diff options
| author | Marcel Holtmann <marcel@holtmann.org> | 2016-08-29 23:00:40 -0400 |
|---|---|---|
| committer | Marcel Holtmann <marcel@holtmann.org> | 2016-09-19 14:19:34 -0400 |
| commit | f4cdbb3f25c15c17a952deae1f2e0db6df8f1948 (patch) | |
| tree | bf10e260f0f461bf4f74fc9e2e8371a444cb33a6 /net/bluetooth | |
| parent | f81f5b2db8692ff1d2d5f4db1fde58e67aa976a3 (diff) | |
Bluetooth: Handle HCI raw socket transition from unbound to bound
In case an unbound HCI raw socket is later on bound, ensure that the
monitor notification messages indicate a close and re-open. None of
the userspace tools use the socket this, but it is actually possible
to use an ioctl on an unbound socket and then later bind it.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Diffstat (limited to 'net/bluetooth')
| -rw-r--r-- | net/bluetooth/hci_sock.c | 53 |
1 files changed, 36 insertions, 17 deletions
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c index c7772436f508..83e9fdb712e5 100644 --- a/net/bluetooth/hci_sock.c +++ b/net/bluetooth/hci_sock.c | |||
| @@ -1049,6 +1049,7 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, | |||
| 1049 | struct sockaddr_hci haddr; | 1049 | struct sockaddr_hci haddr; |
| 1050 | struct sock *sk = sock->sk; | 1050 | struct sock *sk = sock->sk; |
| 1051 | struct hci_dev *hdev = NULL; | 1051 | struct hci_dev *hdev = NULL; |
| 1052 | struct sk_buff *skb; | ||
| 1052 | int len, err = 0; | 1053 | int len, err = 0; |
| 1053 | 1054 | ||
| 1054 | BT_DBG("sock %p sk %p", sock, sk); | 1055 | BT_DBG("sock %p sk %p", sock, sk); |
| @@ -1088,27 +1089,34 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, | |||
| 1088 | } | 1089 | } |
| 1089 | 1090 | ||
| 1090 | hci_pi(sk)->channel = haddr.hci_channel; | 1091 | hci_pi(sk)->channel = haddr.hci_channel; |
| 1091 | hci_pi(sk)->hdev = hdev; | ||
| 1092 | |||
| 1093 | /* Only send the event to monitor when a new cookie has | ||
| 1094 | * been generated. An existing cookie means that an unbound | ||
| 1095 | * socket has seen an ioctl and that triggered the cookie | ||
| 1096 | * generation and sending of the monitor event. | ||
| 1097 | */ | ||
| 1098 | if (hci_sock_gen_cookie(sk)) { | ||
| 1099 | struct sk_buff *skb; | ||
| 1100 | |||
| 1101 | if (capable(CAP_NET_ADMIN)) | ||
| 1102 | hci_sock_set_flag(sk, HCI_SOCK_TRUSTED); | ||
| 1103 | 1092 | ||
| 1104 | /* Send event to monitor */ | 1093 | if (!hci_sock_gen_cookie(sk)) { |
| 1105 | skb = create_monitor_ctrl_open(sk); | 1094 | /* In the case when a cookie has already been assigned, |
| 1095 | * then there has been already an ioctl issued against | ||
| 1096 | * an unbound socket and with that triggerd an open | ||
| 1097 | * notification. Send a close notification first to | ||
| 1098 | * allow the state transition to bounded. | ||
| 1099 | */ | ||
| 1100 | skb = create_monitor_ctrl_close(sk); | ||
| 1106 | if (skb) { | 1101 | if (skb) { |
| 1107 | hci_send_to_channel(HCI_CHANNEL_MONITOR, skb, | 1102 | hci_send_to_channel(HCI_CHANNEL_MONITOR, skb, |
| 1108 | HCI_SOCK_TRUSTED, NULL); | 1103 | HCI_SOCK_TRUSTED, NULL); |
| 1109 | kfree_skb(skb); | 1104 | kfree_skb(skb); |
| 1110 | } | 1105 | } |
| 1111 | } | 1106 | } |
| 1107 | |||
| 1108 | if (capable(CAP_NET_ADMIN)) | ||
| 1109 | hci_sock_set_flag(sk, HCI_SOCK_TRUSTED); | ||
| 1110 | |||
| 1111 | hci_pi(sk)->hdev = hdev; | ||
| 1112 | |||
| 1113 | /* Send event to monitor */ | ||
| 1114 | skb = create_monitor_ctrl_open(sk); | ||
| 1115 | if (skb) { | ||
| 1116 | hci_send_to_channel(HCI_CHANNEL_MONITOR, skb, | ||
| 1117 | HCI_SOCK_TRUSTED, NULL); | ||
| 1118 | kfree_skb(skb); | ||
| 1119 | } | ||
| 1112 | break; | 1120 | break; |
| 1113 | 1121 | ||
| 1114 | case HCI_CHANNEL_USER: | 1122 | case HCI_CHANNEL_USER: |
| @@ -1251,9 +1259,20 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, | |||
| 1251 | * are changes to settings, class of device, name etc. | 1259 | * are changes to settings, class of device, name etc. |
| 1252 | */ | 1260 | */ |
| 1253 | if (hci_pi(sk)->channel == HCI_CHANNEL_CONTROL) { | 1261 | if (hci_pi(sk)->channel == HCI_CHANNEL_CONTROL) { |
| 1254 | struct sk_buff *skb; | 1262 | if (!hci_sock_gen_cookie(sk)) { |
| 1255 | 1263 | /* In the case when a cookie has already been | |
| 1256 | hci_sock_gen_cookie(sk); | 1264 | * assigned, this socket will transtion from |
| 1265 | * a raw socket into a control socket. To | ||
| 1266 | * allow for a clean transtion, send the | ||
| 1267 | * close notification first. | ||
| 1268 | */ | ||
| 1269 | skb = create_monitor_ctrl_close(sk); | ||
| 1270 | if (skb) { | ||
| 1271 | hci_send_to_channel(HCI_CHANNEL_MONITOR, skb, | ||
| 1272 | HCI_SOCK_TRUSTED, NULL); | ||
| 1273 | kfree_skb(skb); | ||
| 1274 | } | ||
| 1275 | } | ||
| 1257 | 1276 | ||
| 1258 | /* Send event to monitor */ | 1277 | /* Send event to monitor */ |
| 1259 | skb = create_monitor_ctrl_open(sk); | 1278 | skb = create_monitor_ctrl_open(sk); |