From patchwork Wed Sep 15 23:01:07 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
X-Patchwork-Id: 12497719
Return-Path: <linux-bluetooth-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT
	autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 11183C433F5
	for <linux-bluetooth@archiver.kernel.org>;
 Wed, 15 Sep 2021 23:01:13 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id E997E61186
	for <linux-bluetooth@archiver.kernel.org>;
 Wed, 15 Sep 2021 23:01:12 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232690AbhIOXCb (ORCPT
        <rfc822;linux-bluetooth@archiver.kernel.org>);
        Wed, 15 Sep 2021 19:02:31 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36148 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229538AbhIOXCb (ORCPT
        <rfc822;linux-bluetooth@vger.kernel.org>);
        Wed, 15 Sep 2021 19:02:31 -0400
Received: from mail-pj1-x1030.google.com (mail-pj1-x1030.google.com
 [IPv6:2607:f8b0:4864:20::1030])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B97EFC061574
        for <linux-bluetooth@vger.kernel.org>;
 Wed, 15 Sep 2021 16:01:11 -0700 (PDT)
Received: by mail-pj1-x1030.google.com with SMTP id
 me5-20020a17090b17c500b0019af76b7bb4so5439812pjb.2
        for <linux-bluetooth@vger.kernel.org>;
 Wed, 15 Sep 2021 16:01:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=+TK1YvjA53I2APi/97L1aIxLqOAdfEStVTGEOp+IQnE=;
        b=XZr6IjeXa/Uai7kFaGMB38+W0znn6WF7JOAaAHuo9yqGRq4fTBklyZulLALXub/hVh
         sYRsFrTZlSz4bWnvVBGnxCCMMIXFWBMvHAiDv8AZfnAUhS4/tCRNrRf7XpJuqbG1FJjy
         XgwnE9QMbcY3WysW1i/Vv9u+aCumU5nRJi/wBKmdR0TkjOuYAjNG0BdphdIeWVc4O5K2
         bAhRZxpsCWY0ia99coGtBp8m9jNS6LC1F5GBD2V/mx1zQd50d/pJb3YBYewzhQerjw4E
         +629oNWuZzYcZ/hQK4Pezycl1yp4WsQZ7H9uAgkxNcsJIaFCHLFmwfw/ziQu0H8qUspR
         VvlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=+TK1YvjA53I2APi/97L1aIxLqOAdfEStVTGEOp+IQnE=;
        b=n8n1Kd7yTnxXJoRQ5DXNCh2IC42efofxD47r2ZGs8Xb5WoNQTEUQE5GXnSZoQ3SEB/
         zSGiHPR9qDn3pNaxnu6pBvsILmofvZ6YYk7aI4CTBIYiDlesBvyF0JwxDeWw0FYHL3sL
         jF4vAPq96D5c0RxCZjDPS6PtAPirl7GU85rZCeviz013PCgbb285WoEhmC0iPy4MbJ5+
         KxBkAI5tguvK9uaeCMplpKFpspnXO0D7WkR7uuQcJiQy0+h23txgCB/r8a/ATKQ3bWUh
         meuqEV3srxI0i2peCL78tnng9rvtlCZzenJpFNnWRyGB9DbqyhcFcAXu0ULL1oU1wjDX
         JiwA==
X-Gm-Message-State: AOAM531oh7bj31Z59GkmBk99GyviIGQLfbLM1YPrv1hn3GLy3WwRMhx/
        4KdJvDHM9Xr1sSpgFnx6F38jvo+wves=
X-Google-Smtp-Source: 
 ABdhPJxF+3RhzVJXBXYZLBl4gTIaBnDRfYafWPYcq1AM3p529ur6jBrerPXjvFy5J842x6fMJBkazg==
X-Received: by 2002:a17:90a:a6b:: with SMTP id
 o98mr2322150pjo.39.1631746870796;
        Wed, 15 Sep 2021 16:01:10 -0700 (PDT)
Received: from lvondent-mobl4.intel.com (c-71-56-157-77.hsd1.or.comcast.net.
 [71.56.157.77])
        by smtp.gmail.com with ESMTPSA id
 d3sm5742226pjc.49.2021.09.15.16.01.10
        for <linux-bluetooth@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 15 Sep 2021 16:01:10 -0700 (PDT)
From: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
To: linux-bluetooth@vger.kernel.org
Subject: [PATCH v3 1/3] Bluetooth: hci_sock: Replace use of memcpy_from_msg
 with bt_skb_sendmsg
Date: Wed, 15 Sep 2021 16:01:07 -0700
Message-Id: <20210915230109.4107111-1-luiz.dentz@gmail.com>
X-Mailer: git-send-email 2.31.1
MIME-Version: 1.0
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

This makes use of bt_skb_sendmsg instead of allocating a different
buffer to be used with memcpy_from_msg which cause one extra copy.

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---
 net/bluetooth/hci_sock.c | 100 +++++++++++++++------------------------
 1 file changed, 37 insertions(+), 63 deletions(-)

diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index e481eee8e61e..39309ef6af4a 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -1510,7 +1510,8 @@ static int hci_sock_recvmsg(struct socket *sock, struct msghdr *msg,
 	return err ? : copied;
 }
 
-static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk, void *buf, size_t msglen)
+static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk,
+			struct sk_buff *skb)
 {
 	u8 *cp;
 	struct mgmt_hdr *hdr;
@@ -1520,31 +1521,31 @@ static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk, void *buf,
 	bool var_len, no_hdev;
 	int err;
 
-	BT_DBG("got %zu bytes", msglen);
+	BT_DBG("got %d bytes", skb->len);
 
-	if (msglen < sizeof(*hdr))
+	if (skb->len < sizeof(*hdr))
 		return -EINVAL;
 
-	hdr = buf;
+	hdr = (void *)skb->data;
 	opcode = __le16_to_cpu(hdr->opcode);
 	index = __le16_to_cpu(hdr->index);
 	len = __le16_to_cpu(hdr->len);
 
-	if (len != msglen - sizeof(*hdr)) {
+	if (len != skb->len - sizeof(*hdr)) {
 		err = -EINVAL;
 		goto done;
 	}
 
 	if (chan->channel == HCI_CHANNEL_CONTROL) {
-		struct sk_buff *skb;
+		struct sk_buff *cmd;
 
 		/* Send event to monitor */
-		skb = create_monitor_ctrl_command(sk, index, opcode, len,
-						  buf + sizeof(*hdr));
-		if (skb) {
-			hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
+		cmd = create_monitor_ctrl_command(sk, index, opcode, len,
+						  skb->data + sizeof(*hdr));
+		if (cmd) {
+			hci_send_to_channel(HCI_CHANNEL_MONITOR, cmd,
 					    HCI_SOCK_TRUSTED, NULL);
-			kfree_skb(skb);
+			kfree_skb(cmd);
 		}
 	}
 
@@ -1609,13 +1610,13 @@ static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk, void *buf,
 	if (hdev && chan->hdev_init)
 		chan->hdev_init(sk, hdev);
 
-	cp = buf + sizeof(*hdr);
+	cp = skb->data + sizeof(*hdr);
 
 	err = handler->func(sk, hdev, cp, len);
 	if (err < 0)
 		goto done;
 
-	err = msglen;
+	err = skb->len;
 
 done:
 	if (hdev)
@@ -1624,10 +1625,10 @@ static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk, void *buf,
 	return err;
 }
 
-static int hci_logging_frame(struct sock *sk, void *buf, int len, unsigned int flags)
+static int hci_logging_frame(struct sock *sk, struct sk_buff *skb,
+			     unsigned int flags)
 {
 	struct hci_mon_hdr *hdr;
-	struct sk_buff *skb;
 	struct hci_dev *hdev;
 	u16 index;
 	int err;
@@ -1636,21 +1637,13 @@ static int hci_logging_frame(struct sock *sk, void *buf, int len, unsigned int f
 	 * the priority byte, the ident length byte and at least one string
 	 * terminator NUL byte. Anything shorter are invalid packets.
 	 */
-	if (len < sizeof(*hdr) + 3)
+	if (skb->len < sizeof(*hdr) + 3)
 		return -EINVAL;
 
-	skb = bt_skb_send_alloc(sk, len, flags & MSG_DONTWAIT, &err);
-	if (!skb)
-		return err;
-
-	memcpy(skb_put(skb, len), buf, len);
-
 	hdr = (void *)skb->data;
 
