From patchwork Thu Sep 16 18:03:32 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
X-Patchwork-Id: 12500057
Return-Path: <linux-bluetooth-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-20.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT
	autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 85FF6C433FE
	for <linux-bluetooth@archiver.kernel.org>;
 Thu, 16 Sep 2021 18:55:18 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 6EDC7611EE
	for <linux-bluetooth@archiver.kernel.org>;
 Thu, 16 Sep 2021 18:55:18 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S242496AbhIPS4i (ORCPT
        <rfc822;linux-bluetooth@archiver.kernel.org>);
        Thu, 16 Sep 2021 14:56:38 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51644 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S240272AbhIPS4e (ORCPT
        <rfc822;linux-bluetooth@vger.kernel.org>);
        Thu, 16 Sep 2021 14:56:34 -0400
Received: from mail-pj1-x1031.google.com (mail-pj1-x1031.google.com
 [IPv6:2607:f8b0:4864:20::1031])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6B8D8C043085
        for <linux-bluetooth@vger.kernel.org>;
 Thu, 16 Sep 2021 11:03:37 -0700 (PDT)
Received: by mail-pj1-x1031.google.com with SMTP id
 mv7-20020a17090b198700b0019c843e7233so1630042pjb.4
        for <linux-bluetooth@vger.kernel.org>;
 Thu, 16 Sep 2021 11:03:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=ZHQlz26jaEu1gmEy0PeaVKBbbell8in7/qkbLSGDUd8=;
        b=a6RWer4kCKt1fTViElLyvMNQTc9ymWq1nj4GEnoMmrq1HZ5KuTNHiT4tuAGm9S2ZHH
         KwbV/8r5aQxwKeIPfJIhufMPy+U7FvjgQHQchyR5cHVo8vMbBAyzB9aFGQftYqkZU2eU
         FUu0MPpaW5FKf++oniVhUYMzSZ8AbgafGBq/SGv5NcL2AoY4NKHtXsNpE1jMP8cb7AjX
         dU8nbYa0KsdQdIv+sObXnWfyQgMycOhB2dVa/z3t0pgU8loQ6PGLztKoG/fApg50VYJW
         jfLXgFmf6xrxAULDje86i2xxsJ/VXfHH6fM5+OyxeLtxkh0SPzCNylGZ/jb7nks9q1yG
         iJfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=ZHQlz26jaEu1gmEy0PeaVKBbbell8in7/qkbLSGDUd8=;
        b=HHaKSyQNVaZ/6WQfK86BQAkiEGi1J1Fd1/0GuUSTwb0XyLDIXMbGXHEM2UzWDU5SgB
         iy5Sk19Salf27EAO1vWLgoiKY0WS3TT4PvoAz/DWD0t69Alm0IK5AKE2scWtwm37UwZg
         CaP1P/XXKsSSqVTJMC0JyxigCGNHJrBdPbq6gE8XTgqeNFx/dyiZsaZ2Cl2WRHDt2w9Y
         nOa3CI1TaORkXVOPka201p5YlXI0+wBehhYrRI/0U1n394BcRw2rtKbS0vu8GGHmMzhr
         eCR/5T0Pg/VGGCrdWP58pr84JudZvrSo2iZvawT5dlsVXo6zZqLEWxhCNdZDlEevbNTu
         fjkg==
X-Gm-Message-State: AOAM533Mo6hIlglKyOo6aWzIFIz+TeoeJ+RuY0BTTHMUG7DY0o/Uu0w0
        jvGcp0Zih/kx75v/kWTgBAIWwCmz84w=
X-Google-Smtp-Source: 
 ABdhPJyiSI/O4qcM6R/7T72srehYZxXeRBtLNMfqlXE9QZpduspdvAYhtq4xmwdudGggJ1uvu7hXTQ==
X-Received: by 2002:a17:902:8d85:b0:13c:92f9:ac3c with SMTP id
 v5-20020a1709028d8500b0013c92f9ac3cmr5917679plo.42.1631815416542;
        Thu, 16 Sep 2021 11:03:36 -0700 (PDT)
Received: from lvondent-mobl4.intel.com (c-71-56-157-77.hsd1.or.comcast.net.
 [71.56.157.77])
        by smtp.gmail.com with ESMTPSA id
 p24sm3580432pfh.136.2021.09.16.11.03.36
        for <linux-bluetooth@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 16 Sep 2021 11:03:36 -0700 (PDT)
From: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
To: linux-bluetooth@vger.kernel.org
Subject: [PATCH v5 1/4] Bluetooth: hci_sock: Add support for BT_{SND,RCV}BUF
Date: Thu, 16 Sep 2021 11:03:32 -0700
Message-Id: <20210916180335.75976-1-luiz.dentz@gmail.com>
X-Mailer: git-send-email 2.31.1
MIME-Version: 1.0
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

This adds support for BT_{SND,RCV}BUF so userspace can set MTU based on
the channel usage.

