CoCalc -- iso.c

GitHub Repository: torvalds/linux
Path: blob/master/net/bluetooth/iso.c
⁴⁹¹⁵⁶ views
1
// SPDX-License-Identifier: GPL-2.0
2
/*
3
 * BlueZ - Bluetooth protocol stack for Linux
4
 *
5
 * Copyright (C) 2022 Intel Corporation
6
 * Copyright 2023-2024 NXP
7
 */
8

9
#include <linux/module.h>
10
#include <linux/debugfs.h>
11
#include <linux/seq_file.h>
12
#include <linux/sched/signal.h>
13

14
#include <net/bluetooth/bluetooth.h>
15
#include <net/bluetooth/hci_core.h>
16
#include <net/bluetooth/iso.h>
17
#include "eir.h"
18

19
static const struct proto_ops iso_sock_ops;
20

21
static struct bt_sock_list iso_sk_list = {
22
	.lock = __RW_LOCK_UNLOCKED(iso_sk_list.lock)
23
};
24

25
/* ---- ISO connections ---- */
26
struct iso_conn {
27
	struct hci_conn	*hcon;
28

29
	/* @lock: spinlock protecting changes to iso_conn fields */
30
	spinlock_t	lock;
31
	struct sock	*sk;
32

33
	struct delayed_work	timeout_work;
34

35
	struct sk_buff	*rx_skb;
36
	__u32		rx_len;
37
	__u16		tx_sn;
38
	struct kref	ref;
39
};
40

41
#define iso_conn_lock(c)	spin_lock(&(c)->lock)
42
#define iso_conn_unlock(c)	spin_unlock(&(c)->lock)
43

44
static void iso_sock_close(struct sock *sk);
45
static void iso_sock_kill(struct sock *sk);
46

47
/* ----- ISO socket info ----- */
48
#define iso_pi(sk) ((struct iso_pinfo *)sk)
49

50
#define EIR_SERVICE_DATA_LENGTH 4
51
#define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH)
52
#define EIR_BAA_SERVICE_UUID	0x1851
53

54
/* iso_pinfo flags values */
55
enum {
56
	BT_SK_BIG_SYNC,
57
	BT_SK_PA_SYNC,
58
};
59

60
struct iso_pinfo {
61
	struct bt_sock		bt;
62
	bdaddr_t		src;
63
	__u8			src_type;
64
	bdaddr_t		dst;
65
	__u8			dst_type;
66
	__u8			bc_sid;
67
	__u8			bc_num_bis;
68
	__u8			bc_bis[ISO_MAX_NUM_BIS];
69
	__u16			sync_handle;
70
	unsigned long		flags;
71
	struct bt_iso_qos	qos;
72
	bool			qos_user_set;
73
	__u8			base_len;
74
	__u8			base[BASE_MAX_LENGTH];
75
	struct iso_conn		*conn;
76
};
77

78
static struct bt_iso_qos default_qos;
79

80
static bool check_ucast_qos(struct bt_iso_qos *qos);
81
static bool check_bcast_qos(struct bt_iso_qos *qos);
82
static bool iso_match_sid(struct sock *sk, void *data);
83
static bool iso_match_sid_past(struct sock *sk, void *data);
84
static bool iso_match_sync_handle(struct sock *sk, void *data);
85
static bool iso_match_sync_handle_pa_report(struct sock *sk, void *data);
86
static void iso_sock_disconn(struct sock *sk);
87

88
typedef bool (*iso_sock_match_t)(struct sock *sk, void *data);
89

90
static struct sock *iso_get_sock(struct hci_dev *hdev, bdaddr_t *src,
91
				 bdaddr_t *dst, enum bt_sock_state state,
92
				 iso_sock_match_t match, void *data);
93

94
/* ---- ISO timers ---- */
95
#define ISO_CONN_TIMEOUT	secs_to_jiffies(20)
96
#define ISO_DISCONN_TIMEOUT	secs_to_jiffies(2)
97

98
static void iso_conn_free(struct kref *ref)
99
{
100
	struct iso_conn *conn = container_of(ref, struct iso_conn, ref);
101

102
	BT_DBG("conn %p", conn);
103

104
	if (conn->sk)
105
		iso_pi(conn->sk)->conn = NULL;
106

107
	if (conn->hcon) {
108
		conn->hcon->iso_data = NULL;
109
		hci_conn_drop(conn->hcon);
110
	}
111

112
	/* Ensure no more work items will run since hci_conn has been dropped */
113
	disable_delayed_work_sync(&conn->timeout_work);
114

115
	kfree_skb(conn->rx_skb);
116

117
	kfree(conn);
118
}
119

120
static void iso_conn_put(struct iso_conn *conn)
121
{
122
	if (!conn)
123
		return;
124

125
	BT_DBG("conn %p refcnt %d", conn, kref_read(&conn->ref));
126

127
	kref_put(&conn->ref, iso_conn_free);
128
}
129

130
static struct iso_conn *iso_conn_hold_unless_zero(struct iso_conn *conn)
131
{
132
	if (!conn)
133
		return NULL;
134

135
	BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref));
136

137
	if (!kref_get_unless_zero(&conn->ref))
138
		return NULL;
139

140
	return conn;
141
}
142

143
static struct sock *iso_sock_hold(struct iso_conn *conn)
144
{
145
	if (!conn || !bt_sock_linked(&iso_sk_list, conn->sk))
146
		return NULL;
147

148
	sock_hold(conn->sk);
149

150
	return conn->sk;
151
}
152

153
static void iso_sock_timeout(struct work_struct *work)
154
{
155
	struct iso_conn *conn = container_of(work, struct iso_conn,
156
					     timeout_work.work);
157
	struct sock *sk;
158

159
	conn = iso_conn_hold_unless_zero(conn);
160
	if (!conn)
161
		return;
162

163
	iso_conn_lock(conn);
164
	sk = iso_sock_hold(conn);
165
	iso_conn_unlock(conn);
166
	iso_conn_put(conn);
167

168
	if (!sk)
169
		return;
170

171
	BT_DBG("sock %p state %d", sk, sk->sk_state);
172

173
	lock_sock(sk);
174
	sk->sk_err = ETIMEDOUT;
175
	sk->sk_state_change(sk);
176
	release_sock(sk);
177
	sock_put(sk);
178
}
179

180
static void iso_sock_set_timer(struct sock *sk, long timeout)
181
{
182
	if (!iso_pi(sk)->conn)
183
		return;
184

185
	BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
186
	cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
187
	schedule_delayed_work(&iso_pi(sk)->conn->timeout_work, timeout);
188
}
189

190
static void iso_sock_clear_timer(struct sock *sk)
191
{
192
	if (!iso_pi(sk)->conn)
193
		return;
194

195
	BT_DBG("sock %p state %d", sk, sk->sk_state);
196
	cancel_delayed_work(&iso_pi(sk)->conn->timeout_work);
197
}
198

199
/* ---- ISO connections ---- */
200
static struct iso_conn *iso_conn_add(struct hci_conn *hcon)
201
{
202
	struct iso_conn *conn = hcon->iso_data;
203

204
	conn = iso_conn_hold_unless_zero(conn);
205
	if (conn) {
206
		if (!conn->hcon) {
207
			iso_conn_lock(conn);
208
			conn->hcon = hcon;
209
			iso_conn_unlock(conn);
210
		}
211
		iso_conn_put(conn);
212
		return conn;
213
	}
214

215
	conn = kzalloc(sizeof(*conn), GFP_KERNEL);
216
	if (!conn)
217
		return NULL;
218

219
	kref_init(&conn->ref);
220
	spin_lock_init(&conn->lock);
221
	INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout);
222

223
	hcon->iso_data = conn;
224
	conn->hcon = hcon;
225
	conn->tx_sn = 0;
226

227
	BT_DBG("hcon %p conn %p", hcon, conn);
228

229
	return conn;
230
}
231

232
/* Delete channel. Must be called on the locked socket. */
233
static void iso_chan_del(struct sock *sk, int err)
234
{
235
	struct iso_conn *conn;
236
	struct sock *parent;
237

238
	conn = iso_pi(sk)->conn;
239
	iso_pi(sk)->conn = NULL;
240

241
	BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
242

243
	if (conn) {
244
		iso_conn_lock(conn);
245
		conn->sk = NULL;
246
		iso_conn_unlock(conn);
247
		iso_conn_put(conn);
248
	}
249

250
	sk->sk_state = BT_CLOSED;
251
	sk->sk_err   = err;
252

253
	parent = bt_sk(sk)->parent;
254
	if (parent) {
255
		bt_accept_unlink(sk);
256
		parent->sk_data_ready(parent);
257
	} else {
258
		sk->sk_state_change(sk);
259
	}
260

261
	sock_set_flag(sk, SOCK_ZAPPED);
262
}
263

264
static void iso_conn_del(struct hci_conn *hcon, int err)
265
{
266
	struct iso_conn *conn = hcon->iso_data;
267
	struct sock *sk;
268

269
	conn = iso_conn_hold_unless_zero(conn);
270
	if (!conn)
271
		return;
272

273
	BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
274

275
	/* Kill socket */
276
	iso_conn_lock(conn);
277
	sk = iso_sock_hold(conn);
278
	iso_conn_unlock(conn);
279
	iso_conn_put(conn);
280

281
	if (!sk) {
282
		iso_conn_put(conn);
283
		return;
284
	}
285

286
	lock_sock(sk);
287
	iso_sock_clear_timer(sk);
288
	iso_chan_del(sk, err);
289
	release_sock(sk);
290
	sock_put(sk);
291
}
292

293
static int __iso_chan_add(struct iso_conn *conn, struct sock *sk,
294
			  struct sock *parent)
295
{
296
	BT_DBG("conn %p", conn);
297

298
	if (iso_pi(sk)->conn == conn && conn->sk == sk)
299
		return 0;
300

301
	if (conn->sk) {
302
		BT_ERR("conn->sk already set");
303
		return -EBUSY;
304
	}
305

306
	iso_pi(sk)->conn = conn;
307
	conn->sk = sk;
308

309
	if (parent)
310
		bt_accept_enqueue(parent, sk, true);
311

312
	return 0;
313
}
314

315
static int iso_chan_add(struct iso_conn *conn, struct sock *sk,
316
			struct sock *parent)
317
{
318
	int err;
319

320
	iso_conn_lock(conn);
321
	err = __iso_chan_add(conn, sk, parent);
322
	iso_conn_unlock(conn);
323

324
	return err;
325
}
326

327
static inline u8 le_addr_type(u8 bdaddr_type)
328
{
329
	if (bdaddr_type == BDADDR_LE_PUBLIC)
330
		return ADDR_LE_DEV_PUBLIC;
331
	else
332
		return ADDR_LE_DEV_RANDOM;
333
}
334

335
static int iso_connect_bis(struct sock *sk)
336
{
337
	struct iso_conn *conn;
338
	struct hci_conn *hcon;
339
	struct hci_dev  *hdev;
340
	int err;
341

342
	BT_DBG("%pMR (SID 0x%2.2x)", &iso_pi(sk)->src, iso_pi(sk)->bc_sid);
343

344
	hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
345
			     iso_pi(sk)->src_type);
346
	if (!hdev)
347
		return -EHOSTUNREACH;
348

349
	hci_dev_lock(hdev);
350

351
	if (!bis_capable(hdev)) {
352
		err = -EOPNOTSUPP;
353
		goto unlock;
354
	}
355

356
	/* Fail if user set invalid QoS */
357
	if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) {
358
		iso_pi(sk)->qos = default_qos;
359
		err = -EINVAL;
360
		goto unlock;
361
	}
362

363
	/* Fail if out PHYs are marked as disabled */
364
	if (!iso_pi(sk)->qos.bcast.out.phy) {
365
		err = -EINVAL;
366
		goto unlock;
367
	}
368

369
	/* Just bind if DEFER_SETUP has been set */
370
	if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
371
		hcon = hci_bind_bis(hdev, &iso_pi(sk)->dst, iso_pi(sk)->bc_sid,
372
				    &iso_pi(sk)->qos, iso_pi(sk)->base_len,
373
				    iso_pi(sk)->base,
374
				    READ_ONCE(sk->sk_sndtimeo));
375
		if (IS_ERR(hcon)) {
376
			err = PTR_ERR(hcon);
377
			goto unlock;
378
		}
379
	} else {
380
		hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst,
381
				       le_addr_type(iso_pi(sk)->dst_type),
382
				       iso_pi(sk)->bc_sid, &iso_pi(sk)->qos,
383
				       iso_pi(sk)->base_len, iso_pi(sk)->base,
384
				       READ_ONCE(sk->sk_sndtimeo));
385
		if (IS_ERR(hcon)) {
386
			err = PTR_ERR(hcon);
387
			goto unlock;
388
		}
389

390
		/* Update SID if it was not set */
391
		if (iso_pi(sk)->bc_sid == HCI_SID_INVALID)
392
			iso_pi(sk)->bc_sid = hcon->sid;
393
	}
394

395
	conn = iso_conn_add(hcon);
396
	if (!conn) {
397
		hci_conn_drop(hcon);
398
		err = -ENOMEM;
399
		goto unlock;
400
	}
401

402
	lock_sock(sk);
403

404
	err = iso_chan_add(conn, sk, NULL);
405
	if (err) {
406
		release_sock(sk);
407
		goto unlock;
408
	}
409

410
	/* Update source addr of the socket */
411
	bacpy(&iso_pi(sk)->src, &hcon->src);
412

413
	if (hcon->state == BT_CONNECTED) {
414
		iso_sock_clear_timer(sk);
415
		sk->sk_state = BT_CONNECTED;
416
	} else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
417
		iso_sock_clear_timer(sk);
418
		sk->sk_state = BT_CONNECT;
419
	} else {
420
		sk->sk_state = BT_CONNECT;
421
		iso_sock_set_timer(sk, READ_ONCE(sk->sk_sndtimeo));
422
	}
423

424
	release_sock(sk);
425

426
unlock:
427
	hci_dev_unlock(hdev);
428
	hci_dev_put(hdev);
429
	return err;
430
}
431

432
static int iso_connect_cis(struct sock *sk)
433
{
434
	struct iso_conn *conn;
435
	struct hci_conn *hcon;
436
	struct hci_dev  *hdev;
437
	int err;
438

439
	BT_DBG("%pMR -> %pMR", &iso_pi(sk)->src, &iso_pi(sk)->dst);
440

441
	hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
442
			     iso_pi(sk)->src_type);
443
	if (!hdev)
444
		return -EHOSTUNREACH;
445

446
	hci_dev_lock(hdev);
447

448
	if (!cis_central_capable(hdev)) {
449
		err = -EOPNOTSUPP;
450
		goto unlock;
451
	}
452

453
	/* Fail if user set invalid QoS */
454
	if (iso_pi(sk)->qos_user_set && !check_ucast_qos(&iso_pi(sk)->qos)) {
455
		iso_pi(sk)->qos = default_qos;
456
		err = -EINVAL;
457
		goto unlock;
458
	}
459

460
	/* Fail if either PHYs are marked as disabled */
461
	if (!iso_pi(sk)->qos.ucast.in.phy && !iso_pi(sk)->qos.ucast.out.phy) {
462
		err = -EINVAL;
463
		goto unlock;
464
	}
465

466
	/* Check if there are available buffers for output/TX. */
467
	if (iso_pi(sk)->qos.ucast.out.sdu && !hci_iso_count(hdev) &&
468
	    (hdev->iso_pkts && !hdev->iso_cnt)) {
469
		err = -ENOBUFS;
470
		goto unlock;
471
	}
472

473
	/* Just bind if DEFER_SETUP has been set */
474
	if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
475
		hcon = hci_bind_cis(hdev, &iso_pi(sk)->dst,
476
				    le_addr_type(iso_pi(sk)->dst_type),
477
				    &iso_pi(sk)->qos,
478
				    READ_ONCE(sk->sk_sndtimeo));
479
		if (IS_ERR(hcon)) {
480
			err = PTR_ERR(hcon);
481
			goto unlock;
482
		}
483
	} else {
484
		hcon = hci_connect_cis(hdev, &iso_pi(sk)->dst,
485
				       le_addr_type(iso_pi(sk)->dst_type),
486
				       &iso_pi(sk)->qos,
487
				       READ_ONCE(sk->sk_sndtimeo));
488
		if (IS_ERR(hcon)) {
489
			err = PTR_ERR(hcon);
490
			goto unlock;
491
		}
492
	}
493

494
	conn = iso_conn_add(hcon);
495
	if (!conn) {
496
		hci_conn_drop(hcon);
497
		err = -ENOMEM;
498
		goto unlock;
499
	}
500

501
	lock_sock(sk);
502

503
	err = iso_chan_add(conn, sk, NULL);
504
	if (err) {
505
		release_sock(sk);
506
		goto unlock;
507
	}
508

509
	/* Update source addr of the socket */
510
	bacpy(&iso_pi(sk)->src, &hcon->src);
511

512
	if (hcon->state == BT_CONNECTED) {
513
		iso_sock_clear_timer(sk);
514
		sk->sk_state = BT_CONNECTED;
515
	} else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
516
		iso_sock_clear_timer(sk);
517
		sk->sk_state = BT_CONNECT;
518
	} else {
519
		sk->sk_state = BT_CONNECT;
520
		iso_sock_set_timer(sk, READ_ONCE(sk->sk_sndtimeo));
521
	}
522

523
	release_sock(sk);
524

525
unlock:
526
	hci_dev_unlock(hdev);
527
	hci_dev_put(hdev);
528
	return err;
529
}
530

531
static struct bt_iso_qos *iso_sock_get_qos(struct sock *sk)
532
{
533
	if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONNECT2)
534
		return &iso_pi(sk)->conn->hcon->iso_qos;
535

536
	return &iso_pi(sk)->qos;
537
}
538

539
static int iso_send_frame(struct sock *sk, struct sk_buff *skb,
540
			  const struct sockcm_cookie *sockc)
541
{
542
	struct iso_conn *conn = iso_pi(sk)->conn;
543
	struct bt_iso_qos *qos = iso_sock_get_qos(sk);
544
	struct hci_iso_data_hdr *hdr;
545
	int len = 0;
546

547
	BT_DBG("sk %p len %d", sk, skb->len);
548

549
	if (skb->len > qos->ucast.out.sdu)
550
		return -EMSGSIZE;
551

552
	len = skb->len;
553

554
	/* Push ISO data header */
555
	hdr = skb_push(skb, HCI_ISO_DATA_HDR_SIZE);
556
	hdr->sn = cpu_to_le16(conn->tx_sn++);
557
	hdr->slen = cpu_to_le16(hci_iso_data_len_pack(len,
558
						      HCI_ISO_STATUS_VALID));
559

560
	if (sk->sk_state == BT_CONNECTED) {
561
		hci_setup_tx_timestamp(skb, 1, sockc);
562
		hci_send_iso(conn->hcon, skb);
563
	} else {
564
		len = -ENOTCONN;
565
	}
566

567
	return len;
568
}
569

570
static void iso_recv_frame(struct iso_conn *conn, struct sk_buff *skb)
571
{
572
	struct sock *sk;
573

574
	iso_conn_lock(conn);
575
	sk = conn->sk;
576
	iso_conn_unlock(conn);
577

578
	if (!sk)
579
		goto drop;
580

581
	BT_DBG("sk %p len %d", sk, skb->len);
582

583
	if (sk->sk_state != BT_CONNECTED)
584
		goto drop;
585

586
	if (!sock_queue_rcv_skb(sk, skb))
587
		return;
588

589
drop:
590
	kfree_skb(skb);
591
}
592

593
/* -------- Socket interface ---------- */
594
static struct sock *__iso_get_sock_listen_by_addr(bdaddr_t *src, bdaddr_t *dst)
595
{
596
	struct sock *sk;
597

598
	sk_for_each(sk, &iso_sk_list.head) {
599
		if (sk->sk_state != BT_LISTEN)
600
			continue;
601

602
		if (bacmp(&iso_pi(sk)->dst, dst))
603
			continue;
604

605
		if (!bacmp(&iso_pi(sk)->src, src))
606
			return sk;
607
	}
608

609
	return NULL;
610
}
611

612
static struct sock *__iso_get_sock_listen_by_sid(bdaddr_t *ba, bdaddr_t *bc,
613
						 __u8 sid)
614
{
615
	struct sock *sk;
616

617
	sk_for_each(sk, &iso_sk_list.head) {
618
		if (sk->sk_state != BT_LISTEN)
619
			continue;
620

621
		if (bacmp(&iso_pi(sk)->src, ba))
622
			continue;
623

624
		if (bacmp(&iso_pi(sk)->dst, bc))
625
			continue;
626

627
		if (iso_pi(sk)->bc_sid == sid)
628
			return sk;
629
	}
630

631
	return NULL;
632
}
633

634
/* Find socket in given state:
635
 * source bdaddr (Unicast)
636
 * destination bdaddr (Broadcast only)
637
 * match func - pass NULL to ignore
638
 * match func data - pass -1 to ignore
639
 * Returns closest match.
640
 */
641
static struct sock *iso_get_sock(struct hci_dev *hdev, bdaddr_t *src,
642
				 bdaddr_t *dst, enum bt_sock_state state,
643
				 iso_sock_match_t match, void *data)
644
{
645
	struct sock *sk = NULL, *sk1 = NULL;
646

647
	read_lock(&iso_sk_list.lock);
648

649
	sk_for_each(sk, &iso_sk_list.head) {
650
		if (sk->sk_state != state)
651
			continue;
652

653
		/* Match Broadcast destination */
654
		if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst)) {
655
			struct smp_irk *irk1, *irk2;
656

657
			/* Check if destination is an RPA that we can resolve */
658
			irk1 = hci_find_irk_by_rpa(hdev, dst);
659
			if (!irk1)
660
				continue;
661

662
			/* Match with identity address */
663
			if (bacmp(&iso_pi(sk)->dst, &irk1->bdaddr)) {
664
				/* Check if socket destination address is also
665
				 * an RPA and if the IRK matches.
666
				 */
667
				irk2 = hci_find_irk_by_rpa(hdev,
668
							   &iso_pi(sk)->dst);
669
				if (!irk2 || irk1 != irk2)
670
					continue;
671
			}
672
		}
673

674
		/* Use Match function if provided */
675
		if (match && !match(sk, data))
676
			continue;
677

678
		/* Exact match. */
679
		if (!bacmp(&iso_pi(sk)->src, src)) {
680
			sock_hold(sk);
681
			break;
682
		}
683

684
		/* Closest match */
685
		if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) {
686
			if (sk1)
687
				sock_put(sk1);
688

689
			sk1 = sk;
690
			sock_hold(sk1);
691
		}
692
	}
693

694
	if (sk && sk1)
695
		sock_put(sk1);
696

697
	read_unlock(&iso_sk_list.lock);
698

699
	return sk ? sk : sk1;
700
}
701

702
static struct sock *iso_get_sock_big(struct sock *match_sk, bdaddr_t *src,
703
				     bdaddr_t *dst, uint8_t big)
704
{
705
	struct sock *sk = NULL;
706

707
	read_lock(&iso_sk_list.lock);
708

709
	sk_for_each(sk, &iso_sk_list.head) {
710
		if (match_sk == sk)
711
			continue;
712

713
		/* Look for sockets that have already been
714
		 * connected to the BIG
715
		 */
716
		if (sk->sk_state != BT_CONNECTED &&
717
		    sk->sk_state != BT_CONNECT)
718
			continue;
719

720
		/* Match Broadcast destination */
721
		if (bacmp(&iso_pi(sk)->dst, dst))
722
			continue;
723

724
		/* Match BIG handle */
725
		if (iso_pi(sk)->qos.bcast.big != big)
726
			continue;
727

728
		/* Match source address */
729
		if (bacmp(&iso_pi(sk)->src, src))
730
			continue;
731

732
		sock_hold(sk);
733
		break;
734
	}
735

736
	read_unlock(&iso_sk_list.lock);
737

738
	return sk;
739
}
740

741
static void iso_sock_destruct(struct sock *sk)
742
{
743
	BT_DBG("sk %p", sk);
744

745
	iso_conn_put(iso_pi(sk)->conn);
746

747
	skb_queue_purge(&sk->sk_receive_queue);
748
	skb_queue_purge(&sk->sk_write_queue);
749
}
750

751
static void iso_sock_cleanup_listen(struct sock *parent)
752
{
753
	struct sock *sk;
754

755
	BT_DBG("parent %p", parent);
756

757
	/* Close not yet accepted channels */
758
	while ((sk = bt_accept_dequeue(parent, NULL))) {
759
		iso_sock_close(sk);
760
		iso_sock_kill(sk);
761
	}
762

763
	/* If listening socket has a hcon, properly disconnect it */
764
	if (iso_pi(parent)->conn && iso_pi(parent)->conn->hcon) {
765
		iso_sock_disconn(parent);
766
		return;
767
	}
768

769
	parent->sk_state  = BT_CLOSED;
770
	sock_set_flag(parent, SOCK_ZAPPED);
771
}
772

773
/* Kill socket (only if zapped and orphan)
774
 * Must be called on unlocked socket.
775
 */
776
static void iso_sock_kill(struct sock *sk)
777
{
778
	if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
779
	    sock_flag(sk, SOCK_DEAD))
780
		return;
781

782
	BT_DBG("sk %p state %d", sk, sk->sk_state);
783

784
	/* Sock is dead, so set conn->sk to NULL to avoid possible UAF */
785
	if (iso_pi(sk)->conn) {
786
		iso_conn_lock(iso_pi(sk)->conn);
787
		iso_pi(sk)->conn->sk = NULL;
788
		iso_conn_unlock(iso_pi(sk)->conn);
789
	}
790

791
	/* Kill poor orphan */
792
	bt_sock_unlink(&iso_sk_list, sk);
793
	sock_set_flag(sk, SOCK_DEAD);
794
	sock_put(sk);
795
}
796

797
static void iso_sock_disconn(struct sock *sk)
798
{
799
	struct sock *bis_sk;
800
	struct hci_conn *hcon = iso_pi(sk)->conn->hcon;
801

802
	if (test_bit(HCI_CONN_BIG_CREATED, &hcon->flags)) {
803
		bis_sk = iso_get_sock_big(sk, &iso_pi(sk)->src,
804
					  &iso_pi(sk)->dst,
805
					  iso_pi(sk)->qos.bcast.big);
806

807
		/* If there are any other connected sockets for the
808
		 * same BIG, just delete the sk and leave the bis
809
		 * hcon active, in case later rebinding is needed.
810
		 */
811
		if (bis_sk) {
812
			hcon->state = BT_OPEN;
813
			hcon->iso_data = NULL;
814
			iso_pi(sk)->conn->hcon = NULL;
815
			iso_sock_clear_timer(sk);
816
			iso_chan_del(sk, bt_to_errno(hcon->abort_reason));
817
			sock_put(bis_sk);
818
			return;
819
		}
820
	}
821

822
	sk->sk_state = BT_DISCONN;
823
	iso_conn_lock(iso_pi(sk)->conn);
824
	hci_conn_drop(iso_pi(sk)->conn->hcon);
825
	iso_pi(sk)->conn->hcon = NULL;
826
	iso_conn_unlock(iso_pi(sk)->conn);
827
}
828

829
static void __iso_sock_close(struct sock *sk)
830
{
831
	BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
832

833
	switch (sk->sk_state) {
834
	case BT_LISTEN:
835
		iso_sock_cleanup_listen(sk);
836
		break;
837

838
	case BT_CONNECT:
839
	case BT_CONNECTED:
840
	case BT_CONFIG:
841
		if (iso_pi(sk)->conn->hcon)
842
			iso_sock_disconn(sk);
843
		else
844
			iso_chan_del(sk, ECONNRESET);
845
		break;
846

847
	case BT_CONNECT2:
848
		if (iso_pi(sk)->conn->hcon &&
849
		    (test_bit(HCI_CONN_PA_SYNC, &iso_pi(sk)->conn->hcon->flags) ||
850
		    test_bit(HCI_CONN_PA_SYNC_FAILED, &iso_pi(sk)->conn->hcon->flags)))
851
			iso_sock_disconn(sk);
852
		else
853
			iso_chan_del(sk, ECONNRESET);
854
		break;
855
	case BT_DISCONN:
856
		iso_chan_del(sk, ECONNRESET);
857
		break;
858

859
	default:
860
		sock_set_flag(sk, SOCK_ZAPPED);
861
		break;
862
	}
863
}
864

865
/* Must be called on unlocked socket. */
866
static void iso_sock_close(struct sock *sk)
867
{
868
	iso_sock_clear_timer(sk);
869
	lock_sock(sk);
870
	__iso_sock_close(sk);
871
	release_sock(sk);
872
	iso_sock_kill(sk);
873
}
874

875
static void iso_sock_init(struct sock *sk, struct sock *parent)
876
{
877
	BT_DBG("sk %p", sk);
878

879
	if (parent) {
880
		sk->sk_type = parent->sk_type;
881
		bt_sk(sk)->flags = bt_sk(parent)->flags;
882
		security_sk_clone(parent, sk);
883
	}
884
}
885

886
static struct proto iso_proto = {
887
	.name		= "ISO",
888
	.owner		= THIS_MODULE,
889
	.obj_size	= sizeof(struct iso_pinfo)
890
};
891

892
#define DEFAULT_IO_QOS \
893
{ \
894
	.interval	= 10000u, \
895
	.latency	= 10u, \
896
	.sdu		= 40u, \
897
	.phy		= BT_ISO_PHY_2M, \
898
	.rtn		= 2u, \
899
}
900

901
static struct bt_iso_qos default_qos = {
902
	.bcast = {
903
		.big			= BT_ISO_QOS_BIG_UNSET,
904
		.bis			= BT_ISO_QOS_BIS_UNSET,
905
		.sync_factor		= 0x01,
906
		.packing		= 0x00,
907
		.framing		= 0x00,
908
		.in			= DEFAULT_IO_QOS,
909
		.out			= DEFAULT_IO_QOS,
910
		.encryption		= 0x00,
911
		.bcode			= {0x00},
912
		.options		= 0x00,
913
		.skip			= 0x0000,
914
		.sync_timeout		= BT_ISO_SYNC_TIMEOUT,
915
		.sync_cte_type		= 0x00,
916
		.mse			= 0x00,
917
		.timeout		= BT_ISO_SYNC_TIMEOUT,
918
	},
919
};
920

921
static struct sock *iso_sock_alloc(struct net *net, struct socket *sock,
922
				   int proto, gfp_t prio, int kern)
923
{
924
	struct sock *sk;
925

926
	sk = bt_sock_alloc(net, sock, &iso_proto, proto, prio, kern);
927
	if (!sk)
928
		return NULL;
929

930
	sk->sk_destruct = iso_sock_destruct;
931
	sk->sk_sndtimeo = ISO_CONN_TIMEOUT;
932

933
	/* Set address type as public as default src address is BDADDR_ANY */
934
	iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
935

936
	iso_pi(sk)->qos = default_qos;
937
	iso_pi(sk)->sync_handle = -1;
938

939
	bt_sock_link(&iso_sk_list, sk);
940
	return sk;
941
}
942

943
static int iso_sock_create(struct net *net, struct socket *sock, int protocol,
944
			   int kern)
945
{
946
	struct sock *sk;
947

948
	BT_DBG("sock %p", sock);
949

950
	sock->state = SS_UNCONNECTED;
951

952
	if (sock->type != SOCK_SEQPACKET)
953
		return -ESOCKTNOSUPPORT;
954

955
	sock->ops = &iso_sock_ops;
956

957
	sk = iso_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
958
	if (!sk)
959
		return -ENOMEM;
960

961
	iso_sock_init(sk, NULL);
962
	return 0;
963
}
964

965
static int iso_sock_bind_bc(struct socket *sock, struct sockaddr_unsized *addr,
966
			    int addr_len)
967
{
968
	struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
969
	struct sock *sk = sock->sk;
970
	int i;
971

972
	BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid,
973
	       sa->iso_bc->bc_num_bis);
974

975
	if (addr_len != sizeof(*sa) + sizeof(*sa->iso_bc))
976
		return -EINVAL;
977

978
	bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr);
979

980
	/* Check if the address type is of LE type */
981
	if (!bdaddr_type_is_le(sa->iso_bc->bc_bdaddr_type))
982
		return -EINVAL;
983

984
	iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type;
985

986
	if (sa->iso_bc->bc_sid > 0x0f && sa->iso_bc->bc_sid != HCI_SID_INVALID)
987
		return -EINVAL;
988

989
	iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid;
990

991
	if (sa->iso_bc->bc_num_bis > ISO_MAX_NUM_BIS)
992
		return -EINVAL;
993

994
	iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis;
995

996
	for (i = 0; i < iso_pi(sk)->bc_num_bis; i++)
997
		if (sa->iso_bc->bc_bis[i] < 0x01 ||
998
		    sa->iso_bc->bc_bis[i] > 0x1f)
999
			return -EINVAL;
1000

1001
	memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis,
1002
	       iso_pi(sk)->bc_num_bis);
1003

1004
	return 0;
1005
}
1006

1007
/* Must be called on the locked socket. */
1008
static int iso_sock_rebind_bis(struct sock *sk, struct sockaddr_iso *sa,
1009
			       int addr_len)
1010
{
1011
	int err = 0;
1012

1013
	if (!test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags))
1014
		return -EBADFD;
1015

1016
	if (sa->iso_bc->bc_num_bis > ISO_MAX_NUM_BIS) {
1017
		err = -EINVAL;
1018
		goto done;
1019
	}
1020

1021
	iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis;
1022

1023
	for (int i = 0; i < iso_pi(sk)->bc_num_bis; i++)
1024
		if (sa->iso_bc->bc_bis[i] < 0x01 ||
1025
		    sa->iso_bc->bc_bis[i] > 0x1f) {
1026
			err = -EINVAL;
1027
			goto done;
1028
		}
1029

1030
	memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis,
1031
	       iso_pi(sk)->bc_num_bis);
1032

1033
done:
1034
	return err;
1035
}
1036

1037
static struct hci_dev *iso_conn_get_hdev(struct iso_conn *conn)
1038
{
1039
	struct hci_dev *hdev = NULL;
1040

1041
	iso_conn_lock(conn);
1042
	if (conn->hcon)
1043
		hdev = hci_dev_hold(conn->hcon->hdev);
1044
	iso_conn_unlock(conn);
1045

1046
	return hdev;
1047
}
1048

1049
/* Must be called on the locked socket. */
1050
static int iso_sock_rebind_bc(struct sock *sk, struct sockaddr_iso *sa,
1051
			      int addr_len)
1052
{
1053
	struct hci_dev *hdev;
1054
	struct hci_conn *bis;
1055
	int err;
1056

1057
	if (sk->sk_type != SOCK_SEQPACKET || !iso_pi(sk)->conn)
1058
		return -EINVAL;
1059

1060
	/* Check if it is really a Broadcast address being requested */
1061
	if (addr_len != sizeof(*sa) + sizeof(*sa->iso_bc))
1062
		return -EINVAL;
1063

1064
	/* Check if the address hasn't changed then perhaps only the number of
1065
	 * bis has changed.
1066
	 */
1067
	if (!bacmp(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr) ||
1068
	    !bacmp(&sa->iso_bc->bc_bdaddr, BDADDR_ANY))
1069
		return iso_sock_rebind_bis(sk, sa, addr_len);
1070

1071
	/* Check if the address type is of LE type */
1072
	if (!bdaddr_type_is_le(sa->iso_bc->bc_bdaddr_type))
1073
		return -EINVAL;
1074

1075
	hdev = iso_conn_get_hdev(iso_pi(sk)->conn);
1076
	if (!hdev)
1077
		return -EINVAL;
1078

1079
	bis = iso_pi(sk)->conn->hcon;
1080

1081
	/* Release the socket before lookups since that requires hci_dev_lock
1082
	 * which shall not be acquired while holding sock_lock for proper
1083
	 * ordering.
1084
	 */
1085
	release_sock(sk);
1086
	hci_dev_lock(bis->hdev);
1087
	lock_sock(sk);
1088

1089
	if (!iso_pi(sk)->conn || iso_pi(sk)->conn->hcon != bis) {
1090
		/* raced with iso_conn_del() or iso_disconn_sock() */
1091
		err = -ENOTCONN;
1092
		goto unlock;
1093
	}
1094

1095
	BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bc->bc_bdaddr,
1096
	       sa->iso_bc->bc_bdaddr_type);
1097

1098
	err = hci_past_bis(bis, &sa->iso_bc->bc_bdaddr,
1099
			   le_addr_type(sa->iso_bc->bc_bdaddr_type));
1100

1101
unlock:
1102
	hci_dev_unlock(hdev);
1103
	hci_dev_put(hdev);
1104

1105
	return err;
1106
}
1107

1108
static int iso_sock_bind(struct socket *sock, struct sockaddr_unsized *addr,
1109
			 int addr_len)
1110
{
1111
	struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1112
	struct sock *sk = sock->sk;
1113
	int err = 0;
1114

1115
	BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bdaddr, sa->iso_bdaddr_type);
1116

1117
	if (!addr || addr_len < sizeof(struct sockaddr_iso) ||
1118
	    addr->sa_family != AF_BLUETOOTH)
1119
		return -EINVAL;
1120

1121
	lock_sock(sk);
1122

1123
	if ((sk->sk_state == BT_CONNECT2 || sk->sk_state == BT_CONNECTED) &&
1124
	    addr_len > sizeof(*sa)) {
1125
		/* Allow the user to rebind to a different address using
1126
		 * PAST procedures.
1127
		 */
1128
		err = iso_sock_rebind_bc(sk, sa, addr_len);
1129
		goto done;
1130
	}
1131

1132
	if (sk->sk_state != BT_OPEN) {
1133
		err = -EBADFD;
1134
		goto done;
1135
	}
1136

1137
	if (sk->sk_type != SOCK_SEQPACKET) {
1138
		err = -EINVAL;
1139
		goto done;
1140
	}
1141

1142
	/* Check if the address type is of LE type */
1143
	if (!bdaddr_type_is_le(sa->iso_bdaddr_type)) {
1144
		err = -EINVAL;
1145
		goto done;
1146
	}
1147

1148
	bacpy(&iso_pi(sk)->src, &sa->iso_bdaddr);
1149
	iso_pi(sk)->src_type = sa->iso_bdaddr_type;
1150

1151
	/* Check for Broadcast address */
1152
	if (addr_len > sizeof(*sa)) {
1153
		err = iso_sock_bind_bc(sock, addr, addr_len);
1154
		if (err)
1155
			goto done;
1156
	}
1157

1158
	sk->sk_state = BT_BOUND;
1159

1160
done:
1161
	release_sock(sk);
1162
	return err;
1163
}
1164

1165
static int iso_sock_connect(struct socket *sock, struct sockaddr_unsized *addr,
1166
			    int alen, int flags)
1167
{
1168
	struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1169
	struct sock *sk = sock->sk;
1170
	int err;
1171

1172
	BT_DBG("sk %p", sk);
1173

1174
	if (alen < sizeof(struct sockaddr_iso) ||
1175
	    addr->sa_family != AF_BLUETOOTH)
1176
		return -EINVAL;
1177

1178
	if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
1179
		return -EBADFD;
1180

1181
	if (sk->sk_type != SOCK_SEQPACKET)
1182
		return -EINVAL;
1183

1184
	/* Check if the address type is of LE type */
1185
	if (!bdaddr_type_is_le(sa->iso_bdaddr_type))
1186
		return -EINVAL;
1187

1188
	lock_sock(sk);
1189

1190
	bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr);
1191
	iso_pi(sk)->dst_type = sa->iso_bdaddr_type;
1192

1193
	release_sock(sk);
1194

1195
	if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
1196
		err = iso_connect_cis(sk);
1197
	else
1198
		err = iso_connect_bis(sk);
1199

1200
	if (err)
1201
		return err;
1202

1203
	lock_sock(sk);
1204

1205
	if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1206
		err = bt_sock_wait_state(sk, BT_CONNECTED,
1207
					 sock_sndtimeo(sk, flags & O_NONBLOCK));
1208
	}
1209

1210
	release_sock(sk);
1211
	return err;
1212
}
1213

1214
static int iso_listen_bis(struct sock *sk)
1215
{
1216
	struct hci_dev *hdev;
1217
	int err = 0;
1218
	struct iso_conn *conn;
1219
	struct hci_conn *hcon;
1220

1221
	BT_DBG("%pMR -> %pMR (SID 0x%2.2x)", &iso_pi(sk)->src,
1222
	       &iso_pi(sk)->dst, iso_pi(sk)->bc_sid);
1223

1224
	write_lock(&iso_sk_list.lock);
1225

1226
	if (__iso_get_sock_listen_by_sid(&iso_pi(sk)->src, &iso_pi(sk)->dst,
1227
					 iso_pi(sk)->bc_sid))
1228
		err = -EADDRINUSE;
1229

1230
	write_unlock(&iso_sk_list.lock);
1231

1232
	if (err)
1233
		return err;
1234

1235
	hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
1236
			     iso_pi(sk)->src_type);
1237
	if (!hdev)
1238
		return -EHOSTUNREACH;
1239

1240
	hci_dev_lock(hdev);
1241
	lock_sock(sk);
1242

1243
	/* Fail if user set invalid QoS */
1244
	if (iso_pi(sk)->qos_user_set && !check_bcast_qos(&iso_pi(sk)->qos)) {
1245
		iso_pi(sk)->qos = default_qos;
1246
		err = -EINVAL;
1247
		goto unlock;
1248
	}
1249

1250
	hcon = hci_pa_create_sync(hdev, &iso_pi(sk)->dst,
1251
				  le_addr_type(iso_pi(sk)->dst_type),
1252
				  iso_pi(sk)->bc_sid, &iso_pi(sk)->qos);
1253
	if (IS_ERR(hcon)) {
1254
		err = PTR_ERR(hcon);
1255
		goto unlock;
1256
	}
1257

1258
	conn = iso_conn_add(hcon);
1259
	if (!conn) {
1260
		hci_conn_drop(hcon);
1261
		err = -ENOMEM;
1262
		goto unlock;
1263
	}
1264

1265
	err = iso_chan_add(conn, sk, NULL);
1266
	if (err) {
1267
		hci_conn_drop(hcon);
1268
		goto unlock;
1269
	}
1270

1271
unlock:
1272
	release_sock(sk);
1273
	hci_dev_unlock(hdev);
1274
	hci_dev_put(hdev);
1275
	return err;
1276
}
1277

1278
static int iso_listen_cis(struct sock *sk)
1279
{
1280
	int err = 0;
1281

1282
	BT_DBG("%pMR", &iso_pi(sk)->src);
1283

1284
	write_lock(&iso_sk_list.lock);
1285

1286
	if (__iso_get_sock_listen_by_addr(&iso_pi(sk)->src, &iso_pi(sk)->dst))
1287
		err = -EADDRINUSE;
1288

1289
	write_unlock(&iso_sk_list.lock);
1290

1291
	return err;
1292
}
1293

1294
static int iso_sock_listen(struct socket *sock, int backlog)
1295
{
1296
	struct sock *sk = sock->sk;
1297
	int err = 0;
1298

1299
	BT_DBG("sk %p backlog %d", sk, backlog);
1300

1301
	sock_hold(sk);
1302
	lock_sock(sk);
1303

1304
	if (sk->sk_state != BT_BOUND) {
1305
		err = -EBADFD;
1306
		goto done;
1307
	}
1308

1309
	if (sk->sk_type != SOCK_SEQPACKET) {
1310
		err = -EINVAL;
1311
		goto done;
1312
	}
1313

1314
	if (!bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) {
1315
		err = iso_listen_cis(sk);
1316
	} else {
1317
		/* Drop sock lock to avoid potential
1318
		 * deadlock with the hdev lock.
1319
		 */
1320
		release_sock(sk);
1321
		err = iso_listen_bis(sk);
1322
		lock_sock(sk);
1323
	}
1324

1325
	if (err)
1326
		goto done;
1327

1328
	sk->sk_max_ack_backlog = backlog;
1329
	sk->sk_ack_backlog = 0;
1330

1331
	sk->sk_state = BT_LISTEN;
1332

1333
done:
1334
	release_sock(sk);
1335
	sock_put(sk);
1336
	return err;
1337
}
1338

1339
static int iso_sock_accept(struct socket *sock, struct socket *newsock,
1340
			   struct proto_accept_arg *arg)
1341
{
1342
	DEFINE_WAIT_FUNC(wait, woken_wake_function);
1343
	struct sock *sk = sock->sk, *ch;
1344
	long timeo;
1345
	int err = 0;
1346

1347
	/* Use explicit nested locking to avoid lockdep warnings generated
1348
	 * because the parent socket and the child socket are locked on the
1349
	 * same thread.
1350
	 */
1351
	lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1352

1353
	timeo = sock_rcvtimeo(sk, arg->flags & O_NONBLOCK);
1354

1355
	BT_DBG("sk %p timeo %ld", sk, timeo);
1356

1357
	/* Wait for an incoming connection. (wake-one). */
1358
	add_wait_queue_exclusive(sk_sleep(sk), &wait);
1359
	while (1) {
1360
		if (sk->sk_state != BT_LISTEN) {
1361
			err = -EBADFD;
1362
			break;
1363
		}
1364

1365
		ch = bt_accept_dequeue(sk, newsock);
1366
		if (ch)
1367
			break;
1368

1369
		if (!timeo) {
1370
			err = -EAGAIN;
1371
			break;
1372
		}
1373

1374
		if (signal_pending(current)) {
1375
			err = sock_intr_errno(timeo);
1376
			break;
1377
		}
1378

1379
		release_sock(sk);
1380

1381
		timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
1382
		lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1383
	}
1384
	remove_wait_queue(sk_sleep(sk), &wait);
1385

1386
	if (err)
1387
		goto done;
1388

1389
	newsock->state = SS_CONNECTED;
1390

1391
	BT_DBG("new socket %p", ch);
1392

1393
	/* A Broadcast Sink might require BIG sync to be terminated
1394
	 * and re-established multiple times, while keeping the same
1395
	 * PA sync handle active. To allow this, once all BIS
1396
	 * connections have been accepted on a PA sync parent socket,
1397
	 * "reset" socket state, to allow future BIG re-sync procedures.
1398
	 */
1399
	if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) {
1400
		/* Iterate through the list of bound BIS indices
1401
		 * and clear each BIS as they are accepted by the
1402
		 * user space, one by one.
1403
		 */
1404
		for (int i = 0; i < iso_pi(sk)->bc_num_bis; i++) {
1405
			if (iso_pi(sk)->bc_bis[i] > 0) {
1406
				iso_pi(sk)->bc_bis[i] = 0;
1407
				iso_pi(sk)->bc_num_bis--;
1408
				break;
1409
			}
1410
		}
1411

1412
		if (iso_pi(sk)->bc_num_bis == 0) {
1413
			/* Once the last BIS was accepted, reset parent
1414
			 * socket parameters to mark that the listening
1415
			 * process for BIS connections has been completed:
1416
			 *
1417
			 * 1. Reset the DEFER setup flag on the parent sk.
1418
			 * 2. Clear the flag marking that the BIG create
1419
			 *    sync command is pending.
1420
			 * 3. Transition socket state from BT_LISTEN to
1421
			 *    BT_CONNECTED.
1422
			 */
1423
			set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1424
			clear_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags);
1425
			sk->sk_state = BT_CONNECTED;
1426
		}
1427
	}
1428

1429
done:
1430
	release_sock(sk);
1431
	return err;
1432
}
1433

1434
static int iso_sock_getname(struct socket *sock, struct sockaddr *addr,
1435
			    int peer)
1436
{
1437
	struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
1438
	struct sock *sk = sock->sk;
1439
	int len = sizeof(struct sockaddr_iso);
1440

1441
	BT_DBG("sock %p, sk %p", sock, sk);
1442

1443
	addr->sa_family = AF_BLUETOOTH;
1444

1445
	if (peer) {
1446
		struct hci_conn *hcon = iso_pi(sk)->conn ?
1447
					iso_pi(sk)->conn->hcon : NULL;
1448

1449
		bacpy(&sa->iso_bdaddr, &iso_pi(sk)->dst);
1450
		sa->iso_bdaddr_type = iso_pi(sk)->dst_type;
1451

1452
		if (hcon && (hcon->type == BIS_LINK || hcon->type == PA_LINK)) {
1453
			sa->iso_bc->bc_sid = iso_pi(sk)->bc_sid;
1454
			sa->iso_bc->bc_num_bis = iso_pi(sk)->bc_num_bis;
1455
			memcpy(sa->iso_bc->bc_bis, iso_pi(sk)->bc_bis,
1456
			       ISO_MAX_NUM_BIS);
1457
			len += sizeof(struct sockaddr_iso_bc);
1458
		}
1459
	} else {
1460
		bacpy(&sa->iso_bdaddr, &iso_pi(sk)->src);
1461
		sa->iso_bdaddr_type = iso_pi(sk)->src_type;
1462
	}
1463

1464
	return len;
1465
}
1466

1467
static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1468
			    size_t len)
1469
{
1470
	struct sock *sk = sock->sk;
1471
	struct sk_buff *skb, **frag;
1472
	struct sockcm_cookie sockc;
1473
	size_t mtu;
1474
	int err;
1475

1476
	BT_DBG("sock %p, sk %p", sock, sk);
1477

1478
	err = sock_error(sk);
1479
	if (err)
1480
		return err;
1481

1482
	if (msg->msg_flags & MSG_OOB)
1483
		return -EOPNOTSUPP;
1484

1485
	hci_sockcm_init(&sockc, sk);
1486

1487
	if (msg->msg_controllen) {
1488
		err = sock_cmsg_send(sk, msg, &sockc);
1489
		if (err)
1490
			return err;
1491
	}
1492

1493
	lock_sock(sk);
1494

1495
	if (sk->sk_state != BT_CONNECTED) {
1496
		release_sock(sk);
1497
		return -ENOTCONN;
1498
	}
1499

1500
	mtu = iso_pi(sk)->conn->hcon->mtu;
1501

1502
	release_sock(sk);
1503

1504
	skb = bt_skb_sendmsg(sk, msg, len, mtu, HCI_ISO_DATA_HDR_SIZE, 0);
1505
	if (IS_ERR(skb))
1506
		return PTR_ERR(skb);
1507

1508
	len -= skb->len;
1509

1510
	BT_DBG("skb %p len %d", sk, skb->len);
1511

1512
	/* Continuation fragments */
1513
	frag = &skb_shinfo(skb)->frag_list;
1514
	while (len) {
1515
		struct sk_buff *tmp;
1516

1517
		tmp = bt_skb_sendmsg(sk, msg, len, mtu, 0, 0);
1518
		if (IS_ERR(tmp)) {
1519
			kfree_skb(skb);
1520
			return PTR_ERR(tmp);
1521
		}
1522

1523
		*frag = tmp;
1524

1525
		len  -= tmp->len;
1526

1527
		skb->len += tmp->len;
1528
		skb->data_len += tmp->len;
1529

1530
		BT_DBG("frag %p len %d", *frag, tmp->len);
1531

1532
		frag = &(*frag)->next;
1533
	}
1534

1535
	lock_sock(sk);
1536

1537
	if (sk->sk_state == BT_CONNECTED)
1538
		err = iso_send_frame(sk, skb, &sockc);
1539
	else
1540
		err = -ENOTCONN;
1541

1542
	release_sock(sk);
1543

1544
	if (err < 0)
1545
		kfree_skb(skb);
1546
	return err;
1547
}
1548

1549
static void iso_conn_defer_accept(struct hci_conn *conn)
1550
{
1551
	struct hci_cp_le_accept_cis cp;
1552
	struct hci_dev *hdev = conn->hdev;
1553

1554
	BT_DBG("conn %p", conn);
1555

1556
	conn->state = BT_CONFIG;
1557

1558
	cp.handle = cpu_to_le16(conn->handle);
1559

1560
	hci_send_cmd(hdev, HCI_OP_LE_ACCEPT_CIS, sizeof(cp), &cp);
1561
}
1562

1563
static void iso_conn_big_sync(struct sock *sk)
1564
{
1565
	int err;
1566
	struct hci_dev *hdev;
1567

1568
	hdev = hci_get_route(&iso_pi(sk)->dst, &iso_pi(sk)->src,
1569
			     iso_pi(sk)->src_type);
1570

1571
	if (!hdev)
1572
		return;
1573

1574
	/* hci_le_big_create_sync requires hdev lock to be held, since
1575
	 * it enqueues the HCI LE BIG Create Sync command via
1576
	 * hci_cmd_sync_queue_once, which checks hdev flags that might
1577
	 * change.
1578
	 */
1579
	hci_dev_lock(hdev);
1580
	lock_sock(sk);
1581

1582
	if (!test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
1583
		err = hci_conn_big_create_sync(hdev, iso_pi(sk)->conn->hcon,
1584
					       &iso_pi(sk)->qos,
1585
					       iso_pi(sk)->sync_handle,
1586
					       iso_pi(sk)->bc_num_bis,
1587
					       iso_pi(sk)->bc_bis);
1588
		if (err)
1589
			bt_dev_err(hdev, "hci_big_create_sync: %d", err);
1590
	}
1591

1592
	release_sock(sk);
1593
	hci_dev_unlock(hdev);
1594
}
1595

1596
static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1597
			    size_t len, int flags)
1598
{
1599
	struct sock *sk = sock->sk;
1600
	struct iso_pinfo *pi = iso_pi(sk);
1601
	bool early_ret = false;
1602
	int err = 0;
1603

1604
	BT_DBG("sk %p", sk);
1605

1606
	if (unlikely(flags & MSG_ERRQUEUE))
1607
		return sock_recv_errqueue(sk, msg, len, SOL_BLUETOOTH,
1608
					  BT_SCM_ERROR);
1609

1610
	if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
1611
		sock_hold(sk);
1612
		lock_sock(sk);
1613

1614
		switch (sk->sk_state) {
1615
		case BT_CONNECT2:
1616
			if (test_bit(BT_SK_PA_SYNC, &pi->flags)) {
1617
				release_sock(sk);
1618
				iso_conn_big_sync(sk);
1619
				lock_sock(sk);
1620

1621
				sk->sk_state = BT_LISTEN;
1622
			} else {
1623
				iso_conn_defer_accept(pi->conn->hcon);
1624
				sk->sk_state = BT_CONFIG;
1625
			}
1626

1627
			early_ret = true;
1628
			break;
1629
		case BT_CONNECTED:
1630
			if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) {
1631
				release_sock(sk);
1632
				iso_conn_big_sync(sk);
1633
				lock_sock(sk);
1634

1635
				sk->sk_state = BT_LISTEN;
1636
				early_ret = true;
1637
			}
1638

1639
			break;
1640
		case BT_CONNECT:
1641
			release_sock(sk);
1642
			err = iso_connect_cis(sk);
1643
			lock_sock(sk);
1644

1645
			early_ret = true;
1646
			break;
1647
		default:
1648
			break;
1649
		}
1650

1651
		release_sock(sk);
1652
		sock_put(sk);
1653

1654
		if (early_ret)
1655
			return err;
1656
	}
1657

1658
	return bt_sock_recvmsg(sock, msg, len, flags);
1659
}
1660

1661
static bool check_io_qos(struct bt_iso_io_qos *qos)
1662
{
1663
	/* If no PHY is enable SDU must be 0 */
1664
	if (!qos->phy && qos->sdu)
1665
		return false;
1666

1667
	if (qos->interval && (qos->interval < 0xff || qos->interval > 0xfffff))
1668
		return false;
1669

1670
	if (qos->latency && (qos->latency < 0x05 || qos->latency > 0xfa0))
1671
		return false;
1672

1673
	if (qos->phy > BT_ISO_PHY_ANY)
1674
		return false;
1675

1676
	return true;
1677
}
1678

1679
static bool check_ucast_qos(struct bt_iso_qos *qos)
1680
{
1681
	if (qos->ucast.cig > 0xef && qos->ucast.cig != BT_ISO_QOS_CIG_UNSET)
1682
		return false;
1683

1684
	if (qos->ucast.cis > 0xef && qos->ucast.cis != BT_ISO_QOS_CIS_UNSET)
1685
		return false;
1686

1687
	if (qos->ucast.sca > 0x07)
1688
		return false;
1689

1690
	if (qos->ucast.packing > 0x01)
1691
		return false;
1692

1693
	if (qos->ucast.framing > 0x01)
1694
		return false;
1695

1696
	if (!check_io_qos(&qos->ucast.in))
1697
		return false;
1698

1699
	if (!check_io_qos(&qos->ucast.out))
1700
		return false;
1701

1702
	return true;
1703
}
1704

1705
static bool check_bcast_qos(struct bt_iso_qos *qos)
1706
{
1707
	if (!qos->bcast.sync_factor)
1708
		qos->bcast.sync_factor = 0x01;
1709

1710
	if (qos->bcast.packing > 0x01)
1711
		return false;
1712

1713
	if (qos->bcast.framing > 0x01)
1714
		return false;
1715

1716
	if (!check_io_qos(&qos->bcast.in))
1717
		return false;
1718

1719
	if (!check_io_qos(&qos->bcast.out))
1720
		return false;
1721

1722
	if (qos->bcast.encryption > 0x01)
1723
		return false;
1724

1725
	if (qos->bcast.options > 0x07)
1726
		return false;
1727

1728
	if (qos->bcast.skip > 0x01f3)
1729
		return false;
1730

1731
	if (!qos->bcast.sync_timeout)
1732
		qos->bcast.sync_timeout = BT_ISO_SYNC_TIMEOUT;
1733

1734
	if (qos->bcast.sync_timeout < 0x000a || qos->bcast.sync_timeout > 0x4000)
1735
		return false;
1736

1737
	if (qos->bcast.sync_cte_type > 0x1f)
1738
		return false;
1739

1740
	if (qos->bcast.mse > 0x1f)
1741
		return false;
1742

1743
	if (!qos->bcast.timeout)
1744
		qos->bcast.sync_timeout = BT_ISO_SYNC_TIMEOUT;
1745

1746
	if (qos->bcast.timeout < 0x000a || qos->bcast.timeout > 0x4000)
1747
		return false;
1748

1749
	return true;
1750
}
1751

1752
static int iso_sock_setsockopt(struct socket *sock, int level, int optname,
1753
			       sockptr_t optval, unsigned int optlen)
1754
{
1755
	struct sock *sk = sock->sk;
1756
	int err = 0;
1757
	struct bt_iso_qos qos = default_qos;
1758
	u32 opt;
1759

1760
	BT_DBG("sk %p", sk);
1761

1762
	lock_sock(sk);
1763

1764
	switch (optname) {
1765
	case BT_DEFER_SETUP:
1766
		if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1767
			err = -EINVAL;
1768
			break;
1769
		}
1770

1771
		err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
1772
		if (err)
1773
			break;
1774

1775
		if (opt)
1776
			set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1777
		else
1778
			clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1779
		break;
1780

1781
	case BT_PKT_STATUS:
1782
		err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
1783
		if (err)
1784
			break;
1785

1786
		if (opt)
1787
			set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1788
		else
1789
			clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1790
		break;
1791

1792
	case BT_PKT_SEQNUM:
1793
		err = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
1794
		if (err)
1795
			break;
1796

1797
		if (opt)
1798
			set_bit(BT_SK_PKT_SEQNUM, &bt_sk(sk)->flags);
1799
		else
1800
			clear_bit(BT_SK_PKT_SEQNUM, &bt_sk(sk)->flags);
1801
		break;
1802

1803
	case BT_ISO_QOS:
1804
		if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1805
		    sk->sk_state != BT_CONNECT2 &&
1806
		    (!test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags) ||
1807
		    sk->sk_state != BT_CONNECTED)) {
1808
			err = -EINVAL;
1809
			break;
1810
		}
1811

1812
		err = copy_safe_from_sockptr(&qos, sizeof(qos), optval, optlen);
1813
		if (err)
1814
			break;
1815

1816
		iso_pi(sk)->qos = qos;
1817
		iso_pi(sk)->qos_user_set = true;
1818

1819
		break;
1820

1821
	case BT_ISO_BASE:
1822
		if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1823
		    sk->sk_state != BT_CONNECT2) {
1824
			err = -EINVAL;
1825
			break;
1826
		}
1827

1828
		if (optlen > sizeof(iso_pi(sk)->base)) {
1829
			err = -EINVAL;
1830
			break;
1831
		}
1832

1833
		err = copy_safe_from_sockptr(iso_pi(sk)->base, optlen, optval,
1834
					     optlen);
1835
		if (err)
1836
			break;
1837

1838
		iso_pi(sk)->base_len = optlen;
1839

1840
		break;
1841

1842
	default:
1843
		err = -ENOPROTOOPT;
1844
		break;
1845
	}
1846

1847
	release_sock(sk);
1848
	return err;
1849
}
1850

1851
static int iso_sock_getsockopt(struct socket *sock, int level, int optname,
1852
			       char __user *optval, int __user *optlen)
1853
{
1854
	struct sock *sk = sock->sk;
1855
	int len, err = 0;
1856
	struct bt_iso_qos *qos;
1857
	u8 base_len;
1858
	u8 *base;
1859

1860
	BT_DBG("sk %p", sk);
1861

1862
	if (get_user(len, optlen))
1863
		return -EFAULT;
1864

1865
	lock_sock(sk);
1866

1867
	switch (optname) {
1868
	case BT_DEFER_SETUP:
1869
		if (sk->sk_state == BT_CONNECTED) {
1870
			err = -EINVAL;
1871
			break;
1872
		}
1873

1874
		if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
1875
			     (u32 __user *)optval))
1876
			err = -EFAULT;
1877

1878
		break;
1879

1880
	case BT_PKT_STATUS:
1881
		if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1882
			     (int __user *)optval))
1883
			err = -EFAULT;
1884
		break;
1885

1886
	case BT_ISO_QOS:
1887
		qos = iso_sock_get_qos(sk);
1888

1889
		len = min_t(unsigned int, len, sizeof(*qos));
1890
		if (copy_to_user(optval, qos, len))
1891
			err = -EFAULT;
1892

1893
		break;
1894

1895
	case BT_ISO_BASE:
1896
		if (sk->sk_state == BT_CONNECTED &&
1897
		    !bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) {
1898
			base_len = iso_pi(sk)->conn->hcon->le_per_adv_data_len;
1899
			base = iso_pi(sk)->conn->hcon->le_per_adv_data;
1900
		} else {
1901
			base_len = iso_pi(sk)->base_len;
1902
			base = iso_pi(sk)->base;
1903
		}
1904

1905
		len = min_t(unsigned int, len, base_len);
1906
		if (copy_to_user(optval, base, len))
1907
			err = -EFAULT;
1908
		if (put_user(len, optlen))
1909
			err = -EFAULT;
1910

1911
		break;
1912

1913
	default:
1914
		err = -ENOPROTOOPT;
1915
		break;
1916
	}
1917

1918
	release_sock(sk);
1919
	return err;
1920
}
1921

1922
static int iso_sock_shutdown(struct socket *sock, int how)
1923
{
1924
	struct sock *sk = sock->sk;
1925
	int err = 0;
1926

1927
	BT_DBG("sock %p, sk %p, how %d", sock, sk, how);
1928

1929
	if (!sk)
1930
		return 0;
1931

1932
	sock_hold(sk);
1933
	lock_sock(sk);
1934

1935
	switch (how) {
1936
	case SHUT_RD:
1937
		if (sk->sk_shutdown & RCV_SHUTDOWN)
1938
			goto unlock;
1939
		sk->sk_shutdown |= RCV_SHUTDOWN;
1940
		break;
1941
	case SHUT_WR:
1942
		if (sk->sk_shutdown & SEND_SHUTDOWN)
1943
			goto unlock;
1944
		sk->sk_shutdown |= SEND_SHUTDOWN;
1945
		break;
1946
	case SHUT_RDWR:
1947
		if (sk->sk_shutdown & SHUTDOWN_MASK)
1948
			goto unlock;
1949
		sk->sk_shutdown |= SHUTDOWN_MASK;
1950
		break;
1951
	}
1952

1953
	iso_sock_clear_timer(sk);
1954
	__iso_sock_close(sk);
1955

1956
	if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
1957
	    !(current->flags & PF_EXITING))
1958
		err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1959

1960
unlock:
1961
	release_sock(sk);
1962
	sock_put(sk);
1963

1964
	return err;
1965
}
1966

1967
static int iso_sock_release(struct socket *sock)
1968
{
1969
	struct sock *sk = sock->sk;
1970
	int err = 0;
1971

1972
	BT_DBG("sock %p, sk %p", sock, sk);
1973

1974
	if (!sk)
1975
		return 0;
1976

1977
	iso_sock_close(sk);
1978

1979
	if (sock_flag(sk, SOCK_LINGER) && READ_ONCE(sk->sk_lingertime) &&
1980
	    !(current->flags & PF_EXITING)) {
1981
		lock_sock(sk);
1982
		err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
1983
		release_sock(sk);
1984
	}
1985

1986
	sock_orphan(sk);
1987
	iso_sock_kill(sk);
1988
	return err;
1989
}
1990

1991
static void iso_sock_ready(struct sock *sk)
1992
{
1993
	BT_DBG("sk %p", sk);
1994

1995
	if (!sk)
1996
		return;
1997

1998
	lock_sock(sk);
1999
	iso_sock_clear_timer(sk);
2000
	sk->sk_state = BT_CONNECTED;
2001
	sk->sk_state_change(sk);
2002
	release_sock(sk);
2003
}
2004

2005
static bool iso_match_big(struct sock *sk, void *data)
2006
{
2007
	struct hci_evt_le_big_sync_established *ev = data;
2008

2009
	return ev->handle == iso_pi(sk)->qos.bcast.big;
2010
}
2011

2012
static bool iso_match_big_hcon(struct sock *sk, void *data)
2013
{
2014
	struct hci_conn *hcon = data;
2015

2016
	return hcon->iso_qos.bcast.big == iso_pi(sk)->qos.bcast.big;
2017
}
2018

2019
static bool iso_match_pa_sync_flag(struct sock *sk, void *data)
2020
{
2021
	return test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags);
2022
}
2023

2024
static bool iso_match_dst(struct sock *sk, void *data)
2025
{
2026
	return !bacmp(&iso_pi(sk)->dst, (bdaddr_t *)data);
2027
}
2028

2029
static void iso_conn_ready(struct iso_conn *conn)
2030
{
2031
	struct sock *parent = NULL;
2032
	struct sock *sk = conn->sk;
2033
	struct hci_ev_le_big_sync_established *ev = NULL;
2034
	struct hci_ev_le_pa_sync_established *ev2 = NULL;
2035
	struct hci_ev_le_per_adv_report *ev3 = NULL;
2036
	struct hci_conn *hcon;
2037
	struct hci_dev *hdev;
2038

2039
	BT_DBG("conn %p", conn);
2040

2041
	if (sk) {
2042
		/* Attempt to update source address in case of BIS Sender if
2043
		 * the advertisement is using a random address.
2044
		 */
2045
		if (conn->hcon->type == BIS_LINK &&
2046
		    conn->hcon->role == HCI_ROLE_MASTER &&
2047
		    !bacmp(&conn->hcon->dst, BDADDR_ANY)) {
2048
			struct hci_conn *bis = conn->hcon;
2049
			struct adv_info *adv;
2050

2051
			adv = hci_find_adv_instance(bis->hdev,
2052
						    bis->iso_qos.bcast.bis);
2053
			if (adv && bacmp(&adv->random_addr, BDADDR_ANY)) {
2054
				lock_sock(sk);
2055
				iso_pi(sk)->src_type = BDADDR_LE_RANDOM;
2056
				bacpy(&iso_pi(sk)->src, &adv->random_addr);
2057
				release_sock(sk);
2058
			}
2059
		}
2060

2061
		iso_sock_ready(conn->sk);
2062
	} else {
2063
		hcon = conn->hcon;
2064
		if (!hcon)
2065
			return;
2066

2067
		hdev = hcon->hdev;
2068

2069
		if (test_bit(HCI_CONN_BIG_SYNC, &hcon->flags)) {
2070
			/* A BIS slave hcon is notified to the ISO layer
2071
			 * after the Command Complete for the LE Setup
2072
			 * ISO Data Path command is received. Get the
2073
			 * parent socket that matches the hcon BIG handle.
2074
			 */
2075
			parent = iso_get_sock(hdev, &hcon->src, &hcon->dst,
2076
					      BT_LISTEN, iso_match_big_hcon,
2077
					      hcon);
2078
		} else if (test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags)) {
2079
			ev = hci_recv_event_data(hcon->hdev,
2080
						 HCI_EVT_LE_BIG_SYNC_ESTABLISHED);
2081

2082
			/* Get reference to PA sync parent socket, if it exists */
2083
			parent = iso_get_sock(hdev, &hcon->src, &hcon->dst,
2084
					      BT_LISTEN,
2085
					      iso_match_pa_sync_flag,
2086
					      NULL);
2087
			if (!parent && ev)
2088
				parent = iso_get_sock(hdev, &hcon->src,
2089
						      &hcon->dst,
2090
						      BT_LISTEN,
2091
						      iso_match_big, ev);
2092
		} else if (test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) {
2093
			ev2 = hci_recv_event_data(hcon->hdev,
2094
						  HCI_EV_LE_PA_SYNC_ESTABLISHED);
2095
			if (ev2)
2096
				parent = iso_get_sock(hdev, &hcon->src,
2097
						      &hcon->dst,
2098
						      BT_LISTEN,
2099
						      iso_match_sid, ev2);
2100
		} else if (test_bit(HCI_CONN_PA_SYNC, &hcon->flags)) {
2101
			ev3 = hci_recv_event_data(hcon->hdev,
2102
						  HCI_EV_LE_PER_ADV_REPORT);
2103
			if (ev3)
2104
				parent = iso_get_sock(hdev, &hcon->src,
2105
						      &hcon->dst,
2106
						      BT_LISTEN,
2107
						      iso_match_sync_handle_pa_report,
2108
						      ev3);
2109
		}
2110

2111
		if (!parent)
2112
			parent = iso_get_sock(hdev, &hcon->src, BDADDR_ANY,
2113
					      BT_LISTEN, iso_match_dst, BDADDR_ANY);
2114

2115
		if (!parent)
2116
			return;
2117

2118
		lock_sock(parent);
2119

2120
		sk = iso_sock_alloc(sock_net(parent), NULL,
2121
				    BTPROTO_ISO, GFP_ATOMIC, 0);
2122
		if (!sk) {
2123
			release_sock(parent);
2124
			return;
2125
		}
2126

2127
		iso_sock_init(sk, parent);
2128

2129
		bacpy(&iso_pi(sk)->src, &hcon->src);
2130

2131
		/* Convert from HCI to three-value type */
2132
		if (hcon->src_type == ADDR_LE_DEV_PUBLIC)
2133
			iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
2134
		else
2135
			iso_pi(sk)->src_type = BDADDR_LE_RANDOM;
2136

2137
		/* If hcon has no destination address (BDADDR_ANY) it means it
2138
		 * was created by HCI_EV_LE_BIG_SYNC_ESTABILISHED or
2139
		 * HCI_EV_LE_PA_SYNC_ESTABLISHED so we need to initialize using
2140
		 * the parent socket destination address.
2141
		 */
2142
		if (!bacmp(&hcon->dst, BDADDR_ANY)) {
2143
			bacpy(&hcon->dst, &iso_pi(parent)->dst);
2144
			hcon->dst_type = le_addr_type(iso_pi(parent)->dst_type);
2145
		}
2146

2147
		if (test_bit(HCI_CONN_PA_SYNC, &hcon->flags)) {
2148
			iso_pi(sk)->qos = iso_pi(parent)->qos;
2149
			hcon->iso_qos = iso_pi(sk)->qos;
2150
			iso_pi(sk)->bc_sid = iso_pi(parent)->bc_sid;
2151
			iso_pi(sk)->bc_num_bis = iso_pi(parent)->bc_num_bis;
2152
			memcpy(iso_pi(sk)->bc_bis, iso_pi(parent)->bc_bis,
2153
			       ISO_MAX_NUM_BIS);
2154
			set_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags);
2155
		}
2156

2157
		bacpy(&iso_pi(sk)->dst, &hcon->dst);
2158

2159
		/* Convert from HCI to three-value type */
2160
		if (hcon->dst_type == ADDR_LE_DEV_PUBLIC)
2161
			iso_pi(sk)->dst_type = BDADDR_LE_PUBLIC;
2162
		else
2163
			iso_pi(sk)->dst_type = BDADDR_LE_RANDOM;
2164

2165
		iso_pi(sk)->sync_handle = iso_pi(parent)->sync_handle;
2166
		memcpy(iso_pi(sk)->base, iso_pi(parent)->base, iso_pi(parent)->base_len);
2167
		iso_pi(sk)->base_len = iso_pi(parent)->base_len;
2168

2169
		hci_conn_hold(hcon);
2170
		iso_chan_add(conn, sk, parent);
2171

2172
		if ((ev && ((struct hci_evt_le_big_sync_established *)ev)->status) ||
2173
		    (ev2 && ev2->status)) {
2174
			/* Trigger error signal on child socket */
2175
			sk->sk_err = ECONNREFUSED;
2176
			sk->sk_error_report(sk);
2177
		}
2178

2179
		if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
2180
			sk->sk_state = BT_CONNECT2;
2181
		else
2182
			sk->sk_state = BT_CONNECTED;
2183

2184
		/* Wake up parent */
2185
		parent->sk_data_ready(parent);
2186

2187
		release_sock(parent);
2188
		sock_put(parent);
2189
	}
2190
}
2191

2192
static bool iso_match_sid(struct sock *sk, void *data)
2193
{
2194
	struct hci_ev_le_pa_sync_established *ev = data;
2195

2196
	if (iso_pi(sk)->bc_sid == HCI_SID_INVALID)
2197
		return true;
2198

2199
	return ev->sid == iso_pi(sk)->bc_sid;
2200
}
2201

2202
static bool iso_match_sid_past(struct sock *sk, void *data)
2203
{
2204
	struct hci_ev_le_past_received *ev = data;
2205

2206
	if (iso_pi(sk)->bc_sid == HCI_SID_INVALID)
2207
		return true;
2208

2209
	return ev->sid == iso_pi(sk)->bc_sid;
2210
}
2211

2212
static bool iso_match_sync_handle(struct sock *sk, void *data)
2213
{
2214
	struct hci_evt_le_big_info_adv_report *ev = data;
2215

2216
	return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
2217
}
2218

2219
static bool iso_match_sync_handle_pa_report(struct sock *sk, void *data)
2220
{
2221
	struct hci_ev_le_per_adv_report *ev = data;
2222

2223
	return le16_to_cpu(ev->sync_handle) == iso_pi(sk)->sync_handle;
2224
}
2225

2226
/* ----- ISO interface with lower layer (HCI) ----- */
2227

2228
int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
2229
{
2230
	struct hci_ev_le_pa_sync_established *ev1;
2231
	struct hci_ev_le_past_received *ev1a;
2232
	struct hci_evt_le_big_info_adv_report *ev2;
2233
	struct hci_ev_le_per_adv_report *ev3;
2234
	struct sock *sk;
2235

2236
	bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
2237

2238
	/* Broadcast receiver requires handling of some events before it can
2239
	 * proceed to establishing a BIG sync:
2240
	 *
2241
	 * 1. HCI_EV_LE_PA_SYNC_ESTABLISHED: The socket may specify a specific
2242
	 * SID to listen to and once sync is established its handle needs to
2243
	 * be stored in iso_pi(sk)->sync_handle so it can be matched once
2244
	 * receiving the BIG Info.
2245
	 * 1a. HCI_EV_LE_PAST_RECEIVED: alternative to 1.
2246
	 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a
2247
	 * a BIG Info it attempts to check if there any listening socket with
2248
	 * the same sync_handle and if it does then attempt to create a sync.
2249
	 * 3. HCI_EV_LE_PER_ADV_REPORT: When a PA report is received, it is stored
2250
	 * in iso_pi(sk)->base so it can be passed up to user, in the case of a
2251
	 * broadcast sink.
2252
	 */
2253
	ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED);
2254
	if (ev1) {
2255
		sk = iso_get_sock(hdev, &hdev->bdaddr, bdaddr, BT_LISTEN,
2256
				  iso_match_sid, ev1);
2257
		if (sk && !ev1->status) {
2258
			iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle);
2259
			iso_pi(sk)->bc_sid = ev1->sid;
2260
		}
2261

2262
		goto done;
2263
	}
2264

2265
	ev1a = hci_recv_event_data(hdev, HCI_EV_LE_PAST_RECEIVED);
2266
	if (ev1a) {
2267
		sk = iso_get_sock(hdev, &hdev->bdaddr, bdaddr, BT_LISTEN,
2268
				  iso_match_sid_past, ev1a);
2269
		if (sk && !ev1a->status) {
2270
			iso_pi(sk)->sync_handle = le16_to_cpu(ev1a->sync_handle);
2271
			iso_pi(sk)->bc_sid = ev1a->sid;
2272
		}
2273

2274
		goto done;
2275
	}
2276

2277
	ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT);
2278
	if (ev2) {
2279
		/* Check if BIGInfo report has already been handled */
2280
		sk = iso_get_sock(hdev, &hdev->bdaddr, bdaddr, BT_CONNECTED,
2281
				  iso_match_sync_handle, ev2);
2282
		if (sk) {
2283
			sock_put(sk);
2284
			sk = NULL;
2285
			goto done;
2286
		}
2287

2288
		/* Try to get PA sync socket, if it exists */
2289
		sk = iso_get_sock(hdev, &hdev->bdaddr, bdaddr, BT_CONNECT2,
2290
				  iso_match_sync_handle, ev2);
2291
		if (!sk)
2292
			sk = iso_get_sock(hdev, &hdev->bdaddr, bdaddr,
2293
					  BT_LISTEN,
2294
					  iso_match_sync_handle,
2295
					  ev2);
2296

2297
		if (sk) {
2298
			int err;
2299
			struct hci_conn	*hcon = iso_pi(sk)->conn->hcon;
2300

2301
			iso_pi(sk)->qos.bcast.encryption = ev2->encryption;
2302

2303
			if (ev2->num_bis < iso_pi(sk)->bc_num_bis)
2304
				iso_pi(sk)->bc_num_bis = ev2->num_bis;
2305

2306
			if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) &&
2307
			    !test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
2308
				err = hci_conn_big_create_sync(hdev, hcon,
2309
							       &iso_pi(sk)->qos,
2310
							       iso_pi(sk)->sync_handle,
2311
							       iso_pi(sk)->bc_num_bis,
2312
							       iso_pi(sk)->bc_bis);
2313
				if (err) {
2314
					bt_dev_err(hdev, "hci_le_big_create_sync: %d",
2315
						   err);
2316
					sock_put(sk);
2317
					sk = NULL;
2318
				}
2319
			}
2320
		}
2321

2322
		goto done;
2323
	}
2324

2325
	ev3 = hci_recv_event_data(hdev, HCI_EV_LE_PER_ADV_REPORT);
2326
	if (ev3) {
2327
		size_t base_len = 0;
2328
		u8 *base;
2329
		struct hci_conn *hcon;
2330

2331
		sk = iso_get_sock(hdev, &hdev->bdaddr, bdaddr, BT_LISTEN,
2332
				  iso_match_sync_handle_pa_report, ev3);
2333
		if (!sk)
2334
			goto done;
2335

2336
		hcon = iso_pi(sk)->conn->hcon;
2337
		if (!hcon)
2338
			goto done;
2339

2340
		if (ev3->data_status == LE_PA_DATA_TRUNCATED) {
2341
			/* The controller was unable to retrieve PA data. */
2342
			memset(hcon->le_per_adv_data, 0,
2343
			       HCI_MAX_PER_AD_TOT_LEN);
2344
			hcon->le_per_adv_data_len = 0;
2345
			hcon->le_per_adv_data_offset = 0;
2346
			goto done;
2347
		}
2348

2349
		if (hcon->le_per_adv_data_offset + ev3->length >
2350
		    HCI_MAX_PER_AD_TOT_LEN)
2351
			goto done;
2352

2353
		memcpy(hcon->le_per_adv_data + hcon->le_per_adv_data_offset,
2354
		       ev3->data, ev3->length);
2355
		hcon->le_per_adv_data_offset += ev3->length;
2356

2357
		if (ev3->data_status == LE_PA_DATA_COMPLETE) {
2358
			/* All PA data has been received. */
2359
			hcon->le_per_adv_data_len =
2360
				hcon->le_per_adv_data_offset;
2361
			hcon->le_per_adv_data_offset = 0;
2362

2363
			/* Extract BASE */
2364
			base = eir_get_service_data(hcon->le_per_adv_data,
2365
						    hcon->le_per_adv_data_len,
2366
						    EIR_BAA_SERVICE_UUID,
2367
						    &base_len);
2368

2369
			if (!base || base_len > BASE_MAX_LENGTH)
2370
				goto done;
2371

2372
			memcpy(iso_pi(sk)->base, base, base_len);
2373
			iso_pi(sk)->base_len = base_len;
2374
		} else {
2375
			/* This is a PA data fragment. Keep pa_data_len set to 0
2376
			 * until all data has been reassembled.
2377
			 */
2378
			hcon->le_per_adv_data_len = 0;
2379
		}
2380
	} else {
2381
		sk = iso_get_sock(hdev, &hdev->bdaddr, BDADDR_ANY,
2382
				  BT_LISTEN, iso_match_dst, BDADDR_ANY);
2383
	}
2384

2385
done:
2386
	if (!sk)
2387
		return 0;
2388

2389
	if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
2390
		*flags |= HCI_PROTO_DEFER;
2391

2392
	sock_put(sk);
2393

2394
	return HCI_LM_ACCEPT;
2395
}
2396

2397
static void iso_connect_cfm(struct hci_conn *hcon, __u8 status)
2398
{
2399
	if (hcon->type != CIS_LINK && hcon->type != BIS_LINK &&
2400
	    hcon->type != PA_LINK) {
2401
		if (hcon->type != LE_LINK)
2402
			return;
2403

2404
		/* Check if LE link has failed */
2405
		if (status) {
2406
			struct hci_link *link, *t;
2407

2408
			list_for_each_entry_safe(link, t, &hcon->link_list,
2409
						 list)
2410
				iso_conn_del(link->conn, bt_to_errno(status));
2411

2412
			return;
2413
		}
2414

2415
		/* Create CIS if pending */
2416
		hci_le_create_cis_pending(hcon->hdev);
2417
		return;
2418
	}
2419

2420
	BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
2421

2422
	/* Similar to the success case, if HCI_CONN_BIG_SYNC_FAILED or
2423
	 * HCI_CONN_PA_SYNC_FAILED is set, queue the failed connection
2424
	 * into the accept queue of the listening socket and wake up
2425
	 * userspace, to inform the user about the event.
2426
	 */
2427
	if (!status || test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags) ||
2428
	    test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) {
2429
		struct iso_conn *conn;
2430

2431
		conn = iso_conn_add(hcon);
2432
		if (conn)
2433
			iso_conn_ready(conn);
2434
	} else {
2435
		iso_conn_del(hcon, bt_to_errno(status));
2436
	}
2437
}
2438

2439
static void iso_disconn_cfm(struct hci_conn *hcon, __u8 reason)
2440
{
2441
	if (hcon->type != CIS_LINK && hcon->type !=  BIS_LINK &&
2442
	    hcon->type != PA_LINK)
2443
		return;
2444

2445
	BT_DBG("hcon %p reason %d", hcon, reason);
2446

2447
	iso_conn_del(hcon, bt_to_errno(reason));
2448
}
2449

2450
int iso_recv(struct hci_dev *hdev, u16 handle, struct sk_buff *skb, u16 flags)
2451
{
2452
	struct hci_conn *hcon;
2453
	struct iso_conn *conn;
2454
	struct skb_shared_hwtstamps *hwts;
2455
	__u16 pb, ts, len, sn;
2456

2457
	hci_dev_lock(hdev);
2458

2459
	hcon = hci_conn_hash_lookup_handle(hdev, handle);
2460
	if (!hcon) {
2461
		hci_dev_unlock(hdev);
2462
		kfree_skb(skb);
2463
		return -ENOENT;
2464
	}
2465

2466
	conn = iso_conn_hold_unless_zero(hcon->iso_data);
2467
	hcon = NULL;
2468

2469
	hci_dev_unlock(hdev);
2470

2471
	if (!conn) {
2472
		kfree_skb(skb);
2473
		return -EINVAL;
2474
	}
2475

2476
	pb     = hci_iso_flags_pb(flags);
2477
	ts     = hci_iso_flags_ts(flags);
2478

2479
	BT_DBG("conn %p len %d pb 0x%x ts 0x%x", conn, skb->len, pb, ts);
2480

2481
	switch (pb) {
2482
	case ISO_START:
2483
	case ISO_SINGLE:
2484
		if (conn->rx_len) {
2485
			BT_ERR("Unexpected start frame (len %d)", skb->len);
2486
			kfree_skb(conn->rx_skb);
2487
			conn->rx_skb = NULL;
2488
			conn->rx_len = 0;
2489
		}
2490

2491
		if (ts) {
2492
			struct hci_iso_ts_data_hdr *hdr;
2493

2494
			hdr = skb_pull_data(skb, HCI_ISO_TS_DATA_HDR_SIZE);
2495
			if (!hdr) {
2496
				BT_ERR("Frame is too short (len %d)", skb->len);
2497
				goto drop;
2498
			}
2499

2500
			/*  Record the timestamp to skb */
2501
			hwts = skb_hwtstamps(skb);
2502
			hwts->hwtstamp = us_to_ktime(le32_to_cpu(hdr->ts));
2503

2504
			sn = __le16_to_cpu(hdr->sn);
2505
			len = __le16_to_cpu(hdr->slen);
2506
		} else {
2507
			struct hci_iso_data_hdr *hdr;
2508

2509
			hdr = skb_pull_data(skb, HCI_ISO_DATA_HDR_SIZE);
2510
			if (!hdr) {
2511
				BT_ERR("Frame is too short (len %d)", skb->len);
2512
				goto drop;
2513
			}
2514

2515
			sn = __le16_to_cpu(hdr->sn);
2516
			len = __le16_to_cpu(hdr->slen);
2517
		}
2518

2519
		flags  = hci_iso_data_flags(len);
2520
		len    = hci_iso_data_len(len);
2521

2522
		BT_DBG("Start: total len %d, frag len %d flags 0x%4.4x sn %d",
2523
		       len, skb->len, flags, sn);
2524

2525
		if (len == skb->len) {
2526
			/* Complete frame received */
2527
			hci_skb_pkt_status(skb) = flags & 0x03;
2528
			hci_skb_pkt_seqnum(skb) = sn;
2529
			iso_recv_frame(conn, skb);
2530
			goto done;
2531
		}
2532

2533
		if (pb == ISO_SINGLE) {
2534
			BT_ERR("Frame malformed (len %d, expected len %d)",
2535
			       skb->len, len);
2536
			goto drop;
2537
		}
2538

2539
		if (skb->len > len) {
2540
			BT_ERR("Frame is too long (len %d, expected len %d)",
2541
			       skb->len, len);
2542
			goto drop;
2543
		}
2544

2545
		/* Allocate skb for the complete frame (with header) */
2546
		conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL);
2547
		if (!conn->rx_skb)
2548
			goto drop;
2549

2550
		hci_skb_pkt_status(conn->rx_skb) = flags & 0x03;
2551
		hci_skb_pkt_seqnum(conn->rx_skb) = sn;
2552
		skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2553
					  skb->len);
2554
		conn->rx_len = len - skb->len;
2555

2556
		/* Copy hw timestamp from skb to rx_skb if present */
2557
		if (ts) {
2558
			hwts = skb_hwtstamps(conn->rx_skb);
2559
			hwts->hwtstamp = skb_hwtstamps(skb)->hwtstamp;
2560
		}
2561

2562
		break;
2563

2564
	case ISO_CONT:
2565
		BT_DBG("Cont: frag len %d (expecting %d)", skb->len,
2566
		       conn->rx_len);
2567

2568
		if (!conn->rx_len) {
2569
			BT_ERR("Unexpected continuation frame (len %d)",
2570
			       skb->len);
2571
			goto drop;
2572
		}
2573

2574
		if (skb->len > conn->rx_len) {
2575
			BT_ERR("Fragment is too long (len %d, expected %d)",
2576
			       skb->len, conn->rx_len);
2577
			kfree_skb(conn->rx_skb);
2578
			conn->rx_skb = NULL;
2579
			conn->rx_len = 0;
2580
			goto drop;
2581
		}
2582

2583
		skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2584
					  skb->len);
2585
		conn->rx_len -= skb->len;
2586
		break;
2587

2588
	case ISO_END:
2589
		skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
2590
					  skb->len);
2591
		conn->rx_len -= skb->len;
2592

2593
		if (!conn->rx_len) {
2594
			struct sk_buff *rx_skb = conn->rx_skb;
2595

2596
			/* Complete frame received. iso_recv_frame
2597
			 * takes ownership of the skb so set the global
2598
			 * rx_skb pointer to NULL first.
2599
			 */
2600
			conn->rx_skb = NULL;
2601
			iso_recv_frame(conn, rx_skb);
2602
		}
2603
		break;
2604
	}
2605

2606
drop:
2607
	kfree_skb(skb);
2608
done:
2609
	iso_conn_put(conn);
2610
	return 0;
2611
}
2612

2613
static struct hci_cb iso_cb = {
2614
	.name		= "ISO",
2615
	.connect_cfm	= iso_connect_cfm,
2616
	.disconn_cfm	= iso_disconn_cfm,
2617
};
2618

2619
static int iso_debugfs_show(struct seq_file *f, void *p)
2620
{
2621
	struct sock *sk;
2622

2623
	read_lock(&iso_sk_list.lock);
2624

2625
	sk_for_each(sk, &iso_sk_list.head) {
2626
		seq_printf(f, "%pMR %pMR %d\n", &iso_pi(sk)->src,
2627
			   &iso_pi(sk)->dst, sk->sk_state);
2628
	}
2629

2630
	read_unlock(&iso_sk_list.lock);
2631

2632
	return 0;
2633
}
2634

2635
DEFINE_SHOW_ATTRIBUTE(iso_debugfs);
2636

2637
static struct dentry *iso_debugfs;
2638

2639
static const struct proto_ops iso_sock_ops = {
2640
	.family		= PF_BLUETOOTH,
2641
	.owner		= THIS_MODULE,
2642
	.release	= iso_sock_release,
2643
	.bind		= iso_sock_bind,
2644
	.connect	= iso_sock_connect,
2645
	.listen		= iso_sock_listen,
2646
	.accept		= iso_sock_accept,
2647
	.getname	= iso_sock_getname,
2648
	.sendmsg	= iso_sock_sendmsg,
2649
	.recvmsg	= iso_sock_recvmsg,
2650
	.poll		= bt_sock_poll,
2651
	.ioctl		= bt_sock_ioctl,
2652
	.mmap		= sock_no_mmap,
2653
	.socketpair	= sock_no_socketpair,
2654
	.shutdown	= iso_sock_shutdown,
2655
	.setsockopt	= iso_sock_setsockopt,
2656
	.getsockopt	= iso_sock_getsockopt
2657
};
2658

2659
static const struct net_proto_family iso_sock_family_ops = {
2660
	.family	= PF_BLUETOOTH,
2661
	.owner	= THIS_MODULE,
2662
	.create	= iso_sock_create,
2663
};
2664

2665
static bool inited;
2666

2667
bool iso_inited(void)
2668
{
2669
	return inited;
2670
}
2671

2672
int iso_init(void)
2673
{
2674
	int err;
2675

2676
	BUILD_BUG_ON(sizeof(struct sockaddr_iso) > sizeof(struct sockaddr));
2677

2678
	if (inited)
2679
		return -EALREADY;
2680

2681
	err = proto_register(&iso_proto, 0);
2682
	if (err < 0)
2683
		return err;
2684

2685
	err = bt_sock_register(BTPROTO_ISO, &iso_sock_family_ops);
2686
	if (err < 0) {
2687
		BT_ERR("ISO socket registration failed");
2688
		goto error;
2689
	}
2690

2691
	err = bt_procfs_init(&init_net, "iso", &iso_sk_list, NULL);
2692
	if (err < 0) {
2693
		BT_ERR("Failed to create ISO proc file");
2694
		bt_sock_unregister(BTPROTO_ISO);
2695
		goto error;
2696
	}
2697

2698
	BT_INFO("ISO socket layer initialized");
2699

2700
	hci_register_cb(&iso_cb);
2701

2702
	if (!IS_ERR_OR_NULL(bt_debugfs))
2703
		iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs,
2704
						  NULL, &iso_debugfs_fops);
2705

2706
	inited = true;
2707

2708
	return 0;
2709

2710
error:
2711
	proto_unregister(&iso_proto);
2712
	return err;
2713
}
2714

2715
int iso_exit(void)
2716
{
2717
	if (!inited)
2718
		return -EALREADY;
2719

2720
	bt_procfs_cleanup(&init_net, "iso");
2721

2722
	debugfs_remove(iso_debugfs);
2723
	iso_debugfs = NULL;
2724

2725
	hci_unregister_cb(&iso_cb);
2726

2727
	bt_sock_unregister(BTPROTO_ISO);
2728

2729
	proto_unregister(&iso_proto);
2730

2731
	inited = false;
2732

2733
	return 0;
2734
}
2735

2736
Product

Resources

Company
