aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth/hci_sock.c
diff options
context:
space:
mode:
authorJohn W. Linville <linville@tuxdriver.com>2013-12-18 13:46:08 -0500
committerJohn W. Linville <linville@tuxdriver.com>2013-12-18 13:46:08 -0500
commitb7e047358449f8eb5cba8197b42280b676b82e54 (patch)
tree88174a5fa109cb71eee4dd6413e35c7412095769 /net/bluetooth/hci_sock.c
parent73f0b56a1ff64e7fb6c3a62088804bab93bcedc2 (diff)
parent1bc5ad168f441f6f8bfd944288a5f7b4963ac1f6 (diff)
Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth
Diffstat (limited to 'net/bluetooth/hci_sock.c')
-rw-r--r--net/bluetooth/hci_sock.c26
1 files changed, 16 insertions, 10 deletions
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 6a6c8bb4fd72..7552f9e3089c 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -940,8 +940,22 @@ static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
940 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data); 940 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
941 skb_pull(skb, 1); 941 skb_pull(skb, 1);
942 942
943 if (hci_pi(sk)->channel == HCI_CHANNEL_RAW && 943 if (hci_pi(sk)->channel == HCI_CHANNEL_USER) {
944 bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) { 944 /* No permission check is needed for user channel
945 * since that gets enforced when binding the socket.
946 *
947 * However check that the packet type is valid.
948 */
949 if (bt_cb(skb)->pkt_type != HCI_COMMAND_PKT &&
950 bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT &&
951 bt_cb(skb)->pkt_type != HCI_SCODATA_PKT) {
952 err = -EINVAL;
953 goto drop;
954 }
955
956 skb_queue_tail(&hdev->raw_q, skb);
957 queue_work(hdev->workqueue, &hdev->tx_work);
958 } else if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
945 u16 opcode = get_unaligned_le16(skb->data); 959 u16 opcode = get_unaligned_le16(skb->data);
946 u16 ogf = hci_opcode_ogf(opcode); 960 u16 ogf = hci_opcode_ogf(opcode);
947 u16 ocf = hci_opcode_ocf(opcode); 961 u16 ocf = hci_opcode_ocf(opcode);
@@ -972,14 +986,6 @@ static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
972 goto drop; 986 goto drop;
973 } 987 }
974 988
975 if (hci_pi(sk)->channel == HCI_CHANNEL_USER &&
976 bt_cb(skb)->pkt_type != HCI_COMMAND_PKT &&
977 bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT &&
978 bt_cb(skb)->pkt_type != HCI_SCODATA_PKT) {
979 err = -EINVAL;
980 goto drop;
981 }
982
983 skb_queue_tail(&hdev->raw_q, skb); 989 skb_queue_tail(&hdev->raw_q, skb);
984 queue_work(hdev->workqueue, &hdev->tx_work); 990 queue_work(hdev->workqueue, &hdev->tx_work);
985 } 991 }