[PATCH 1/2] af_bluetooth: Fix recvmsg return value

linux-bluetooth.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 1/2] af_bluetooth: Fix recvmsg return value
@ 2016-06-27 16:01 Denis Kenzior
  2016-06-27 16:01 ` [PATCH 2/2] hci_sock: " Denis Kenzior
  2016-07-04 18:10 ` [PATCH 1/2] af_bluetooth: " Marcel Holtmann
  0 siblings, 2 replies; 4+ messages in thread
From: Denis Kenzior @ 2016-06-27 16:01 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: Denis Kenzior

If recvmsg is called with a destination buffer that is too small to
receive the contents of skb in its entirety, the return value from
recvmsg was inconsistent with common SOCK_SEQPACKET or SOCK_DGRAM
semantics.

If destination buffer provided by userspace is too small (e.g. len <
copied), then MSG_TRUNC flag is set and copied is returned.  Instead, it
should return the length of the message, which is consistent with how
other datagram based sockets act.  Quoting 'man recv':

"All  three calls return the length of the message on successful comple‐
tion.  If a message is too long to fit in the supplied  buffer,  excess
bytes  may  be discarded depending on the type of socket the message is
received from."

and

"MSG_TRUNC (since Linux 2.2)

    For   raw   (AF_PACKET),   Internet   datagram   (since    Linux
    2.4.27/2.6.8),  netlink  (since Linux 2.6.22), and UNIX datagram
    (since Linux 3.4) sockets: return the real length of the packet
    or datagram, even when it was longer than the passed buffer."

Signed-off-by: Denis Kenzior <denkenz@gmail.com>
---
 net/bluetooth/af_bluetooth.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index 955eda9..eab6f62 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -215,6 +215,7 @@ int bt_sock_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
 	struct sock *sk = sock->sk;
 	struct sk_buff *skb;
 	size_t copied;
+	size_t skblen;
 	int err;
 
 	BT_DBG("sock %p sk %p len %zu", sock, sk, len);
@@ -230,6 +231,7 @@ int bt_sock_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
 		return err;
 	}
 
+	skblen = skb->len;
 	copied = skb->len;
 	if (len < copied) {
 		msg->msg_flags |= MSG_TRUNC;
@@ -248,6 +250,9 @@ int bt_sock_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
 
 	skb_free_datagram(sk, skb);
 
+	if (msg->msg_flags & MSG_TRUNC)
+		copied = skblen;
+
 	return err ? : copied;
 }
 EXPORT_SYMBOL(bt_sock_recvmsg);
-- 
2.4.10


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [PATCH 2/2] hci_sock: Fix recvmsg return value
  2016-06-27 16:01 [PATCH 1/2] af_bluetooth: Fix recvmsg return value Denis Kenzior
@ 2016-06-27 16:01 ` Denis Kenzior
  2016-07-04 18:10   ` Marcel Holtmann
  2016-07-04 18:10 ` [PATCH 1/2] af_bluetooth: " Marcel Holtmann
  1 sibling, 1 reply; 4+ messages in thread
From: Denis Kenzior @ 2016-06-27 16:01 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: Denis Kenzior

If recvmsg is called with a destination buffer that is too small to
receive the contents of skb in its entirety, the return value from
recvmsg was inconsistent with common SOCK_SEQPACKET or SOCK_DGRAM
semantics.

If destination buffer provided by userspace is too small (e.g. len <
copied), then MSG_TRUNC flag is set and copied is returned.  Instead, it
should return the length of the message, which is consistent with how
other datagram based sockets act.  Quoting 'man recv':

"All  three calls return the length of the message on successful comple‐
tion.  If a message is too long to fit in the supplied  buffer,  excess
bytes  may  be discarded depending on the type of socket the message is
received from."

and

"MSG_TRUNC (since Linux 2.2)

    For   raw   (AF_PACKET),   Internet   datagram   (since    Linux
    2.4.27/2.6.8),  netlink  (since Linux 2.6.22), and UNIX datagram
    (since Linux 3.4) sockets: return the real length of the packet
    or datagram, even when it was longer than the passed buffer."

Signed-off-by: Denis Kenzior <denkenz@gmail.com>
---
 net/bluetooth/hci_sock.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 1298d72..12e9294 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -1048,6 +1048,7 @@ static int hci_sock_recvmsg(struct socket *sock, struct msghdr *msg,
 	struct sock *sk = sock->sk;
 	struct sk_buff *skb;
 	int copied, err;
+	unsigned int skblen;
 
 	BT_DBG("sock %p, sk %p", sock, sk);
 
@@ -1064,6 +1065,7 @@ static int hci_sock_recvmsg(struct socket *sock, struct msghdr *msg,
 	if (!skb)
 		return err;
 
+	skblen = skb->len;
 	copied = skb->len;
 	if (len < copied) {
 		msg->msg_flags |= MSG_TRUNC;
@@ -1089,6 +1091,9 @@ static int hci_sock_recvmsg(struct socket *sock, struct msghdr *msg,
 
 	skb_free_datagram(sk, skb);
 
+	if (msg->msg_flags & MSG_TRUNC)
+		copied = skblen;
+
 	return err ? : copied;
 }
 
-- 
2.4.10


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH 1/2] af_bluetooth: Fix recvmsg return value
  2016-06-27 16:01 [PATCH 1/2] af_bluetooth: Fix recvmsg return value Denis Kenzior
  2016-06-27 16:01 ` [PATCH 2/2] hci_sock: " Denis Kenzior
@ 2016-07-04 18:10 ` Marcel Holtmann
  1 sibling, 0 replies; 4+ messages in thread
From: Marcel Holtmann @ 2016-07-04 18:10 UTC (permalink / raw)
  To: Denis Kenzior; +Cc: linux-bluetooth

Hi Denis,

> If recvmsg is called with a destination buffer that is too small to
> receive the contents of skb in its entirety, the return value from
> recvmsg was inconsistent with common SOCK_SEQPACKET or SOCK_DGRAM
> semantics.
> 
> If destination buffer provided by userspace is too small (e.g. len <
> copied), then MSG_TRUNC flag is set and copied is returned.  Instead, it
> should return the length of the message, which is consistent with how
> other datagram based sockets act.  Quoting 'man recv':
> 
> "All  three calls return the length of the message on successful comple‐
> tion.  If a message is too long to fit in the supplied  buffer,  excess
> bytes  may  be discarded depending on the type of socket the message is
> received from."
> 
> and
> 
> "MSG_TRUNC (since Linux 2.2)
> 
>    For   raw   (AF_PACKET),   Internet   datagram   (since    Linux
>    2.4.27/2.6.8),  netlink  (since Linux 2.6.22), and UNIX datagram
>    (since Linux 3.4) sockets: return the real length of the packet
>    or datagram, even when it was longer than the passed buffer."
> 
> Signed-off-by: Denis Kenzior <denkenz@gmail.com>
> ---
> net/bluetooth/af_bluetooth.c | 5 +++++
> 1 file changed, 5 insertions(+)

patch has been applied to bluetooth-next tree.

Regards

Marcel


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH 2/2] hci_sock: Fix recvmsg return value
  2016-06-27 16:01 ` [PATCH 2/2] hci_sock: " Denis Kenzior
@ 2016-07-04 18:10   ` Marcel Holtmann
  0 siblings, 0 replies; 4+ messages in thread
From: Marcel Holtmann @ 2016-07-04 18:10 UTC (permalink / raw)
  To: Denis Kenzior; +Cc: linux-bluetooth

Hi Denis,

> If recvmsg is called with a destination buffer that is too small to
> receive the contents of skb in its entirety, the return value from
> recvmsg was inconsistent with common SOCK_SEQPACKET or SOCK_DGRAM
> semantics.
> 
> If destination buffer provided by userspace is too small (e.g. len <
> copied), then MSG_TRUNC flag is set and copied is returned.  Instead, it
> should return the length of the message, which is consistent with how
> other datagram based sockets act.  Quoting 'man recv':
> 
> "All  three calls return the length of the message on successful comple‐
> tion.  If a message is too long to fit in the supplied  buffer,  excess
> bytes  may  be discarded depending on the type of socket the message is
> received from."
> 
> and
> 
> "MSG_TRUNC (since Linux 2.2)
> 
>    For   raw   (AF_PACKET),   Internet   datagram   (since    Linux
>    2.4.27/2.6.8),  netlink  (since Linux 2.6.22), and UNIX datagram
>    (since Linux 3.4) sockets: return the real length of the packet
>    or datagram, even when it was longer than the passed buffer."
> 
> Signed-off-by: Denis Kenzior <denkenz@gmail.com>
> ---
> net/bluetooth/hci_sock.c | 5 +++++
> 1 file changed, 5 insertions(+)

patch has been applied to bluetooth-next tree.

Regards

Marcel


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2016-07-04 18:10 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-06-27 16:01 [PATCH 1/2] af_bluetooth: Fix recvmsg return value Denis Kenzior
2016-06-27 16:01 ` [PATCH 2/2] hci_sock: " Denis Kenzior
2016-07-04 18:10   ` Marcel Holtmann
2016-07-04 18:10 ` [PATCH 1/2] af_bluetooth: " Marcel Holtmann

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).