Created
April 5, 2024 16:17
-
-
Save Vudentz/c9092e8a3cb1e7e6a8fd384a51300eee to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/include/net/bluetooth/bluetooth.h b/include/net/bluetooth/bluetooth.h | |
| index 1ada4f85e982..63e0b58d2009 100644 | |
| --- a/include/net/bluetooth/bluetooth.h | |
| +++ b/include/net/bluetooth/bluetooth.h | |
| @@ -586,6 +586,15 @@ static inline struct sk_buff *bt_skb_sendmmsg(struct sock *sk, | |
| return skb; | |
| } | |
| +static inline int bt_copy_from_sockptr(void *dst, size_t dst_size, | |
| + sockptr_t src, size_t src_size) | |
| +{ | |
| + if (dst_size > src_size) | |
| + return -EFAULT; | |
| + | |
| + return copy_from_sockptr(dst, src, dst_size); | |
| +} | |
| + | |
| int bt_to_errno(u16 code); | |
| __u8 bt_status(int err); | |
| diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c | |
| index 0dda77e2e52c..fdfeaa82461f 100644 | |
| --- a/net/bluetooth/iso.c | |
| +++ b/net/bluetooth/iso.c | |
| @@ -1514,7 +1514,7 @@ static int iso_sock_setsockopt(struct socket *sock, int level, int optname, | |
| break; | |
| } | |
| - if (copy_from_sockptr(&opt, optval, sizeof(u32))) { | |
| + if (bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen)) { | |
| err = -EFAULT; | |
| break; | |
| } | |
| @@ -1526,7 +1526,7 @@ static int iso_sock_setsockopt(struct socket *sock, int level, int optname, | |
| break; | |
| case BT_PKT_STATUS: | |
| - if (copy_from_sockptr(&opt, optval, sizeof(u32))) { | |
| + if (bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen)) { | |
| err = -EFAULT; | |
| break; | |
| } | |
| @@ -1546,9 +1546,7 @@ static int iso_sock_setsockopt(struct socket *sock, int level, int optname, | |
| break; | |
| } | |
| - len = min_t(unsigned int, sizeof(qos), optlen); | |
| - | |
| - if (copy_from_sockptr(&qos, optval, len)) { | |
| + if (bt_copy_from_sockptr(&qos, sizeof(qos), optval, optlen)) { | |
| err = -EFAULT; | |
| break; | |
| } | |
| @@ -1570,14 +1568,9 @@ static int iso_sock_setsockopt(struct socket *sock, int level, int optname, | |
| break; | |
| } | |
| - if (optlen > sizeof(iso_pi(sk)->base)) { | |
| - err = -EOVERFLOW; | |
| - break; | |
| - } | |
| - | |
| - len = min_t(unsigned int, sizeof(iso_pi(sk)->base), optlen); | |
| - | |
| - if (copy_from_sockptr(iso_pi(sk)->base, optval, len)) { | |
| + if (bt_copy_from_sockptr(iso_pi(sk)->base, | |
| + sizeof(iso_pi(sk)->base), optval, | |
| + optlen)) { | |
| err = -EFAULT; | |
| break; | |
| } | |
| diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c | |
| index 1d63de46b4c3..6f803316a2ed 100644 | |
| --- a/net/bluetooth/l2cap_sock.c | |
| +++ b/net/bluetooth/l2cap_sock.c | |
| @@ -728,7 +728,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, | |
| struct sock *sk = sock->sk; | |
| struct l2cap_chan *chan = l2cap_pi(sk)->chan; | |
| struct l2cap_options opts; | |
| - int len, err = 0; | |
| + int err = 0; | |
| u32 opt; | |
| BT_DBG("sk %p", sk); | |
| @@ -755,8 +755,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, | |
| opts.max_tx = chan->max_tx; | |
| opts.txwin_size = chan->tx_win; | |
| - len = min_t(unsigned int, sizeof(opts), optlen); | |
| - if (copy_from_sockptr(&opts, optval, len)) { | |
| + if (bt_copy_from_sockptr(&opts, sizeof(opts), optval, optlen)) { | |
| err = -EFAULT; | |
| break; | |
| } | |
| @@ -802,7 +801,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, | |
| break; | |
| case L2CAP_LM: | |
| - if (copy_from_sockptr(&opt, optval, sizeof(u32))) { | |
| + if (bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen)) { | |
| err = -EFAULT; | |
| break; | |
| } | |
| @@ -886,7 +885,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, | |
| struct bt_security sec; | |
| struct bt_power pwr; | |
| struct l2cap_conn *conn; | |
| - int len, err = 0; | |
| + int err = 0; | |
| u32 opt; | |
| u16 mtu; | |
| u8 mode; | |
| @@ -912,8 +911,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, | |
| sec.level = BT_SECURITY_LOW; | |
| - len = min_t(unsigned int, sizeof(sec), optlen); | |
| - if (copy_from_sockptr(&sec, optval, len)) { | |
| + if (bt_copy_from_sockptr(&sec, sizeof(sec), optval, optlen)) { | |
| err = -EFAULT; | |
| break; | |
| } | |
| @@ -961,7 +959,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, | |
| break; | |
| } | |
| - if (copy_from_sockptr(&opt, optval, sizeof(u32))) { | |
| + if (bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen)) { | |
| err = -EFAULT; | |
| break; | |
| } | |
| @@ -976,7 +974,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, | |
| break; | |
| case BT_FLUSHABLE: | |
| - if (copy_from_sockptr(&opt, optval, sizeof(u32))) { | |
| + if (bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen)) { | |
| err = -EFAULT; | |
| break; | |
| } | |
| @@ -1011,8 +1009,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, | |
| pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; | |
| - len = min_t(unsigned int, sizeof(pwr), optlen); | |
| - if (copy_from_sockptr(&pwr, optval, len)) { | |
| + if (bt_copy_from_sockptr(&pwr, sizeof(pwr), optval, optlen)) { | |
| err = -EFAULT; | |
| break; | |
| } | |
| @@ -1024,7 +1021,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, | |
| break; | |
| case BT_CHANNEL_POLICY: | |
| - if (copy_from_sockptr(&opt, optval, sizeof(u32))) { | |
| + if (bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen)) { | |
| err = -EFAULT; | |
| break; | |
| } | |
| @@ -1056,7 +1053,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, | |
| break; | |
| } | |
| - if (copy_from_sockptr(&mtu, optval, sizeof(u16))) { | |
| + if (bt_copy_from_sockptr(&mtu, sizeof(mtu), optval, optlen)) { | |
| err = -EFAULT; | |
| break; | |
| } | |
| @@ -1087,7 +1084,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, | |
| break; | |
| } | |
| - if (copy_from_sockptr(&mode, optval, sizeof(u8))) { | |
| + if (bt_copy_from_sockptr(&mode, sizeof(mode), optval, optlen)) { | |
| err = -EFAULT; | |
| break; | |
| } | |
| diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c | |
| index b54e8a530f55..af0735965613 100644 | |
| --- a/net/bluetooth/rfcomm/sock.c | |
| +++ b/net/bluetooth/rfcomm/sock.c | |
| @@ -629,7 +629,7 @@ static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, | |
| switch (optname) { | |
| case RFCOMM_LM: | |
| - if (copy_from_sockptr(&opt, optval, sizeof(u32))) { | |
| + if (bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen)) { | |
| err = -EFAULT; | |
| break; | |
| } | |
| @@ -664,7 +664,6 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, | |
| struct sock *sk = sock->sk; | |
| struct bt_security sec; | |
| int err = 0; | |
| - size_t len; | |
| u32 opt; | |
| BT_DBG("sk %p", sk); | |
| @@ -686,8 +685,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, | |
| sec.level = BT_SECURITY_LOW; | |
| - len = min_t(unsigned int, sizeof(sec), optlen); | |
| - if (copy_from_sockptr(&sec, optval, len)) { | |
| + if (bt_copy_from_sockptr(&sec, sizeof(sec), optval, optlen)) { | |
| err = -EFAULT; | |
| break; | |
| } | |
| @@ -706,7 +704,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, | |
| break; | |
| } | |
| - if (copy_from_sockptr(&opt, optval, sizeof(u32))) { | |
| + if (bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen)) { | |
| err = -EFAULT; | |
| break; | |
| } | |
| diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c | |
| index 99c2b713d826..3774c2636f56 100644 | |
| --- a/net/bluetooth/sco.c | |
| +++ b/net/bluetooth/sco.c | |
| @@ -839,7 +839,7 @@ static int sco_sock_setsockopt(struct socket *sock, int level, int optname, | |
| sockptr_t optval, unsigned int optlen) | |
| { | |
| struct sock *sk = sock->sk; | |
| - int len, err = 0; | |
| + int err = 0; | |
| struct bt_voice voice; | |
| u32 opt; | |
| struct bt_codecs *codecs; | |
| @@ -858,7 +858,7 @@ static int sco_sock_setsockopt(struct socket *sock, int level, int optname, | |
| break; | |
| } | |
| - if (copy_from_sockptr(&opt, optval, sizeof(u32))) { | |
| + if (bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen)) { | |
| err = -EFAULT; | |
| break; | |
| } | |
| @@ -878,8 +878,8 @@ static int sco_sock_setsockopt(struct socket *sock, int level, int optname, | |
| voice.setting = sco_pi(sk)->setting; | |
| - len = min_t(unsigned int, sizeof(voice), optlen); | |
| - if (copy_from_sockptr(&voice, optval, len)) { | |
| + if (bt_copy_from_sockptr(&voice, sizeof(voice), optval, | |
| + optlen)) { | |
| err = -EFAULT; | |
| break; | |
| } | |
| @@ -905,7 +905,7 @@ static int sco_sock_setsockopt(struct socket *sock, int level, int optname, | |
| break; | |
| case BT_PKT_STATUS: | |
| - if (copy_from_sockptr(&opt, optval, sizeof(u32))) { | |
| + if (bt_copy_from_sockptr(&opt, sizeof(opt), optval, optlen)) { | |
| err = -EFAULT; | |
| break; | |
| } | |
| @@ -949,7 +949,7 @@ static int sco_sock_setsockopt(struct socket *sock, int level, int optname, | |
| break; | |
| } | |
| - if (copy_from_sockptr(buffer, optval, optlen)) { | |
| + if (bt_copy_from_sockptr(buffer, optlen, optval, optlen)) { | |
| hci_dev_put(hdev); | |
| err = -EFAULT; | |
| break; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment