Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp1236134pxb; Tue, 1 Feb 2022 23:28:54 -0800 (PST) X-Google-Smtp-Source: ABdhPJyk3rn+FRsl/+2vgvFDWZzI/byWGMwclubV9rgEauuKvMqDE/H6r/EKguUz1Ze36jV0WTuj X-Received: by 2002:a17:903:32c6:: with SMTP id i6mr30144654plr.60.1643786934357; Tue, 01 Feb 2022 23:28:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643786934; cv=none; d=google.com; s=arc-20160816; b=Ag9+WkL/qM/OAHsScA8WNa8ba9xsSgIOJqYwhdA9ByA+gM+bCiZb+N35LdfGzx2pcR oiYTN5O1k3UVjOl/PSX+oSeLXa9scUPr8UZU144CwIjaHdy/7yXVEe5bdCyP64kYcwmX i+H+syICDk8v6xIxQbLpo0Jv2lKQ/QkkQGcKW4VVVdciu+gLS0ePDafqKrNKehoyP3JA BpBTJAgo8dXx/OKFPLkfq2X5EmkJ+h1MarmvE6XLSsEuWZWL9ewLig4WaM+KV3Rv6S5V KqZ1Qvi0jiGkyOyBmf9KwrurDCcRnka9NMPcA0HQrsOYfpFUBre1G2XRTDhGcZaBdoCm QxuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=DI1x5+Wihj4SQ70P5LSVw+8H1DmmobNWAEhS7drOCTA=; b=NMlPigmO5UkeraSfF0vjF2d2dFKGvuQls9gpz7hrhVr+cfbUWNIfCe6VCvqLP7jY68 jDf/PrZr4/FyH3hbnfxtk2UaXetMc3Np6XB2tCsMnab2KLwPe+Dh5mVgei9qgNhVVYYw sFQeyHLliEEwHLM70cW1wdx7H4SKXWF4seSHH05Wr2GmJVKKukLxnRZxoPsHVraH1E/v vUwHF7et+k1MKCyPF6nVDnlZOiqohZkAPhadZmrJPCfrMVHdOajywk4wSxny66j512Bz b/hgqiz0UyWjcBoiAX3nSXdkoX5vG454P2wqZuf7BG9jGyVfsWmDMMVWlcYTZZbAuXqA 8U+g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@semihalf-com.20210112.gappssmtp.com header.s=20210112 header.b=FODfQEB3; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l3si4141407pjk.103.2022.02.01.23.28.23; Tue, 01 Feb 2022 23:28:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@semihalf-com.20210112.gappssmtp.com header.s=20210112 header.b=FODfQEB3; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241961AbiBAShA (ORCPT + 99 others); Tue, 1 Feb 2022 13:37:00 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55016 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241919AbiBAShA (ORCPT ); Tue, 1 Feb 2022 13:37:00 -0500 Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com [IPv6:2a00:1450:4864:20::431]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2765DC06173B for ; Tue, 1 Feb 2022 10:37:00 -0800 (PST) Received: by mail-wr1-x431.google.com with SMTP id l25so33649790wrb.13 for ; Tue, 01 Feb 2022 10:37:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=semihalf-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=DI1x5+Wihj4SQ70P5LSVw+8H1DmmobNWAEhS7drOCTA=; b=FODfQEB3+VrZ5tKcYc+CWcrD2hHYrFmADtl0dJMx5xXMl9RKo6eBF3lT/Sow792Z+Q f8ZlSAACHtERHUoXHY1d2ecJjnB8wS/Q87qex3WylrZWuf1L4j5yHLHcNxaZVAyB4VVm P6FiTB21uMDQPGS7O92SNJ6SXBTeFUVskTYpP0zcPV0blQxwnVptj7/dNOH+EaoFnNyr 79N8tEK+nSLcBIrjROxswMd5MknwJm5re8cehiZwo0Cio2Ty4Q3RhaQEMfGuLH5IXJQ/ riAlhibal7ZCvPd9Yc+vYrN969ElkfpTQPUZNpDBsSUk+pVx4QIFxvJsMjxH9C2pVKn5 FY9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=DI1x5+Wihj4SQ70P5LSVw+8H1DmmobNWAEhS7drOCTA=; b=EQFsnrVfs6a+t7ODUseBav5qFchNkdE3S61951C2dYaD6bSBGGRXDkhXqmX3Ib4Hb2 Ldjl2h83jKUsBItQF1Noen/PJRb9NhH1yeShNWJRcmM+f/ONPZ9m0KtQPgL4p7XsRgKN 