Fixes: https://github.com/bluez/bluez/issues/201

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---
 net/bluetooth/hci_sock.c | 102 ++++++++++++++++++++++++++++++++++-----
 1 file changed, 91 insertions(+), 11 deletions(-)

diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 55b0d177375b..091e819ba40e 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -57,6 +57,7 @@ struct hci_pinfo {
 	unsigned long     flags;
 	__u32             cookie;
 	char              comm[TASK_COMM_LEN];
+	__u16             mtu;
 };
 
 static struct hci_dev *hci_hdev_from_sock(struct sock *sk)
@@ -1374,6 +1375,10 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
 		break;
 	}
 
+	/* Default MTU to HCI_MAX_FRAME_SIZE if not set */
+	if (!hci_pi(sk)->mtu)
+		hci_pi(sk)->mtu = HCI_MAX_FRAME_SIZE;
+
 	sk->sk_state = BT_BOUND;
 
 done:
@@ -1719,7 +1724,7 @@ static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg,
 	if (flags & ~(MSG_DONTWAIT | MSG_NOSIGNAL | MSG_ERRQUEUE | MSG_CMSG_COMPAT))
 		return -EINVAL;
 
-	if (len < 4 || len > HCI_MAX_FRAME_SIZE)
+	if (len < 4 || len > hci_pi(sk)->mtu)
 		return -EINVAL;
 
 	buf = kmalloc(len, GFP_KERNEL);
@@ -1849,8 +1854,8 @@ static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg,
 	goto done;
 }
 
-static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
-			       sockptr_t optval, unsigned int len)
+static int hci_sock_setsockopt_old(struct socket *sock, int level, int optname,
+				   sockptr_t optval, unsigned int len)
 {
 	struct hci_ufilter uf = { .opcode = 0 };
 	struct sock *sk = sock->sk;
@@ -1858,9 +1863,6 @@ static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
 
 	BT_DBG("sk %p, opt %d", sk, optname);
 
-	if (level != SOL_HCI)
-		return -ENOPROTOOPT;
-
 	lock_sock(sk);
 
 	if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
@@ -1935,18 +1937,63 @@ static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
 	return err;
 }
 
-static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
-			       char __user *optval, int __user *optlen)
+static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
+			       sockptr_t optval, unsigned int len)
 {
-	struct hci_ufilter uf;
 	struct sock *sk = sock->sk;
-	int len, opt, err = 0;
+	int err = 0, opt = 0;
 
 	BT_DBG("sk %p, opt %d", sk, optname);
 
-	if (level != SOL_HCI)
+	if (level == SOL_HCI)
+		return hci_sock_setsockopt_old(sock, level, optname, optval,
+					       len);
+
+	if (level != SOL_BLUETOOTH)
 		return -ENOPROTOOPT;
 
+	lock_sock(sk);
+
+	switch (optname) {
+	case BT_SNDMTU:
+	case BT_RCVMTU:
+		switch (hci_pi(sk)->channel) {
+		/* Don't allow changing MTU for channels that are meant for HCI
+		 * traffic only.
+		 */
+		case HCI_CHANNEL_RAW:
+		case HCI_CHANNEL_USER:
+			err = -ENOPROTOOPT;
+			goto done;
+		}
+
+		if (copy_from_sockptr(&opt, optval, sizeof(u16))) {
+			err = -EFAULT;
+			break;
+		}
+
+		hci_pi(sk)->mtu = opt;
+		break;
+
+	default:
+		err = -ENOPROTOOPT;
+		break;
+	}
+
+done:
+	release_sock(sk);
+	return err;
+}
+
+static int hci_sock_getsockopt_old(struct socket *sock, int level, int optname,
+				   char __user *optval, int __user *optlen)
+{
+	struct hci_ufilter uf;
+	struct sock *sk = sock->sk;
+	int len, opt, err = 0;
+
+	BT_DBG("sk %p, opt %d", sk, optname);
+
 	if (get_user(len, optlen))
 		return -EFAULT;
 
@@ -2004,6 +2051,39 @@ static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
 	return err;
 }
 
+static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
+			       char __user *optval, int __user *optlen)
+{
+	struct sock *sk = sock->sk;
+	int err = 0;
+
+	BT_DBG("sk %p, opt %d", sk, optname);
+
+	if (level == SOL_HCI)
+		return hci_sock_getsockopt_old(sock, level, optname, optval,
+					       optlen);
+
+	if (level != SOL_BLUETOOTH)
+		return -ENOPROTOOPT;
+
+	lock_sock(sk);
+
+	switch (optname) {
+	case BT_SNDMTU:
+	case BT_RCVMTU:
+		if (put_user(hci_pi(sk)->mtu, (u16 __user *) optval))
+			err = -EFAULT;
+		break;
+
+	default:
+		err = -ENOPROTOOPT;
+		break;
+	}
+
+	release_sock(sk);
+	return err;
+}
+
 static const struct proto_ops hci_sock_ops = {
 	.family		= PF_BLUETOOTH,
 	.owner		= THIS_MODULE,

From patchwork Thu Sep 16 18:03:33 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
X-Patchwork-Id: 12500059
Return-Path: <linux-bluetooth-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 5D4E6C433EF
	for <linux-bluetooth@archiver.kernel.org>;
 Thu, 16 Sep 2021 18:55:19 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 419016120D
	for <linux-bluetooth@archiver.kernel.org>;
 Thu, 16 Sep 2021 18:55:19 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S243007AbhIPS4i (ORCPT
        <rfc822;linux-bluetooth@archiver.kernel.org>);
        Thu, 16 Sep 2021 14:56:38 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51622 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1344097AbhIPS4e (ORCPT
        <rfc822;linux-bluetooth@vger.kernel.org>);
        Thu, 16 Sep 2021 14:56:34 -0400
Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com
 [IPv6:2607:f8b0:4864:20::633])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0D0A8C043086
        for <linux-bluetooth@vger.kernel.org>;
 Thu, 16 Sep 2021 11:03:38 -0700 (PDT)
Received: by mail-pl1-x633.google.com with SMTP id w6so4407117pll.3
        for <linux-bluetooth@vger.kernel.org>;
 Thu, 16 Sep 2021 11:03:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=k4gR0pPu0xOReVDwAtsZ+nxyihqWjwSFDCMtWjEg7aM=;
        b=AFCexTFYRbPJsvaCUzYZuJ34m8aXYCmQI5NWDkuZGZtrWkCd5JzkbIi63KVSbV+PfS
         z5sP/lk3qLd6dYssir1AlZBbuTiHf4rXUnHOOP5dvlzcTmG1AjNr0dcDqxF3D+7InlCc
         CPBM2ooqwS+LcbGGwa1hebGStxixDEch+Uh2qbbl8cKbzlNvyZWblyoI7XVn8m3G/8f9
         SArbACDOsPXQvejKkhx04HMed76XsfQHw0DQLPEeCFGxtjty8UQAk+csNAjf4Up5+W09
         vhOcbpkSC+jikkEdQpY6R8KfoNv1v6OTTKyO6x+coDCtFjx6BgRxjYOT7/FOFvYg6AoY
         BBvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=k4gR0pPu0xOReVDwAtsZ+nxyihqWjwSFDCMtWjEg7aM=;
        b=bcnrejBCgCa6wjiOxXqJlq+6no8Nr6SIRq1MFs60d5xorAElK/Bs9uzJH0xN1Yt0+b
         TQ8oDMxmmIq2ToOQ6vDxKEKtusYM3DAb+XAl8VyL0I72uxIH2hWiUOh3JVoi7L1B5+en
         F84K9alutcLmxYHtKuBBPt/uNTW6dDTXdLr5Pge1fA+TVPSbnY7uNZPY64TIkSJX1hsh
         J9WpnughlYU98a/HNoGb+bw+vtdT3Mib1wkbfpw3ximISSbwII1jzaHiJZ9IR2e7fhxo
         1+vlGRxsmwac6wPq1nFQrWrO0UfJjmBXLvwHS3cw9g9Z3T/ImKeQ3ZjFaNTkzevp7qCt
         I9pA==
X-Gm-Message-State: AOAM531QeNOonHOr8/7ob7l7rAmVRYmYJmm3e34nIwKSBTCSprrFpbOf
        NbLvl6Zac1YN4x80mYEfhTE++2oCSIk=
X-Google-Smtp-Source: 
 ABdhPJwPetX3QTYmT6/GKAv0tynVAEgGVTEbZyyLVghr8UzRDbl22GPcn/ZJ60kSyMyTVNig/yxEGQ==
X-Received: by 2002:a17:90a:cf0d:: with SMTP id
 h13mr7412060pju.61.1631815417145;
        Thu, 16 Sep 2021 11:03:37 -0700 (PDT)
Received: from lvondent-mobl4.intel.com (c-71-56-157-77.hsd1.or.comcast.net.
 [71.56.157.77])
        by smtp.gmail.com with ESMTPSA id
 p24sm3580432pfh.136.2021.09.16.11.03.36
        for <linux-bluetooth@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 16 Sep 2021 11:03:36 -0700 (PDT)
From: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
To: linux-bluetooth@vger.kernel.org
Subject: [PATCH v5 2/4] Bluetooth: hci_sock: Replace use of memcpy_from_msg
 with bt_skb_sendmsg
Date: Thu, 16 Sep 2021 11:03:33 -0700
Message-Id: <20210916180335.75976-2-luiz.dentz@gmail.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210916180335.75976-1-luiz.dentz@gmail.com>
References: <20210916180335.75976-1-luiz.dentz@gmail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

This makes use of bt_skb_sendmsg instead of allocating a different
buffer to be used with memcpy_from_msg which cause one extra copy.

Tested-by: Tedd Ho-Jeong An <tedd.an@intel.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---
 net/bluetooth/hci_sock.c | 100 +++++++++++++++------------------------
 1 file changed, 37 insertions(+), 63 deletions(-)

diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 091e819ba40e..c0a237aa4baf 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -1510,7 +1510,8 @@ static int hci_sock_recvmsg(struct socket *sock, struct msghdr *msg,
 	return err ? : copied;
 }
 
-static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk, void *buf, size_t msglen)
+static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk,
+			struct sk_buff *skb)
 {
 	u8 *cp;
 	struct mgmt_hdr *hdr;
@@ -1520,31 +1521,31 @@ static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk, void *buf,
 	bool var_len, no_hdev;
 	int err;
 
-	BT_DBG("got %zu bytes", msglen);
+	BT_DBG("got %d bytes", skb->len);
 
-	if (msglen < sizeof(*hdr))
+	if (skb->len < sizeof(*hdr))
 		return -EINVAL;
 
-	hdr = buf;
+	hdr = (void *)skb->data;
 	opcode = __le16_to_cpu(hdr->opcode);
 	index = __le16_to_cpu(hdr->index);
 	len = __le16_to_cpu(hdr->len);
 
-	if (len != msglen - sizeof(*hdr)) {
+	if (len != skb->len - sizeof(*hdr)) {
 		err = -EINVAL;
 		goto done;
 	}
 
 	if (chan->channel == HCI_CHANNEL_CONTROL) {
-		struct sk_buff *skb;
+		struct sk_buff *cmd;
 
 		/* Send event to monitor */
-		skb = create_monitor_ctrl_command(sk, index, opcode, len,
-						  buf + sizeof(*hdr));
-		if (skb) {
-			hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
+		cmd = create_monitor_ctrl_command(sk, index, opcode, len,
+						  skb->data + sizeof(*hdr));
+		if (cmd) {
+			hci_send_to_channel(HCI_CHANNEL_MONITOR, cmd,
 					    HCI_SOCK_TRUSTED, NULL);
-			kfree_skb(skb);
+			kfree_skb(cmd);
 		}
 	}
 
@@ -1609,13 +1610,13 @@ static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk, void *buf,
 	if (hdev && chan->hdev_init)
 		chan->hdev_init(sk, hdev);
 
-	cp = buf + sizeof(*hdr);
+	cp = skb->data + sizeof(*hdr);
 
 	err = handler->func(sk, hdev, cp, len);
 	if (err < 0)
 		goto done;
 
-	err = msglen;
+	err = skb->len;
 
 done:
 	if (hdev)
@@ -1624,10 +1625,10 @@ static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk, void *buf,
 	return err;
 }
 
-static int hci_logging_frame(struct sock *sk, void *buf, int len, unsigned int flags)
+static int hci_logging_frame(struct sock *sk, struct sk_buff *skb,
+			     unsigned int flags)
 {
 	struct hci_mon_hdr *hdr;
-	struct sk_buff *skb;
 	struct hci_dev *hdev;
 	u16 index;
 	int err;
@@ -1636,21 +1637,13 @@ static int hci_logging_frame(struct sock *sk, void *buf, int len, unsigned int f
 	 * the priority byte, the ident length byte and at least one string
 	 * terminator NUL byte. Anything shorter are invalid packets.
 	 */
-	if (len < sizeof(*hdr) + 3)
+	if (skb->len < sizeof(*hdr) + 3)
 		return -EINVAL;
 
-	skb = bt_skb_send_alloc(sk, len, flags & MSG_DONTWAIT, &err);
-	if (!skb)
-		return err;
-
-	memcpy(skb_put(skb, len), buf, len);
-
 	hdr = (void *)skb->data;
 
-	if (__le16_to_cpu(hdr->len) != len - sizeof(*hdr)) {
-		err = -EINVAL;
-		goto drop;
-	}
+	if (__le16_to_cpu(hdr->len) != skb->len - sizeof(*hdr))
+		return -EINVAL;
 
 	if (__le16_to_cpu(hdr->opcode) == 0x0000) {
 		__u8 priority = skb->data[sizeof(*hdr)];
@@ -1669,25 +1662,20 @@ static int hci_logging_frame(struct sock *sk, void *buf, int len, unsigned int f
 		 * The message follows the ident string (if present) and
 		 * must be NUL terminated. Otherwise it is not a valid packet.
 		 */
-		if (priority > 7 || skb->data[len - 1] != 0x00 ||
-		    ident_len > len - sizeof(*hdr) - 3 ||
-		    skb->data[sizeof(*hdr) + ident_len + 1] != 0x00) {
-			err = -EINVAL;
-			goto drop;
-		}
+		if (priority > 7 || skb->data[skb->len - 1] != 0x00 ||
+		    ident_len > skb->len - sizeof(*hdr) - 3 ||
+		    skb->data[sizeof(*hdr) + ident_len + 1] != 0x00)
+			return -EINVAL;
 	} else {
-		err = -EINVAL;
-		goto drop;
+		return -EINVAL;
 	}
 
 	index = __le16_to_cpu(hdr->index);
 
 	if (index != MGMT_INDEX_NONE) {
 		hdev = hci_dev_get(index);
-		if (!hdev) {
-			err = -ENODEV;
-			goto drop;
-		}
+		if (!hdev)
+			return -ENODEV;
 	} else {
 		hdev = NULL;
 	}
@@ -1695,13 +1683,11 @@ static int hci_logging_frame(struct sock *sk, void *buf, int len, unsigned int f
 	hdr->opcode = cpu_to_le16(HCI_MON_USER_LOGGING);
 
 	hci_send_to_channel(HCI_CHANNEL_MONITOR, skb, HCI_SOCK_TRUSTED, NULL);
-	err = len;
+	err = skb->len;
 
 	if (hdev)
 		hci_dev_put(hdev);
 
-drop:
-	kfree_skb(skb);
 	return err;
 }
 
@@ -1713,7 +1699,6 @@ static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg,
 	struct hci_dev *hdev;
 	struct sk_buff *skb;
 	int err;
-	void *buf;
 	const unsigned int flags = msg->msg_flags;
 
 	BT_DBG("sock %p sk %p", sock, sk);
@@ -1727,13 +1712,9 @@ static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg,
 	if (len < 4 || len > hci_pi(sk)->mtu)
 		return -EINVAL;
 
-	buf = kmalloc(len, GFP_KERNEL);
-	if (!buf)
-		return -ENOMEM;
-	if (memcpy_from_msg(buf, msg, len)) {
-		kfree(buf);
-		return -EFAULT;
-	}
+	skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0);
+	if (IS_ERR(skb))
+		return PTR_ERR(skb);
 
 	lock_sock(sk);
 
@@ -1743,39 +1724,33 @@ static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg,
 		break;
 	case HCI_CHANNEL_MONITOR:
 		err = -EOPNOTSUPP;
-		goto done;
+		goto drop;
 	case HCI_CHANNEL_LOGGING:
-		err = hci_logging_frame(sk, buf, len, flags);
-		goto done;
+		err = hci_logging_frame(sk, skb, flags);
+		goto drop;
 	default:
 		mutex_lock(&mgmt_chan_list_lock);
 		chan = __hci_mgmt_chan_find(hci_pi(sk)->channel);
 		if (chan)
-			err = hci_mgmt_cmd(chan, sk, buf, len);
+			err = hci_mgmt_cmd(chan, sk, skb);
 		else
 			err = -EINVAL;
 
 		mutex_unlock(&mgmt_chan_list_lock);
-		goto done;
+		goto drop;
 	}
 
 	hdev = hci_hdev_from_sock(sk);
 	if (IS_ERR(hdev)) {
 		err = PTR_ERR(hdev);
-		goto done;
+		goto drop;
 	}
 
 	if (!test_bit(HCI_UP, &hdev->flags)) {
 		err = -ENETDOWN;
-		goto done;
+		goto drop;
 	}
 
-	skb = bt_skb_send_alloc(sk, len, flags & MSG_DONTWAIT, &err);
-	if (!skb)
-		goto done;
-
-	memcpy(skb_put(skb, len), buf, len);
-
 	hci_skb_pkt_type(skb) = skb->data[0];
 	skb_pull(skb, 1);
 
@@ -1846,7 +1821,6 @@ static int hci_sock_sendmsg(struct socket *sock, struct msghdr *msg,
 
 done:
 	release_sock(sk);
-	kfree(buf);
 	return err;
 
 drop:

From patchwork Thu Sep 16 18:03:34 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
X-Patchwork-Id: 12500061
Return-Path: <linux-bluetooth-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1F3A6C4332F
	for <linux-bluetooth@archiver.kernel.org>;
 Thu, 16 Sep 2021 18:55:20 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 029A461212
	for <linux-bluetooth@archiver.kernel.org>;
 Thu, 16 Sep 2021 18:55:19 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S243696AbhIPS4j (ORCPT
        <rfc822;linux-bluetooth@archiver.kernel.org>);
        Thu, 16 Sep 2021 14:56:39 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52076 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1344157AbhIPS4e (ORCPT
        <rfc822;linux-bluetooth@vger.kernel.org>);
        Thu, 16 Sep 2021 14:56:34 -0400
Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com
 [IPv6:2607:f8b0:4864:20::1033])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7EABAC043087
        for <linux-bluetooth@vger.kernel.org>;
 Thu, 16 Sep 2021 11:03:38 -0700 (PDT)
Received: by mail-pj1-x1033.google.com with SMTP id
 mv7-20020a17090b198700b0019c843e7233so1630075pjb.4
        for <linux-bluetooth@vger.kernel.org>;
 Thu, 16 Sep 2021 11:03:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=rpv1FaQ9oQ4VD4XcDBX4LDce+ctNlKY97mbkm3KNwuc=;
        b=p/432OUWAjBhfesC4L7qSyIH9zUxLxfdlG3xIzYBlp5Z0r672ksQyrqGSgkc27r4Zo
         gojjvuheC7jFXtUZyUcxFabeFxHnU+Mx36zByciTsm2of6ZHmN1Z/3ZExnR0PTcvd7i9
         5z0aROXqW3uBS2/GAsBK1WhAAURkhpIX0Aio3i11XcMXoRKm4onO7wrJ2VGhIMzHZCo1
         1bR0pe2tZlkBln0NdLZ4Vr98ftBxHKxomEdRmPJb63jkMGQH0lMdqZ6Ot8arDqPPUFWX
         DUWLFSn16pi3RxNm8BF+uyVKmAftclz3zG1TjdkxkTn5pBfJmGKSUsTkO2GJpkq8egEi
         o9aQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=rpv1FaQ9oQ4VD4XcDBX4LDce+ctNlKY97mbkm3KNwuc=;
        b=1G3xI2N7DCAcZjWHpbLuPuh/+exp1d3DUVx4xAlUdHbavXs/Xl3N0Ka/iWdAKtHtZK
         Gftbk0yk7zjST1GWjcmy/Fs1JfW+M4Fm3pEhhBAI9pwNJ417oHyzLzQljdHKEzFm4aHI
         PVOPHsGsIqRaLZRvxMUEZMwquK6Q5yg8XYpeMKPdEhmyojMowBMp1b6Az//4cZI0OBoF
         m8CfULMpU+dv9tSqwknaX7E7OJKQGqJrPHRcdEFP+ISKVrs/i3blnR5DyXITQNmI8Mix
         mL4CHyVEhFxVjALzlXqMuD2OCa10Si72NmWYiS6v1aqmuLmrvgjZs0bFSG6S0hbX/bWt
         Xcmg==
X-Gm-Message-State: AOAM5323An/sBLbI3jN31ogyq2pjRAJusx9RXt6vmsqwSyGyYkGOUBil
        dapsNY57ohZu3nQ6yRnDADN81JDcJ0I=
X-Google-Smtp-Source: 
 ABdhPJwhZ0MHDj9aPwl5B2Q9KPwVYSC4aPXQB8M/i9EULcA1V5bcKvlDFgee9wjQJTbOOq1CbPa/Ww==
X-Received: by 2002:a17:902:784c:b0:138:f4e5:9df8 with SMTP id
 e12-20020a170902784c00b00138f4e59df8mr5870357pln.14.1631815417772;
        Thu, 16 Sep 2021 11:03:37 -0700 (PDT)
Received: from lvondent-mobl4.intel.com (c-71-56-157-77.hsd1.or.comcast.net.
 [71.56.157.77])
        by smtp.gmail.com with ESMTPSA id
 p24sm3580432pfh.136.2021.09.16.11.03.37
        for <linux-bluetooth@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 16 Sep 2021 11:03:37 -0700 (PDT)
From: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
To: linux-bluetooth@vger.kernel.org
Subject: [PATCH v5 3/4] Bluetooth: Fix passing NULL to PTR_ERR
Date: Thu, 16 Sep 2021 11:03:34 -0700
Message-Id: <20210916180335.75976-3-luiz.dentz@gmail.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210916180335.75976-1-luiz.dentz@gmail.com>
References: <20210916180335.75976-1-luiz.dentz@gmail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

Passing NULL to PTR_ERR will result in 0 (success), also since the likes of
bt_skb_sendmsg does never return NULL it is safe to replace the instances of
IS_ERR_OR_NULL with IS_ERR when checking its return.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Tested-by: Tedd Ho-Jeong An <tedd.an@intel.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---
 include/net/bluetooth/bluetooth.h | 2 +-
 net/bluetooth/rfcomm/sock.c       | 2 +-
 net/bluetooth/sco.c               | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/net/bluetooth/bluetooth.h b/include/net/bluetooth/bluetooth.h
index aa221c1a27c6..3271870fd85e 100644
--- a/include/net/bluetooth/bluetooth.h
+++ b/include/net/bluetooth/bluetooth.h
@@ -496,7 +496,7 @@ static inline struct sk_buff *bt_skb_sendmmsg(struct sock *sk,
 		struct sk_buff *tmp;
 
 		tmp = bt_skb_sendmsg(sk, msg, len, mtu, headroom, tailroom);
-		if (IS_ERR_OR_NULL(tmp)) {
+		if (IS_ERR(tmp)) {
 			kfree_skb(skb);
 			return tmp;
 		}
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 5938af3e9936..4bf4ea6cbb5e 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -583,7 +583,7 @@ static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg,
 
 	skb = bt_skb_sendmmsg(sk, msg, len, d->mtu, RFCOMM_SKB_HEAD_RESERVE,
 			      RFCOMM_SKB_TAIL_RESERVE);
-	if (IS_ERR_OR_NULL(skb))
+	if (IS_ERR(skb))
 		return PTR_ERR(skb);
 
 	sent = rfcomm_dlc_send(d, skb);
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 446f871f11ed..f51399d1b9cb 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -733,7 +733,7 @@ static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
 		return -EOPNOTSUPP;
 
 	skb = bt_skb_sendmsg(sk, msg, len, len, 0, 0);
-	if (IS_ERR_OR_NULL(skb))
+	if (IS_ERR(skb))
 		return PTR_ERR(skb);
 
 	lock_sock(sk);