-	if (__le16_to_cpu(hdr->len) != len - sizeof(*hdr)) {
-		err = -EINVAL;
-		goto drop;
-	}
+	if (__le16_to_cpu(hdr->len) != skb->len - sizeof(*hdr))
+		return -EINVAL;
 
 	if (__le16_to_cpu(hdr->opcode) == 0x0000) {
 		__u8 priority = skb->data[sizeof(*hdr)];
@@ -1669,25 +1662,20 @@ static int hci_logging_frame(struct sock *sk, void *buf, int len, unsigned int f
 		 * The message follows the ident string (if present) and
 		 * must be NUL terminated. Otherwise it is not a valid packet.
 		 */
-		if (priority > 7 || skb->data[len - 1] != 0x00 ||
-		    ident_len > len - sizeof(*hdr) - 3 ||
-		    skb->data[sizeof(*hdr) + ident_len + 1] != 0x00) {
-			err = -EINVAL;
-			goto drop;
-		}
+		if (priority > 7 || skb->data[skb->len - 1] != 0x00 ||
+		    ident_len > skb->len - sizeof(*hdr) - 3 ||
+		    skb->data[sizeof(*hdr) + ident_len + 1] != 0x00)
+			return -EINVAL;
 	} else {
-		err = -EINVAL;
-		goto drop;
+		return -EINVAL;
 	}
 
 	index = __le16_to_cpu(hdr->index);
 
 	if (index != MGMT_INDEX_NONE) {
 		hdev = hci_dev_get(index);
-		if (!hdev) {
-			err = -ENODEV;
-			goto drop;
-		}
+		if (!hdev)
+			return -ENODEV;
 	} else {
 		hdev = NULL;
 	}
@@ -1695,13 +1683,11 @@ static int hci_logging_frame(struct sock *sk, void *buf, int len, unsigned int f
 	hdr->opcode = cpu_to_le16(HCI_MON_USER_LOGGING);
 
 	hci_send_to_channel(HCI_CHANNEL_MONITOR, skb, HCI_SOCK_TRUSTED, NULL);
-	err = len;
+	err = skb->len;
 
 	if (hdev)
 		hci_dev_put(hdev);
 
-drop:
-	kfree_skb(skb);
 	return err;
 }
 
@@ -1713,7 +1699,6 @@ static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg,
 	struct hci_dev *hdev;
 	struct sk_buff *skb;
 	int err;
-	void *buf;
 	const unsigned int flags = msg->msg_flags;
 
 	BT_DBG("sock %p sk %p", sock, sk);
@@ -1727,13 +1712,9 @@ static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg,
 	if (len < 4 || len > hci_pi(sk)->mtu)
 		return -EINVAL;
 
-	buf = kmalloc(len, GFP_KERNEL);
-	if (!buf)
-		return -ENOMEM;
-	if (memcpy_from_msg(buf, msg, len)) {
-		kfree(buf);
-		return -EFAULT;
-	}
+	skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0);
+	if (IS_ERR(skb))
+		return PTR_ERR(skb);
 
 	lock_sock(sk);
 
@@ -1743,39 +1724,33 @@ static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg,
 		break;
 	case HCI_CHANNEL_MONITOR:
 		err = -EOPNOTSUPP;
-		goto done;
+		goto drop;
 	case HCI_CHANNEL_LOGGING:
-		err = hci_logging_frame(sk, buf, len, flags);
-		goto done;
+		err = hci_logging_frame(sk, skb, flags);
+		goto drop;
 	default:
 		mutex_lock(&mgmt_chan_list_lock);
 		chan = __hci_mgmt_chan_find(hci_pi(sk)->channel);
 		if (chan)
-			err = hci_mgmt_cmd(chan, sk, buf, len);
+			err = hci_mgmt_cmd(chan, sk, skb);
 		else
 			err = -EINVAL;
 
 		mutex_unlock(&mgmt_chan_list_lock);
-		goto done;
+		goto drop;
 	}
 
 	hdev = hci_hdev_from_sock(sk);
 	if (IS_ERR(hdev)) {
 		err = PTR_ERR(hdev);
-		goto done;
+		goto drop;
 	}
 
 	if (!test_bit(HCI_UP, &hdev->flags)) {
 		err = -ENETDOWN;
-		goto done;
+		goto drop;
 	}
 
-	skb = bt_skb_send_alloc(sk, len, flags & MSG_DONTWAIT, &err);
-	if (!skb)
-		goto done;
-
-	memcpy(skb_put(skb, len), buf, len);
-
 	hci_skb_pkt_type(skb) = skb->data[0];
 	skb_pull(skb, 1);
 
@@ -1846,7 +1821,6 @@ static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg,
 
 done:
 	release_sock(sk);
-	kfree(buf);
 	return err;
 
 drop:

From patchwork Wed Sep 15 23:01:08 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
X-Patchwork-Id: 12497721
Return-Path: <linux-bluetooth-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT
	autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DFD9AC433FE
	for <linux-bluetooth@archiver.kernel.org>;
 Wed, 15 Sep 2021 23:01:13 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id C7D6661185
	for <linux-bluetooth@archiver.kernel.org>;
 Wed, 15 Sep 2021 23:01:13 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232708AbhIOXCc (ORCPT
        <rfc822;linux-bluetooth@archiver.kernel.org>);
        Wed, 15 Sep 2021 19:02:32 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36156 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232684AbhIOXCb (ORCPT
        <rfc822;linux-bluetooth@vger.kernel.org>);
        Wed, 15 Sep 2021 19:02:31 -0400
Received: from mail-pg1-x52f.google.com (mail-pg1-x52f.google.com
 [IPv6:2607:f8b0:4864:20::52f])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4B893C061574
        for <linux-bluetooth@vger.kernel.org>;
 Wed, 15 Sep 2021 16:01:12 -0700 (PDT)
Received: by mail-pg1-x52f.google.com with SMTP id k24so4281117pgh.8
        for <linux-bluetooth@vger.kernel.org>;
 Wed, 15 Sep 2021 16:01:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=qX2dfn2x26WX07e7xdzg2ywb6Njzmd8j8daHrFRGUlY=;
        b=LzPLtqx1kXUavKGjmwI8dvuthushIcZFI9LXn1wHkGrMvbomgkjhYrBESNKqCcpsx8
         3k+uCvo+RTB4M35f/vmYPgIY5wmC9OSgf/rdDyxquSKSYqGW8ThcQoJqQJhhDnbsy3tO
         mmYaHUJ5eZ/YyB3rQqS5NyGimc7ZbpmAgsLG/aKB3pE/Om8PmHzJmkrN4+liv0lpqXTs
         Gtp86HqRJ4ky4KyAEfuU5dmXS2POLGmuBs0ssT/IjyI956MH92oH4TXlflrFWzGpLcRU
         WzNsUKh0cRut3w4ncRILSPI8CqnXBTUHCGBCm+jGb2tpyrBRe9b/LA6pqKoh/10AS4Ar
         DxnA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=qX2dfn2x26WX07e7xdzg2ywb6Njzmd8j8daHrFRGUlY=;
        b=nrTRieSPUsbGJBVshk9sbwE6a4csplUGwQkPvqYHkReraNsx0rEDDsT+6ZKUQpZmXc
         PxXLOKDbtETM6ipG10vjZfSBs2Ryx45uFhuY1uuYyRLXoh2NOoEsmDgDA0iEcBZaqpOM
         5jGYJ1whP64j3tmdpvMWxsaMSFNhGx6jS0cXpI9fqX2+cC33PDm7ljDw3csWox5ncuuE
         cK3jMqalhNbWwCZgPVtg3H7TbXutL/nFC+856OLSpDxczOtS13DsXGOK+7dzE+HifyLN
         c5PZXdwm4JVJLpwHvL0AtKvtrobp+rMbM+Y8HgebpH9oG2b9o9RrGJPbad7/5YOL3Em+
         9/Bg==
X-Gm-Message-State: AOAM531c6E+wsGliTWsbAOaJgZGof6WytNjCTu/vEpDEWP2XeSmz4Z/W
        nZpSWEtdzf3UGiUZ6ZsiAVRcsdHZYEA=
X-Google-Smtp-Source: 
 ABdhPJyDpX1cwZDZFiE5DAj7El03Z4SRxtmFSj0ysWnoupr5GKg/e4HXWkW1Cd19MbgtEKsfGrbwnQ==
X-Received: by 2002:a05:6a00:2189:b0:414:22ae:eab9 with SMTP id
 h9-20020a056a00218900b0041422aeeab9mr2018918pfi.65.1631746871523;
        Wed, 15 Sep 2021 16:01:11 -0700 (PDT)
Received: from lvondent-mobl4.intel.com (c-71-56-157-77.hsd1.or.comcast.net.
 [71.56.157.77])
        by smtp.gmail.com with ESMTPSA id
 d3sm5742226pjc.49.2021.09.15.16.01.10
        for <linux-bluetooth@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 15 Sep 2021 16:01:11 -0700 (PDT)
From: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
To: linux-bluetooth@vger.kernel.org
Subject: [PATCH v3 2/3] Bluetooth: Fix passing NULL to PTR_ERR
Date: Wed, 15 Sep 2021 16:01:08 -0700
Message-Id: <20210915230109.4107111-2-luiz.dentz@gmail.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210915230109.4107111-1-luiz.dentz@gmail.com>
References: <20210915230109.4107111-1-luiz.dentz@gmail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

