diff options
author | Dominik Sliwa <dominik.sliwa@toradex.com> | 2017-12-22 12:07:34 +0000 |
---|---|---|
committer | Dominik Sliwa <dominik.sliwa@toradex.com> | 2017-12-22 16:46:44 +0100 |
commit | 198e79f0e8f0b24c1e36ab6032d348f40de20262 (patch) | |
tree | d8dd6411978560fd0b6832761b085ac431253389 /net/bluetooth/l2cap_core.c | |
parent | c8beff5117bd4614be26bf28e97b885e8af42a67 (diff) |
backports: bluetooth: Support 4.9 kernelsColibri-iMX7_LXDE-Image_2.8b3.111-20180627Colibri-iMX7_LXDE-Image_2.8b2.97-20180331Colibri-iMX7_LXDE-Image_2.8b1.64-20171229Colibri-iMX6_LXDE-Image_2.8b3.111-20180627Colibri-iMX6_LXDE-Image_2.8b2.97-20180331Colibri-iMX6_LXDE-Image_2.8b1.64-20171229Colibri-iMX6ULL_LXDE-Image_2.8b3.111-20180627Colibri-iMX6ULL_LXDE-Image_2.8b2.97-20180331Colibri-iMX6ULL_LXDE-Image_2.8b1.64-20171229Colibri-VF_LXDE-Image_2.8b3.111-20180626Colibri-VF_LXDE-Image_2.8b2.97-20180331Colibri-VF_LXDE-Image_2.8b1.64-20171229Colibri-T30_LXDE-Image_2.8b3.111-20180627Colibri-T30_LXDE-Image_2.8b2.97-20180331Colibri-T30_LXDE-Image_2.8b1.64-20171229Colibri-T20_LXDE-Image_2.8b3.111-20180626Colibri-T20_LXDE-Image_2.8b2.97-20180331Colibri-T20_LXDE-Image_2.8b1.64-20171229Apalis-iMX6_LXDE-Image_2.8b3.111-20180626Apalis-iMX6_LXDE-Image_2.8b2.97-20180331Apalis-iMX6_LXDE-Image_2.8b1.64-20171229Apalis-TK1_LXDE-Image_2.8b3.111-20180626Apalis-TK1_LXDE-Image_2.8b2.97-20180331Apalis-TK1_LXDE-Image_2.8b1.64-20171229Apalis-TK1-Mainline_LXDE-Image_2.8b3.111-20180627Apalis-TK1-Mainline_LXDE-Image_2.8b2.97-20180331Apalis-TK1-Mainline_LXDE-Image_2.8b1.64-20171229Apalis-T30_LXDE-Image_2.8b3.111-20180626Apalis-T30_LXDE-Image_2.8b2.97-20180331Apalis-T30_LXDE-Image_2.8b1.64-20171229toradex-4.14
Signed-off-by: Dominik Sliwa <dominik.sliwa@toradex.com>
Diffstat (limited to 'net/bluetooth/l2cap_core.c')
-rw-r--r-- | net/bluetooth/l2cap_core.c | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 9800324..a1a9b4c 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -33,7 +33,7 @@ #include <linux/debugfs.h> #include <linux/crc16.h> #include <linux/filter.h> - +#include <linux/uio.h> #include <net/bluetooth/bluetooth.h> #include <net/bluetooth/hci_core.h> #include <net/bluetooth/l2cap.h> @@ -2119,6 +2119,42 @@ static void l2cap_send_ack(struct l2cap_chan *chan) } } +extern void __compiletime_error("copy source size is too small") +__bad_copy_from(void); +extern void __compiletime_error("copy destination size is too small") +__bad_copy_to(void); + +static inline void copy_overflow(int size, unsigned long count) +{ + WARN(1, "Buffer overflow detected (%d < %lu)!\n", size, count); +} + +static __always_inline bool +check_copy_size(const void *addr, size_t bytes, bool is_source) +{ + int sz = __compiletime_object_size(addr); + if (unlikely(sz >= 0 && sz < bytes)) { + if (!__builtin_constant_p(bytes)) + copy_overflow(sz, bytes); + else if (is_source) + __bad_copy_from(); + else + __bad_copy_to(); + return false; + } + check_object_size(addr, bytes, is_source); + return true; +} + +static __always_inline __must_check +bool copy_from_iter_full(void *addr, size_t bytes, struct iov_iter *i) +{ + if (unlikely(!check_copy_size(addr, bytes, false))) + return false; + else + return _copy_from_iter_full(addr, bytes, i); +} + static inline int l2cap_skbuff_fromiovec(struct l2cap_chan *chan, struct msghdr *msg, int len, int count, struct sk_buff *skb) |