From patchwork Thu Sep 16 18:03:35 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
X-Patchwork-Id: 12500063
Return-Path: <linux-bluetooth-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 543FBC433EF
	for <linux-bluetooth@archiver.kernel.org>;
 Thu, 16 Sep 2021 18:55:21 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 3E1A2611C8
	for <linux-bluetooth@archiver.kernel.org>;
 Thu, 16 Sep 2021 18:55:21 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S243083AbhIPS4k (ORCPT
        <rfc822;linux-bluetooth@archiver.kernel.org>);
        Thu, 16 Sep 2021 14:56:40 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52058 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235451AbhIPS4f (ORCPT
        <rfc822;linux-bluetooth@vger.kernel.org>);
        Thu, 16 Sep 2021 14:56:35 -0400
Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com
 [IPv6:2607:f8b0:4864:20::62d])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 31D90C043088
        for <linux-bluetooth@vger.kernel.org>;
 Thu, 16 Sep 2021 11:03:39 -0700 (PDT)
Received: by mail-pl1-x62d.google.com with SMTP id t4so4447426plo.0
        for <linux-bluetooth@vger.kernel.org>;
 Thu, 16 Sep 2021 11:03:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=BdKc4Ax9P05al+3resQTTjrI8Gsvugf9kA+LrRNaE9E=;
        b=XBxjQZiJkB0vcUOOf/QNizLPHFz6QBrKhz2V9d47QVncpqfX5F6umt54LHDX5m3ef+
         7swe/pfrfaTeFqfXq2EJCy12HPfelLOkM6udH0nDesibZ+s47FylrWHpvTcs9MFbuXd6
         jvnxK63H23JSVUxhGXBrdRGkuXJ382nc0MomFbh511J0cbHglUJVLidvcqt8NiGtofU0
         DpDGzFsDmroB2N5y2Yk6ZzAErLvY0J80Af7XkKR8FVmsMPpmIQDD8zQCMPjfpkbj5gb5
         9jCxg1hAHZPRhpFbJnDD/OR51oJT3N8k4doLvFPLneWmtdlDQpw9/NkJX94c+4wz3Bjo
         TXlw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=BdKc4Ax9P05al+3resQTTjrI8Gsvugf9kA+LrRNaE9E=;
        b=tHDZOxfP7oleUZr9xc34kTaK1hzyd7fTnj6pQe5wIDMQ6l8+C72v7ah2Ba+/Sz00HM
         DpnxgEUQ+SFRgxXVEbdtkKQgHugcX8ZzP7JjoQozWoZ6SqY4WcXQ+WB91qZq4DbBe3rH
         noMMPp1+FLdfEXI201ngcVZilpFQRgRG1XxyGNHMzzGAGf16E3YS3mpxehC1HGOOtEci
         UK58sbzD8+sh64+HluqGv61He18rS14VdigGV03o7WLOgSQRlksd0pRBLqNB+0Ux5Mi1
         m0gHoK/HYkhw7NXVijesZCAuFfup9oeguc/3p+Urt1JPOJhVLosrvWXHcK7PWxy2c5YE
         2QrQ==
X-Gm-Message-State: AOAM5304AWyzXlRH2pArQfr+R6Zif96FFNfI0WO/UdZZT72LNfOif6x6
        VCMSnlYX0E9PaBvzgedre2hkw7hFv2I=
X-Google-Smtp-Source: 
 ABdhPJxu35EqFaTw0BlKiJXPl5B/EqWs7i1Ela9+u740Dbhn73mhd2hiQSAgH2JaHNSnE/8m5CKPiw==
X-Received: by 2002:a17:90a:eb02:: with SMTP id
 j2mr16409355pjz.174.1631815418483;
        Thu, 16 Sep 2021 11:03:38 -0700 (PDT)
Received: from lvondent-mobl4.intel.com (c-71-56-157-77.hsd1.or.comcast.net.
 [71.56.157.77])
        by smtp.gmail.com with ESMTPSA id
 p24sm3580432pfh.136.2021.09.16.11.03.37
        for <linux-bluetooth@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 16 Sep 2021 11:03:38 -0700 (PDT)
From: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
To: linux-bluetooth@vger.kernel.org
Subject: [PATCH v5 4/4] Bluetooth: SCO: Fix sco_send_frame returning skb->len
Date: Thu, 16 Sep 2021 11:03:35 -0700
Message-Id: <20210916180335.75976-4-luiz.dentz@gmail.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210916180335.75976-1-luiz.dentz@gmail.com>
References: <20210916180335.75976-1-luiz.dentz@gmail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

The skb in modified by hci_send_sco which pushes SCO headers thus
changing skb->len causing sco_sock_sendmsg to fail.

Fixes: 0771cbb3b97d ("Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg")
Tested-by: Tedd Ho-Jeong An <tedd.an@intel.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---
 net/bluetooth/sco.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index f51399d1b9cb..8eabf41b2993 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -284,16 +284,17 @@ static int sco_connect(struct hci_dev *hdev, struct sock *sk)
 static int sco_send_frame(struct sock *sk, struct sk_buff *skb)
 {
 	struct sco_conn *conn = sco_pi(sk)->conn;
+	int len = skb->len;
 
 	/* Check outgoing MTU */
-	if (skb->len > conn->mtu)
+	if (len > conn->mtu)
 		return -EINVAL;
 
-	BT_DBG("sk %p len %d", sk, skb->len);
+	BT_DBG("sk %p len %d", sk, len);
 
 	hci_send_sco(conn->hcon, skb);
 
-	return skb->len;
+	return len;
 }
 
 static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
@@ -744,7 +745,8 @@ static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
 		err = -ENOTCONN;
 
 	release_sock(sk);
-	if (err)
+
+	if (err < 0)
 		kfree_skb(skb);
 	return err;
 }