Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth

author: John W. Linville <linville@tuxdriver.com> 2013-12-18 13:46:08 -0500
committer: John W. Linville <linville@tuxdriver.com> 2013-12-18 13:46:08 -0500
commit: b7e047358449f8eb5cba8197b42280b676b82e54 (patch)
tree: 88174a5fa109cb71eee4dd6413e35c7412095769 /net/bluetooth
parent: 73f0b56a1ff64e7fb6c3a62088804bab93bcedc2 (diff)
parent: 1bc5ad168f441f6f8bfd944288a5f7b4963ac1f6 (diff)
1 files changed, 16 insertions, 10 deletions
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 6a6c8bb4fd72..7552f9e3089c 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -940,8 +940,22 @@ static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
        bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
        skb_pull(skb, 1);
-        if (hci_pi(sk)->channel == HCI_CHANNEL_RAW &&
+        if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
-            bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
+                /* No permission check is needed for user channel
+                 * since that gets enforced when binding the socket.
+                 *
+                 * However check that the packet type is valid.
+                 */
+                if (bt_cb(skb)->pkt_type != HCI_COMMAND_PKT &&
+                    bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT &&
+                    bt_cb(skb)->pkt_type != HCI_SCODATA_PKT) {
+                        err = -EINVAL;
+                        goto drop;
+                }
+                skb_queue_tail(&hdev->raw_q, skb);
+                queue_work(hdev->workqueue, &hdev->tx_work);
+        } else if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
                u16 opcode = get_unaligned_le16(skb->data);
                u16 ogf = hci_opcode_ogf(opcode);
                u16 ocf = hci_opcode_ocf(opcode);
@@ -972,14 +986,6 @@ static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
                        goto drop;
                }
-                if (hci_pi(sk)->channel == HCI_CHANNEL_USER &&
-                    bt_cb(skb)->pkt_type != HCI_COMMAND_PKT &&
-                    bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT &&
-                    bt_cb(skb)->pkt_type != HCI_SCODATA_PKT) {
-                        err = -EINVAL;
-                        goto drop;
-                }
                skb_queue_tail(&hdev->raw_q, skb);
                queue_work(hdev->workqueue, &hdev->tx_work);
        }
author	John W. Linville <linville@tuxdriver.com>	2013-12-18 13:46:08 -0500
committer	John W. Linville <linville@tuxdriver.com>	2013-12-18 13:46:08 -0500
commit	b7e047358449f8eb5cba8197b42280b676b82e54 (patch)
tree	88174a5fa109cb71eee4dd6413e35c7412095769 /net/bluetooth
parent	73f0b56a1ff64e7fb6c3a62088804bab93bcedc2 (diff)
parent	1bc5ad168f441f6f8bfd944288a5f7b4963ac1f6 (diff)