10MyGQKERLA/mUICxbEdTF46pgAeXlIMfp3R29JRQMTgoKNWyHtBFXQKZrmKyIdb5UcW EUDJoYFxZVo0L4JEOuRlLR/en2c837d1wLb/uErHCNYPCgJXtFRj44GY1s6+cUzlsFIr rWKbqkfIVd5H2Wxs3q8zZf7TfWNQk5XQez4vRqKz9OpoQZ1AwdH+NlgY/Lek9yvBefHL pA/A== X-Gm-Message-State: AOAM530XXF5onASNLK2N9+LPEkBD6HrZIgey12ZZZ8gJJqnzX4fgvybR 8S081MavO4Od60YeiHavODZMd2Lj62cSjMj2XyJgZA== X-Received: by 2002:adf:f1c7:: with SMTP id z7mr13384515wro.198.1643740618703; Tue, 01 Feb 2022 10:36:58 -0800 (PST) MIME-Version: 1.0 References: <20220113150846.1570738-1-rad@semihalf.ocm> In-Reply-To: From: =?UTF-8?Q?Rados=C5=82aw_Biernacki?= Date: Tue, 1 Feb 2022 19:36:50 +0100 Message-ID: Subject: Re: [PATCH] Bluetooth: Fix skb allocation in mgmt_remote_name() To: Luiz Augusto von Dentz Cc: linux-bluetooth , Marcel Holtmann , CrosBT Upstreaming , Archie Pusaka , Miao-chen Chou , Jakub Kicinski , Johan Hedberg , Linux Kernel Mailing List , "open list:NETWORKING [GENERAL]" , upstream@semihalf.com, Angela Czubak , Marek Maslanka Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hey Luiz. Sorry for keeping you waiting. I will send it today. pon., 31 sty 2022 o 19:47 Luiz Augusto von Dentz napisa=C5=82(a): > > Hi Rados=C5=82aw, > > On Thu, Jan 13, 2022 at 2:23 PM Luiz Augusto von Dentz > wrote: > > > > Hi Rados=C5=82aw, > > > > On Thu, Jan 13, 2022 at 2:07 PM Rados=C5=82aw Biernacki wrote: > > > > > > Hi Luiz, > > > > > > czw., 13 sty 2022 o 17:17 Luiz Augusto von Dentz > > > napisa=C5=82(a): > > > > > > > > Hi Radoslaw, > > > > > > > > On Thu, Jan 13, 2022 at 7:09 AM Radoslaw Biernacki wrote: > > > > > > > > > > From: Radoslaw Biernacki > > > > > > > > > > This patch fixes skb allocation, as lack of space for ev might pu= sh skb > > > > > tail beyond its end. > > > > > Also introduce eir_precalc_len() that can be used instead of magi= c > > > > > numbers for similar eir operations on skb. > > > > > > > > > > Fixes: cf1bce1de7eeb ("Bluetooth: mgmt: Make use of mgmt_send_eve= nt_skb in MGMT_EV_DEVICE_FOUND") > > > > > Signed-off-by: Angela Czubak > > > > > Signed-off-by: Marek Maslanka > > > > > Signed-off-by: Radoslaw Biernacki > > > > > --- > > > > > net/bluetooth/eir.h | 5 +++++ > > > > > net/bluetooth/mgmt.c | 12 ++++-------- > > > > > 2 files changed, 9 insertions(+), 8 deletions(-) > > > > > > > > > > diff --git a/net/bluetooth/eir.h b/net/bluetooth/eir.h > > > > > index 05e2e917fc25..e5876751f07e 100644 > > > > > --- a/net/bluetooth/eir.h > > > > > +++ b/net/bluetooth/eir.h > > > > > @@ -15,6 +15,11 @@ u8 eir_create_scan_rsp(struct hci_dev *hdev, u= 8 instance, u8 *ptr); > > > > > u8 eir_append_local_name(struct hci_dev *hdev, u8 *eir, u8 ad_le= n); > > > > > u8 eir_append_appearance(struct hci_dev *hdev, u8 *ptr, u8 ad_le= n); > > > > > > > > > > +static inline u16 eir_precalc_len(u8 data_len) > > > > > +{ > > > > > + return sizeof(u8) * 2 + data_len; > > > > > +} > > > > > + > > > > > static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, > > > > > u8 *data, u8 data_len) > > > > > { > > > > > diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c > > > > > index 37087cf7dc5a..d517fd847730 100644 > > > > > --- a/net/bluetooth/mgmt.c > > > > > +++ b/net/bluetooth/mgmt.c > > > > > @@ -9680,13 +9680,11 @@ void mgmt_remote_name(struct hci_dev *hde= v, bdaddr_t *bdaddr, u8 link_type, > > > > > { > > > > > struct sk_buff *skb; > > > > > struct mgmt_ev_device_found *ev; > > > > > - u16 eir_len; > > > > > - u32 flags; > > > > > + u16 eir_len =3D 0; > > > > > + u32 flags =3D 0; > > > > > > > > > > - if (name_len) > > > > > - skb =3D mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND= , 2 + name_len); > > > > > - else > > > > > - skb =3D mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND= , 0); > > > > > + skb =3D mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND, > > > > > + sizeof(*ev) + (name ? eir_precalc_le= n(name_len) : 0)); > > > > > > > > Looks like mgmt_device_connected also has a similar problem. > > > > > > Yes, I was planning to send a patch to this one though it will not be= as slick. > > > It would be nice to have a helper which will call skb_put() and add > > > eir data at once. > > > Basically skb operation in pair to, what eir_append_data() does with > > > help of eir_len but without awkwardness when passing return value to > > > skb_put() (as it returns offset not size). > > > > Hmm, that might be a good idea indeed something like eir_append_skb, > > if only we could grow the skb with skb_put directly that would > > eliminate the problem with having to reserve enough space for the > > worse case. > > > > > I will send V2 with two patches. I hope they will align with your > > > original goal of eliminating the necessity of intermediary buffers at > > > some point in future. > > Are you still planning to send the v2? > > > > > > > > > > ev =3D skb_put(skb, sizeof(*ev)); > > > > > bacpy(&ev->addr.bdaddr, bdaddr); > > > > > @@ -9696,10 +9694,8 @@ void mgmt_remote_name(struct hci_dev *hdev= , bdaddr_t *bdaddr, u8 link_type, > > > > > if (name) { > > > > > eir_len =3D eir_append_data(ev->eir, 0, EIR_NAME_= COMPLETE, name, > > > > > name_len); > > > > > - flags =3D 0; > > > > > skb_put(skb, eir_len); > > > > > } else { > > > > > - eir_len =3D 0; > > > > > flags =3D MGMT_DEV_FOUND_NAME_REQUEST_FAILED; > > > > > } > > > > > > > > These changes would leave flags and eir_len uninitialized. > > > > > > Both are initialized to 0 by this patch. > > > > Sorry, I must be blind that I didn't see you had changed that to be > > initialized in their declaration. > > > > > > > > > > > -- > > > > > 2.34.1.703.g22d0c6ccf7-goog > > > > > > > > > > > > > > > > > -- > > > > Luiz Augusto von Dentz > > > > > > > > -- > > Luiz Augusto von Dentz > > > > -- > Luiz Augusto von Dentz