* [PATCH v2 0/2] Bluetooth: Fix skb handling in net/bluetooth/mgmt.c
@ 2022-02-01 20:03 Radoslaw Biernacki
2022-02-01 20:03 ` [PATCH v2 1/2] Bluetooth: Fix skb allocation in mgmt_remote_name() & mgmt_device_connected() Radoslaw Biernacki
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Radoslaw Biernacki @ 2022-02-01 20:03 UTC (permalink / raw)
To: linux-bluetooth, Luiz Augusto von Dentz, Marcel Holtmann
Cc: CrosBT Upstreaming, Archie Pusaka, Miao-chen Chou,
Jakub Kicinski, Johan Hedberg, linux-kernel, netdev, upstream,
Radoslaw Biernacki, Angela Czubak, Marek Maslanka,
Radoslaw Biernacki
Here is second version of the fix for skb handling in net/bluetooth/mgmt.c
First patch is fixing the skb allocation which theoretically might push skb
tail beyond its end.
Second patch simplifies operations on eir while using skb.
Patches adds two helper functions to eir.h to align to the goal of
eliminating the necessity of intermediary buffers, which can be achieved
with additional changes done in this spirit.
v1->v2:
- fix mgmt_device_connected()
- add eir_skb_put_data() - function for skb handing with eir
Radoslaw Biernacki (2):
Bluetooth: Fix skb allocation in mgmt_remote_name() &
mgmt_device_connected()
Bluetooth: Improve skb handling in mgmt_device_connected()
net/bluetooth/eir.h | 20 ++++++++++++++++++++
net/bluetooth/mgmt.c | 43 ++++++++++++++++---------------------------
2 files changed, 36 insertions(+), 27 deletions(-)
--
2.35.0.rc2.247.g8bbb082509-goog
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v2 1/2] Bluetooth: Fix skb allocation in mgmt_remote_name() & mgmt_device_connected()
2022-02-01 20:03 [PATCH v2 0/2] Bluetooth: Fix skb handling in net/bluetooth/mgmt.c Radoslaw Biernacki
@ 2022-02-01 20:03 ` Radoslaw Biernacki
2022-02-01 20:03 ` [PATCH v2 2/2] Bluetooth: Improve skb handling in mgmt_device_connected() Radoslaw Biernacki
2022-02-01 20:12 ` [PATCH v2 0/2] Bluetooth: Fix skb handling in net/bluetooth/mgmt.c Radosław Biernacki
2 siblings, 0 replies; 4+ messages in thread
From: Radoslaw Biernacki @ 2022-02-01 20:03 UTC (permalink / raw)
To: linux-bluetooth, Luiz Augusto von Dentz, Marcel Holtmann
Cc: CrosBT Upstreaming, Archie Pusaka, Miao-chen Chou,
Jakub Kicinski, Johan Hedberg, linux-kernel, netdev, upstream,
Radoslaw Biernacki, Angela Czubak, Marek Maslanka
From: Radoslaw Biernacki <rad@semihalf.com>
This patch fixes skb allocation, as lack of space for ev might push skb
tail beyond its end.
Also introduce eir_precalc_len() that can be used instead of magic
numbers for similar eir operations on skb.
Fixes: cf1bce1de7eeb ("Bluetooth: mgmt: Make use of mgmt_send_event_skb in MGMT_EV_DEVICE_FOUND")
Fixes: e96741437ef0a ("Bluetooth: mgmt: Make use of mgmt_send_event_skb in MGMT_EV_DEVICE_CONNECTED")
Signed-off-by: Angela Czubak <acz@semihalf.com>
Signed-off-by: Marek Maslanka <mm@semihalf.com>
Signed-off-by: Radoslaw Biernacki <rad@semihalf.com>
---
net/bluetooth/eir.h | 5 +++++
net/bluetooth/mgmt.c | 18 ++++++++----------
2 files changed, 13 insertions(+), 10 deletions(-)
diff --git a/net/bluetooth/eir.h b/net/bluetooth/eir.h
index 05e2e917fc25..e5876751f07e 100644
--- a/net/bluetooth/eir.h
+++ b/net/bluetooth/eir.h
@@ -15,6 +15,11 @@ u8 eir_create_scan_rsp(struct hci_dev *hdev, u8 instance, u8 *ptr);
u8 eir_append_local_name(struct hci_dev *hdev, u8 *eir, u8 ad_len);
u8 eir_append_appearance(struct hci_dev *hdev, u8 *ptr, u8 ad_len);
+static inline u16 eir_precalc_len(u8 data_len)
+{
+ return sizeof(u8) * 2 + data_len;
+}
+
static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type,
u8 *data, u8 data_len)
{
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 5dd684e0b259..43ca228104ce 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -9061,12 +9061,14 @@ void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
u16 eir_len = 0;
u32 flags = 0;
+ /* allocate buff for LE or BR/EDR adv */
if (conn->le_adv_data_len > 0)
skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED,
- conn->le_adv_data_len);
+ sizeof(*ev) + conn->le_adv_data_len);
else
skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED,
- 2 + name_len + 5);
+ sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0) +
+ eir_precalc_len(sizeof(conn->dev_class)));
ev = skb_put(skb, sizeof(*ev));
bacpy(&ev->addr.bdaddr, &conn->dst);
@@ -9785,13 +9787,11 @@ void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
{
struct sk_buff *skb;
struct mgmt_ev_device_found *ev;
- u16 eir_len;
- u32 flags;
+ u16 eir_len = 0;
+ u32 flags = 0;
- if (name_len)
- skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND, 2 + name_len);
- else
- skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND, 0);
+ skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND,
+ sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0));
ev = skb_put(skb, sizeof(*ev));
bacpy(&ev->addr.bdaddr, bdaddr);
@@ -9801,10 +9801,8 @@ void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
if (name) {
eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
name_len);
- flags = 0;
skb_put(skb, eir_len);
} else {
- eir_len = 0;
flags = MGMT_DEV_FOUND_NAME_REQUEST_FAILED;
}
--
2.35.0.rc2.247.g8bbb082509-goog
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v2 2/2] Bluetooth: Improve skb handling in mgmt_device_connected()
2022-02-01 20:03 [PATCH v2 0/2] Bluetooth: Fix skb handling in net/bluetooth/mgmt.c Radoslaw Biernacki
2022-02-01 20:03 ` [PATCH v2 1/2] Bluetooth: Fix skb allocation in mgmt_remote_name() & mgmt_device_connected() Radoslaw Biernacki
@ 2022-02-01 20:03 ` Radoslaw Biernacki
2022-02-01 20:12 ` [PATCH v2 0/2] Bluetooth: Fix skb handling in net/bluetooth/mgmt.c Radosław Biernacki
2 siblings, 0 replies; 4+ messages in thread
From: Radoslaw Biernacki @ 2022-02-01 20:03 UTC (permalink / raw)
To: linux-bluetooth, Luiz Augusto von Dentz, Marcel Holtmann
Cc: CrosBT Upstreaming, Archie Pusaka, Miao-chen Chou,
Jakub Kicinski, Johan Hedberg, linux-kernel, netdev, upstream,
Radoslaw Biernacki, Angela Czubak, Marek Maslanka,
Radoslaw Biernacki
This patch introduce eir_skb_put_data() that can be used to simplify
operations on eir in goal of eliminating the necessity of intermediary
buffers.
eir_skb_put_data() is in pair to what eir_append_data() does with help of
eir_len, but without awkwardness when passing return value to skb_put() (as
it returns updated offset not size).
Signed-off-by: Radoslaw Biernacki <rad@semihalf.com>
---
net/bluetooth/eir.h | 15 +++++++++++++++
net/bluetooth/mgmt.c | 25 ++++++++-----------------
2 files changed, 23 insertions(+), 17 deletions(-)
diff --git a/net/bluetooth/eir.h b/net/bluetooth/eir.h
index e5876751f07e..43f1945bffc5 100644
--- a/net/bluetooth/eir.h
+++ b/net/bluetooth/eir.h
@@ -41,6 +41,21 @@ static inline u16 eir_append_le16(u8 *eir, u16 eir_len, u8 type, u16 data)
return eir_len;
}
+static inline u16 eir_skb_put_data(struct sk_buff *skb, u8 type, u8 *data, u8 data_len)
