mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-15 01:24:33 +00:00
8f7dfe171c
This is an effort to get rid of all multiplications from allocation functions in order to prevent integer overflows [1][2]. As the "dl" variable is a pointer to "struct hci_dev_list_req" and this structure ends in a flexible array: struct hci_dev_list_req { [...] struct hci_dev_req dev_req[]; /* hci_dev_req structures */ }; the preferred way in the kernel is to use the struct_size() helper to do the arithmetic instead of the calculation "size + count * size" in the kzalloc() and copy_to_user() functions. At the same time, prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). In this case, it is important to note that the logic needs a little refactoring to ensure that the "dev_num" member is initialized before the first access to the flex array. Specifically, add the assignment before the list_for_each_entry() loop. Also remove the "size" variable as it is no longer needed. This way, the code is more readable and safer. This code was detected with the help of Coccinelle, and audited and modified manually. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#open-coded-arithmetic-in-allocator-arguments [1] Link: https://github.com/KSPP/linux/issues/160 [2] Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Erick Archer <erick.archer@outlook.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
177 lines
3.9 KiB
C
177 lines
3.9 KiB
C
/*
|
|
BlueZ - Bluetooth protocol stack for Linux
|
|
Copyright (C) 2000-2001 Qualcomm Incorporated
|
|
|
|
Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License version 2 as
|
|
published by the Free Software Foundation;
|
|
|
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
|
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
|
|
IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
|
|
CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
|
|
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
|
|
ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
|
|
COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
|
|
SOFTWARE IS DISCLAIMED.
|
|
*/
|
|
|
|
#ifndef __HCI_SOCK_H
|
|
#define __HCI_SOCK_H
|
|
|
|
/* Socket options */
|
|
#define HCI_DATA_DIR 1
|
|
#define HCI_FILTER 2
|
|
#define HCI_TIME_STAMP 3
|
|
|
|
/* CMSG flags */
|
|
#define HCI_CMSG_DIR 0x01
|
|
#define HCI_CMSG_TSTAMP 0x02
|
|
|
|
struct sockaddr_hci {
|
|
sa_family_t hci_family;
|
|
unsigned short hci_dev;
|
|
unsigned short hci_channel;
|
|
};
|
|
#define HCI_DEV_NONE 0xffff
|
|
|
|
#define HCI_CHANNEL_RAW 0
|
|
#define HCI_CHANNEL_USER 1
|
|
#define HCI_CHANNEL_MONITOR 2
|
|
#define HCI_CHANNEL_CONTROL 3
|
|
#define HCI_CHANNEL_LOGGING 4
|
|
|
|
struct hci_filter {
|
|
unsigned long type_mask;
|
|
unsigned long event_mask[2];
|
|
__le16 opcode;
|
|
};
|
|
|
|
struct hci_ufilter {
|
|
__u32 type_mask;
|
|
__u32 event_mask[2];
|
|
__le16 opcode;
|
|
};
|
|
|
|
#define HCI_FLT_TYPE_BITS 31
|
|
#define HCI_FLT_EVENT_BITS 63
|
|
#define HCI_FLT_OGF_BITS 63
|
|
#define HCI_FLT_OCF_BITS 127
|
|
|
|
/* Ioctl defines */
|
|
#define HCIDEVUP _IOW('H', 201, int)
|
|
#define HCIDEVDOWN _IOW('H', 202, int)
|
|
#define HCIDEVRESET _IOW('H', 203, int)
|
|
#define HCIDEVRESTAT _IOW('H', 204, int)
|
|
|
|
#define HCIGETDEVLIST _IOR('H', 210, int)
|
|
#define HCIGETDEVINFO _IOR('H', 211, int)
|
|
#define HCIGETCONNLIST _IOR('H', 212, int)
|
|
#define HCIGETCONNINFO _IOR('H', 213, int)
|
|
#define HCIGETAUTHINFO _IOR('H', 215, int)
|
|
|
|
#define HCISETRAW _IOW('H', 220, int)
|
|
#define HCISETSCAN _IOW('H', 221, int)
|
|
#define HCISETAUTH _IOW('H', 222, int)
|
|
#define HCISETENCRYPT _IOW('H', 223, int)
|
|
#define HCISETPTYPE _IOW('H', 224, int)
|
|
#define HCISETLINKPOL _IOW('H', 225, int)
|
|
#define HCISETLINKMODE _IOW('H', 226, int)
|
|
#define HCISETACLMTU _IOW('H', 227, int)
|
|
#define HCISETSCOMTU _IOW('H', 228, int)
|
|
|
|
#define HCIBLOCKADDR _IOW('H', 230, int)
|
|
#define HCIUNBLOCKADDR _IOW('H', 231, int)
|
|
|
|
#define HCIINQUIRY _IOR('H', 240, int)
|
|
|
|
/* Ioctl requests structures */
|
|
struct hci_dev_stats {
|
|
__u32 err_rx;
|
|
__u32 err_tx;
|
|
__u32 cmd_tx;
|
|
__u32 evt_rx;
|
|
__u32 acl_tx;
|
|
__u32 acl_rx;
|
|
__u32 sco_tx;
|
|
__u32 sco_rx;
|
|
__u32 byte_rx;
|
|
__u32 byte_tx;
|
|
};
|
|
|
|
struct hci_dev_info {
|
|
__u16 dev_id;
|
|
char name[8];
|
|
|
|
bdaddr_t bdaddr;
|
|
|
|
__u32 flags;
|
|
__u8 type;
|
|
|
|
__u8 features[8];
|
|
|
|
__u32 pkt_type;
|
|
__u32 link_policy;
|
|
__u32 link_mode;
|
|
|
|
__u16 acl_mtu;
|
|
__u16 acl_pkts;
|
|
__u16 sco_mtu;
|
|
__u16 sco_pkts;
|
|
|
|
struct hci_dev_stats stat;
|
|
};
|
|
|
|
struct hci_conn_info {
|
|
__u16 handle;
|
|
bdaddr_t bdaddr;
|
|
__u8 type;
|
|
__u8 out;
|
|
__u16 state;
|
|
__u32 link_mode;
|
|
};
|
|
|
|
struct hci_dev_req {
|
|
__u16 dev_id;
|
|
__u32 dev_opt;
|
|
};
|
|
|
|
struct hci_dev_list_req {
|
|
__u16 dev_num;
|
|
struct hci_dev_req dev_req[] __counted_by(dev_num);
|
|
};
|
|
|
|
struct hci_conn_list_req {
|
|
__u16 dev_id;
|
|
__u16 conn_num;
|
|
struct hci_conn_info conn_info[];
|
|
};
|
|
|
|
struct hci_conn_info_req {
|
|
bdaddr_t bdaddr;
|
|
__u8 type;
|
|
struct hci_conn_info conn_info[];
|
|
};
|
|
|
|
struct hci_auth_info_req {
|
|
bdaddr_t bdaddr;
|
|
__u8 type;
|
|
};
|
|
|
|
struct hci_inquiry_req {
|
|
__u16 dev_id;
|
|
__u16 flags;
|
|
__u8 lap[3];
|
|
__u8 length;
|
|
__u8 num_rsp;
|
|
};
|
|
#define IREQ_CACHE_FLUSH 0x0001
|
|
|
|
#endif /* __HCI_SOCK_H */
|