Passing NULL to PTR_ERR will result in 0 (success), also since the likes of
bt_skb_sendmsg does never return NULL it is safe to replace the instances of
IS_ERR_OR_NULL with IS_ERR when checking its return.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---
 include/net/bluetooth/bluetooth.h | 2 +-
 net/bluetooth/rfcomm/sock.c       | 2 +-
 net/bluetooth/sco.c               | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/net/bluetooth/bluetooth.h b/include/net/bluetooth/bluetooth.h
index aa221c1a27c6..3271870fd85e 100644
--- a/include/net/bluetooth/bluetooth.h
+++ b/include/net/bluetooth/bluetooth.h
@@ -496,7 +496,7 @@ static inline struct sk_buff *bt_skb_sendmmsg(struct sock *sk,
 		struct sk_buff *tmp;
 
 		tmp = bt_skb_sendmsg(sk, msg, len, mtu, headroom, tailroom);
-		if (IS_ERR_OR_NULL(tmp)) {
+		if (IS_ERR(tmp)) {
 			kfree_skb(skb);
 			return tmp;
 		}
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 5938af3e9936..4bf4ea6cbb5e 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -583,7 +583,7 @@ static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg,
 
 	skb = bt_skb_sendmmsg(sk, msg, len, d->mtu, RFCOMM_SKB_HEAD_RESERVE,
 			      RFCOMM_SKB_TAIL_RESERVE);
-	if (IS_ERR_OR_NULL(skb))
+	if (IS_ERR(skb))
 		return PTR_ERR(skb);
 
 	sent = rfcomm_dlc_send(d, skb);
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 446f871f11ed..f51399d1b9cb 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -733,7 +733,7 @@ static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
 		return -EOPNOTSUPP;
 
 	skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0);
-	if (IS_ERR_OR_NULL(skb))
+	if (IS_ERR(skb))
 		return PTR_ERR(skb);
 
 	lock_sock(sk);

From patchwork Wed Sep 15 23:01:09 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
X-Patchwork-Id: 12497723
Return-Path: <linux-bluetooth-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT
	autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B0DA7C433EF
	for <linux-bluetooth@archiver.kernel.org>;
 Wed, 15 Sep 2021 23:01:14 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 9404C61185
	for <linux-bluetooth@archiver.kernel.org>;
 Wed, 15 Sep 2021 23:01:14 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232739AbhIOXCd (ORCPT
        <rfc822;linux-bluetooth@archiver.kernel.org>);
        Wed, 15 Sep 2021 19:02:33 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36160 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232733AbhIOXCc (ORCPT
        <rfc822;linux-bluetooth@vger.kernel.org>);
        Wed, 15 Sep 2021 19:02:32 -0400
Received: from mail-pf1-x434.google.com (mail-pf1-x434.google.com
 [IPv6:2607:f8b0:4864:20::434])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 480E4C061574
        for <linux-bluetooth@vger.kernel.org>;
 Wed, 15 Sep 2021 16:01:13 -0700 (PDT)
Received: by mail-pf1-x434.google.com with SMTP id x7so4076402pfa.8
        for <linux-bluetooth@vger.kernel.org>;
 Wed, 15 Sep 2021 16:01:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=L0h86E9j0CfNSSJWMBPeikGzGgwSYkBSG+0Bm1Cw7vc=;
        b=OB1R9gA/7cZ9ldtklTRXoCiOxfTjaL8kbAjW2JrqX4DNQ6BMAsKA4f/OYbpO08xtft
         NThLhTxhWA+VploPsqGwMducLshG6e3Bd/65NsIlmL4ILcTBio26lvoU4cClbEp+mQMr
         0gHcHGdnNxNf5RavEQnC0jL9bdGaiDuO3ULsfFuGi8d+f5Tu2BLkXsQ5c8VdW8VoNBKg
         xPaVnZCKix+mFJS5vKuEkU8CP6H5MaVpOwA7Ow3jnBmOXkeb7g75jMcXfyHy8v9Z1lHF
         9VWTQ9b/LL1fgG5WBCoxd4fqA1j32jrzkCCSG+9Uvdqdkk/UzF7sM+JnQ9TIUnClhDpd
         oWAg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=L0h86E9j0CfNSSJWMBPeikGzGgwSYkBSG+0Bm1Cw7vc=;
        b=ds8tGgevklHHHoM2lF9uYZFxs7WJuY8/XVEj/tXltczsg/mrcHWVgStmsFyRfwxULE
         zEXHfliuZPZHN9CT7EpYVlkOLSkknKyhYXNOdBAe8eBiVELkqsVw2PVzv53AcRKJVDTj
         OKuE/nKpo4vYkLNw0jKgyRpqSXkYSlVZdDM3CvGMDwR1PBRCltgzHU9TVV+4QyP1Uhi7
         b0jUrrxUNvaraO/qjdMHz6IeYMTP2tRSDkR7qqh4ZJuhmCwagTQM6EvLWIUKX0AFytFw
         9mmYo1Cl4ZWb7n8Al6soViuFHSFy9IDI2dbX3J9uJ4BARJ0pjSKvzRyb1PGNHgzXnHQQ
         ypog==
X-Gm-Message-State: AOAM530GLyernP/sxxFCJSDQZG6FKoFo3T58S3a3OWY43Vy+16dp+Aql
        /Bg+EmV4Madsbf7PWR6fo7mdJkjJG8w=
X-Google-Smtp-Source: 
 ABdhPJyHR/TtbWDIiLE3kn/05Rmet3PH2fxV0UKg9e4doxEtfPgugiS6Bayp1b/J7mLnLUnjM6X86Q==
X-Received: by 2002:aa7:83d8:0:b0:3ef:990f:5525 with SMTP id
 j24-20020aa783d8000000b003ef990f5525mr1856717pfn.29.1631746872596;
        Wed, 15 Sep 2021 16:01:12 -0700 (PDT)
Received: from lvondent-mobl4.intel.com (c-71-56-157-77.hsd1.or.comcast.net.
 [71.56.157.77])
        by smtp.gmail.com with ESMTPSA id
 d3sm5742226pjc.49.2021.09.15.16.01.11
        for <linux-bluetooth@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 15 Sep 2021 16:01:12 -0700 (PDT)
From: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
To: linux-bluetooth@vger.kernel.org
Subject: [PATCH v3 3/3] Bluetooth: SCO: Fix sco_send_frame returning skb->len
Date: Wed, 15 Sep 2021 16:01:09 -0700
Message-Id: <20210915230109.4107111-3-luiz.dentz@gmail.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210915230109.4107111-1-luiz.dentz@gmail.com>
References: <20210915230109.4107111-1-luiz.dentz@gmail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

The skb in modified by hci_send_sco which pushes SCO headers thus
changing skb->len causing sco_sock_sendmsg to fail.

Fixes: 0771cbb3b97d ("Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---
 net/bluetooth/sco.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index f51399d1b9cb..8eabf41b2993 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -284,16 +284,17 @@ static int sco_connect(struct hci_dev *hdev, struct sock *sk)
 static int sco_send_frame(struct sock *sk, struct sk_buff *skb)
 {
 	struct sco_conn *conn = sco_pi(sk)->conn;
+	int len = skb->len;
 
 	/* Check outgoing MTU */
-	if (skb->len > conn->mtu)
+	if (len > conn->mtu)
 		return -EINVAL;
 
-	BT_DBG("sk %p len %d", sk, skb->len);
+	BT_DBG("sk %p len %d", sk, len);
 
 	hci_send_sco(conn->hcon, skb);
 
-	return skb->len;
+	return len;
 }
 
 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
@@ -744,7 +745,8 @@ static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
 		err = -ENOTCONN;
 
 	release_sock(sk);
-	if (err)
+
+	if (err < 0)
 		kfree_skb(skb);
 	return err;
 }