Re: [PATCH v3] bluetooth, bpf: split sk_filter in l2cap_sock_recv_cb

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Jul 27, 2016 at 2:40 PM, Mat Martineau
<mathew.j.martineau@xxxxxxxxxxxxxxx> wrote:
> From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
>
> During an audit for sk_filter(), we found that rx_busy_skb handling
> in l2cap_sock_recv_cb() and l2cap_sock_recvmsg() looks not quite as
> intended.
>
> The assumption from commit e328140fdacb ("Bluetooth: Use event-driven
> approach for handling ERTM receive buffer") is that errors returned
> from sock_queue_rcv_skb() are due to receive buffer shortage. However,
> nothing should prevent doing a setsockopt() with SO_ATTACH_FILTER on
> the socket, that could drop some of the incoming skbs when handled in
> sock_queue_rcv_skb().
>
> In that case sock_queue_rcv_skb() will return with -EPERM, propagated
> from sk_filter() and if in L2CAP_MODE_ERTM mode, wrong assumption was
> that we failed due to receive buffer being full. From that point onwards,
> due to the to-be-dropped skb being held in rx_busy_skb, we cannot make
> any forward progress as rx_busy_skb is never cleared from l2cap_sock_recvmsg(),
> due to the filter drop verdict over and over coming from sk_filter().
> Meanwhile, in l2cap_sock_recv_cb() all new incoming skbs are being
> dropped due to rx_busy_skb being occupied.
>
> Instead, just use __sock_queue_rcv_skb() where an error really tells that
> there's a receive buffer issue. Split the sk_filter() and enable it for
> non-segmented modes at queuing time since at this point in time the skb has
> already been through the ERTM state machine and it has been acked, so dropping
> is not allowed. Instead, for ERTM and streaming mode, call sk_filter() in
> l2cap_data_rcv() so the packet can be dropped before the state machine sees it.
>
> Fixes: e328140fdacb ("Bluetooth: Use event-driven approach for handling ERTM receive buffer")
> Signed-off-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
> Signed-off-by: Mat Martineau <mathew.j.martineau@xxxxxxxxxxxxxxx>
> Cc: Gustavo Padovan <gustavo.padovan@xxxxxxxxxxxxxxx>
> Cc: Willem de Bruijn <willemb@xxxxxxxxxx>
> Cc: Alexei Starovoitov <ast@xxxxxxxxxx>

Acked-by: Willem de Bruijn <willemb@xxxxxxxxxx>
> ---
>
> For v3 I incorporated Willem's feedback regarding ERTM/streaming mode
> consistency and checking for a trimmed SDU length header.
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux