock_setsockopt,
2269         .getsockopt     = iso_sock_getsockopt
2270 };
2271
2272 static const struct net_proto_family iso_sock_family_ops = {
2273         .family = PF_BLUETOOTH,
2274         .owner  = THIS_MODULE,
2275         .create = iso_sock_create,
2276 };
2277
2278 static bool iso_inited;
2279
2280 bool iso_enabled(void)
2281 {
2282         return iso_inited;
2283 }
2284
2285 int iso_init(void)
2286 {
2287         int err;
2288
2289         BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr));
2290
2291         if (iso_inited)
2292                 return -EALREADY;
2293
2294         err = proto_register(&iso_proto, 0);
2295         if (err < 0)
2296                 return err;
2297
2298         err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops);
2299         if (err < 0) {
2300                 BT_ERR("ISO socket registration failed");
2301                 goto error;
2302         }
2303
2304         err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL);
2305         if (err < 0) {
2306                 BT_ERR("Failed to create ISO proc file");
2307                 bt_sock_unregister(BTPROTO_ISO);
2308                 goto error;
2309         }
2310
2311         BT_INFO("ISO socket layer initialized");
2312
2313         hci_register_cb(&iso_cb);
2314
2315         if (IS_ERR_OR_NULL(bt_debugfs))
2316                 return 0;
2317
2318         if (!iso_debugfs) {
2319                 iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs,
2320                                                   NULL, &iso_debugfs_fops);
2321         }
2322
2323         iso_inited = true;
2324
2325         return 0;
2326
2327 error:
2328         proto_unregister(&iso_proto);
2329         return err;
2330 }
2331
2332 int iso_exit(void)
2333 {
2334         if (!iso_inited)
2335                 return -EALREADY;
2336
2337         bt_procfs_cleanup(&init_net, "iso");
2338
2339         debugfs_remove(iso_debugfs);
2340         iso_debugfs = NULL;
2341
2342         hci_unregister_cb(&iso_cb);
2343
2344         bt_sock_unregister(BTPROTO_ISO);
2345
2346         proto_unregister(&iso_proto);
2347
2348         iso_inited = false;
2349
2350         return 0;
2351 }
Source code of Linux-libre