+{
+ u8 *eir;
+ u16 eir_len;
+
+ eir_len = eir_precalc_len(data_len);
+ eir = skb_put(skb, eir_len);
+ WARN_ON(sizeof(type) + data_len > U8_MAX);
+ eir[0] = sizeof(type) + data_len;
+ eir[1] = type;
+ memcpy(&eir[2], data, data_len);
+
+ return eir_len;
+}
+
static inline void *eir_get_data(u8 *eir, size_t eir_len, u8 type,
size_t *data_len)
{
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 43ca228104ce..4a24159f7dd6 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -9087,18 +9087,12 @@ void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
skb_put_data(skb, conn->le_adv_data, conn->le_adv_data_len);
eir_len = conn->le_adv_data_len;
} else {
- if (name_len > 0) {
- eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
- name, name_len);
- skb_put(skb, eir_len);
- }
+ if (name)
+ eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len);
- if (memcmp(conn->dev_class, "\0\0\0", 3) != 0) {
- eir_len = eir_append_data(ev->eir, eir_len,
- EIR_CLASS_OF_DEV,
- conn->dev_class, 3);
- skb_put(skb, 5);
- }
+ if (memcmp(conn->dev_class, "\0\0\0", sizeof(conn->dev_class)))
+ eir_len += eir_skb_put_data(skb, EIR_CLASS_OF_DEV,
+ conn->dev_class, sizeof(conn->dev_class));
}
ev->eir_len = cpu_to_le16(eir_len);
@@ -9798,13 +9792,10 @@ void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
ev->addr.type = link_to_bdaddr(link_type, addr_type);
ev->rssi = rssi;
- if (name) {
- eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
- name_len);
- skb_put(skb, eir_len);
- } else {
+ if (name)
+ eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len);
+ else
flags = MGMT_DEV_FOUND_NAME_REQUEST_FAILED;
- }
ev->eir_len = cpu_to_le16(eir_len);
ev->flags = cpu_to_le32(flags);
--
2.35.0.rc2.247.g8bbb082509-goog
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2 0/2] Bluetooth: Fix skb handling in net/bluetooth/mgmt.c
2022-02-01 20:03 [PATCH v2 0/2] Bluetooth: Fix skb handling in net/bluetooth/mgmt.c Radoslaw Biernacki
2022-02-01 20:03 ` [PATCH v2 1/2] Bluetooth: Fix skb allocation in mgmt_remote_name() & mgmt_device_connected() Radoslaw Biernacki
2022-02-01 20:03 ` [PATCH v2 2/2] Bluetooth: Improve skb handling in mgmt_device_connected() Radoslaw Biernacki
@ 2022-02-01 20:12 ` Radosław Biernacki
2 siblings, 0 replies; 4+ messages in thread
From: Radosław Biernacki @ 2022-02-01 20:12 UTC (permalink / raw)
To: linux-bluetooth, Luiz Augusto von Dentz, Marcel Holtmann
Cc: CrosBT Upstreaming, Archie Pusaka, Miao-chen Chou,
Jakub Kicinski, Johan Hedberg, Linux Kernel Mailing List,
open list:NETWORKING [GENERAL],
upstream, Angela Czubak, Marek Maslanka, Radoslaw Biernacki
Hey, please ignore this one as I made a typo in the domain name :|
wt., 1 lut 2022 o 21:03 Radoslaw Biernacki <rad@semihalf.com> napisał(a):
>
> Here is second version of the fix for skb handling in net/bluetooth/mgmt.c
> First patch is fixing the skb allocation which theoretically might push skb
> tail beyond its end.
> Second patch simplifies operations on eir while using skb.
> Patches adds two helper functions to eir.h to align to the goal of
> eliminating the necessity of intermediary buffers, which can be achieved
> with additional changes done in this spirit.
>
> v1->v2:
> - fix mgmt_device_connected()
> - add eir_skb_put_data() - function for skb handing with eir
>
> Radoslaw Biernacki (2):
> Bluetooth: Fix skb allocation in mgmt_remote_name() &
> mgmt_device_connected()
> Bluetooth: Improve skb handling in mgmt_device_connected()
>
> net/bluetooth/eir.h | 20 ++++++++++++++++++++
> net/bluetooth/mgmt.c | 43 ++++++++++++++++---------------------------
> 2 files changed, 36 insertions(+), 27 deletions(-)
>
> --
> 2.35.0.rc2.247.g8bbb082509-goog
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-02-01 20:12 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-01 20:03 [PATCH v2 0/2] Bluetooth: Fix skb handling in net/bluetooth/mgmt.c Radoslaw Biernacki
2022-02-01 20:03 ` [PATCH v2 1/2] Bluetooth: Fix skb allocation in mgmt_remote_name() & mgmt_device_connected() Radoslaw Biernacki
2022-02-01 20:03 ` [PATCH v2 2/2] Bluetooth: Improve skb handling in mgmt_device_connected() Radoslaw Biernacki
2022-02-01 20:12 ` [PATCH v2 0/2] Bluetooth: Fix skb handling in net/bluetooth/mgmt.c Radosław Biernacki
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.