Bluetooth: Handle HCI raw socket transition from unbound to bound
In case an unbound HCI raw socket is later on bound, ensure that the monitor notification messages indicate a close and re-open. None of the userspace tools use the socket this, but it is actually possible to use an ioctl on an unbound socket and then later bind it. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This commit is contained in:
parent
f81f5b2db8
commit
f4cdbb3f25
|
@ -1049,6 +1049,7 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
|
||||||
struct sockaddr_hci haddr;
|
struct sockaddr_hci haddr;
|
||||||
struct sock *sk = sock->sk;
|
struct sock *sk = sock->sk;
|
||||||
struct hci_dev *hdev = NULL;
|
struct hci_dev *hdev = NULL;
|
||||||
|
struct sk_buff *skb;
|
||||||
int len, err = 0;
|
int len, err = 0;
|
||||||
|
|
||||||
BT_DBG("sock %p sk %p", sock, sk);
|
BT_DBG("sock %p sk %p", sock, sk);
|
||||||
|
@ -1088,27 +1089,34 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
|
||||||
}
|
}
|
||||||
|
|
||||||
hci_pi(sk)->channel = haddr.hci_channel;
|
hci_pi(sk)->channel = haddr.hci_channel;
|
||||||
hci_pi(sk)->hdev = hdev;
|
|
||||||
|
|
||||||
/* Only send the event to monitor when a new cookie has
|
if (!hci_sock_gen_cookie(sk)) {
|
||||||
* been generated. An existing cookie means that an unbound
|
/* In the case when a cookie has already been assigned,
|
||||||
* socket has seen an ioctl and that triggered the cookie
|
* then there has been already an ioctl issued against
|
||||||
* generation and sending of the monitor event.
|
* an unbound socket and with that triggerd an open
|
||||||
*/
|
* notification. Send a close notification first to
|
||||||
if (hci_sock_gen_cookie(sk)) {
|
* allow the state transition to bounded.
|
||||||
struct sk_buff *skb;
|
*/
|
||||||
|
skb = create_monitor_ctrl_close(sk);
|
||||||
if (capable(CAP_NET_ADMIN))
|
|
||||||
hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
|
|
||||||
|
|
||||||
/* Send event to monitor */
|
|
||||||
skb = create_monitor_ctrl_open(sk);
|
|
||||||
if (skb) {
|
if (skb) {
|
||||||
hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
|
hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
|
||||||
HCI_SOCK_TRUSTED, NULL);
|
HCI_SOCK_TRUSTED, NULL);
|
||||||
kfree_skb(skb);
|
kfree_skb(skb);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (capable(CAP_NET_ADMIN))
|
||||||
|
hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
|
||||||
|
|
||||||
|
hci_pi(sk)->hdev = hdev;
|
||||||
|
|
||||||
|
/* Send event to monitor */
|
||||||
|
skb = create_monitor_ctrl_open(sk);
|
||||||
|
if (skb) {
|
||||||
|
hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
|
||||||
|
HCI_SOCK_TRUSTED, NULL);
|
||||||
|
kfree_skb(skb);
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case HCI_CHANNEL_USER:
|
case HCI_CHANNEL_USER:
|
||||||
|
@ -1251,9 +1259,20 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
|
||||||
* are changes to settings, class of device, name etc.
|
* are changes to settings, class of device, name etc.
|
||||||
*/
|
*/
|
||||||
if (hci_pi(sk)->channel == HCI_CHANNEL_CONTROL) {
|
if (hci_pi(sk)->channel == HCI_CHANNEL_CONTROL) {
|
||||||
struct sk_buff *skb;
|
if (!hci_sock_gen_cookie(sk)) {
|
||||||
|
/* In the case when a cookie has already been
|
||||||
hci_sock_gen_cookie(sk);
|
* assigned, this socket will transtion from
|
||||||
|
* a raw socket into a control socket. To
|
||||||
|
* allow for a clean transtion, send the
|
||||||
|
* close notification first.
|
||||||
|
*/
|
||||||
|
skb = create_monitor_ctrl_close(sk);
|
||||||
|
if (skb) {
|
||||||
|
hci_send_to_channel(HCI_CHANNEL_MONITOR, skb,
|
||||||
|
HCI_SOCK_TRUSTED, NULL);
|
||||||
|
kfree_skb(skb);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* Send event to monitor */
|
/* Send event to monitor */
|
||||||
skb = create_monitor_ctrl_open(sk);
|
skb = create_monitor_ctrl_open(sk);
|
||||||
|
|
Loading…
Reference in New Issue