Commit Graph

165 Commits

Author SHA1 Message Date
maxv 9b4a455b77 pass the address of the field, instead of relying on it being the first
field of the structure/union, no functional change, discussed with plunky@
2020-02-29 11:40:06 +00:00
plunky 43690d4aea fix reversed logic for Remote Port Negotiation, pointed out by maxv@ 2020-02-23 20:16:10 +00:00
plunky 1f4a29ea41 permit read_encryption_key_size from userland 2019-09-28 07:10:55 +00:00
plunky c7c6d6a659 When encrypted connections are configured, verify that the encryption
key length has a minimum size when the adaptor supports that.

This addresses the 'Key Negotiation of Bluetooth' attack, CVE-2019-9506

https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/
2019-09-28 07:06:33 +00:00
mrg fbffadb9f8 - add or adjust /* FALLTHROUGH */ where appropriate
- add __unreachable() after functions that can return but won't in
  this case, and thus can't be marked __dead easily
2019-02-03 03:19:25 +00:00
martin dc194ae5f0 Fix memory leaks pointed out by Ilja Van Sprundel: all
sendoob() functions are expted to free both passed
mbuf chains.
2019-01-28 12:53:01 +00:00
maxv 5b040abec8 Replace M_ALIGN and MH_ALIGN by m_align. 2018-12-22 14:28:56 +00:00
plunky f29d4f3d37 two issues noted by maxv@
1. If an adaptor sends repeated fragments indicating HCI_PACKET_START,
   we would leak mbufs. Fix that by releasing the previous in that case.

2. If an adaptor sends fragments which overflow the expected total
   payload length, it could build up the pending packet to use up system
   mbufs. Fix that by changing the unsigned calculation to a comparison
   and rejecting oversize packets
2018-09-07 14:47:15 +00:00
riastradh d1579b2d70 Rename min/max -> uimin/uimax for better honesty.
These functions are defined on unsigned int.  The generic name
min/max should not silently truncate to 32 bits on 64-bit systems.
This is purely a name change -- no functional change intended.

HOWEVER!  Some subsystems have

	#define min(a, b)	((a) < (b) ? (a) : (b))
	#define max(a, b)	((a) > (b) ? (a) : (b))

even though our standard name for that is MIN/MAX.  Although these
may invite multiple evaluation bugs, these do _not_ cause integer
truncation.

To avoid `fixing' these cases, I first changed the name in libkern,
and then compile-tested every file where min/max occurred in order to
confirm that it failed -- and thus confirm that nothing shadowed
min/max -- before changing it.

I have left a handful of bootloaders that are too annoying to
compile-test, and some dead code:

cobalt ews4800mips hp300 hppa ia64 luna68k vax
acorn32/if_ie.c (not included in any kernels)
macppc/if_gm.c (superseded by gem(4))

It should be easy to fix the fallout once identified -- this way of
doing things fails safe, and the goal here, after all, is to _avoid_
silent integer truncations, not introduce them.

Maybe one day we can reintroduce min/max as type-generic things that
never silently truncate.  But we should avoid doing that for a while,
so that existing code has a chance to be detected by the compiler for
conversion to uimin/uimax without changing the semantics until we can
properly audit it all.  (Who knows, maybe in some cases integer
truncation is actually intended!)
2018-09-03 16:29:22 +00:00
plunky 1834dc7936 Result of audit to check that mbuf length is checked before m_copydata()
and that any data supposedly copied out is valid before use.

prompted by maxv@, I have checked every usage of m_copydata() and made
the following corrections

hci_event.c:
	hci_event_command_compl()
		check that the packet does contain enough data for there to
		be a status code before noting possible failures.

	hci_event_num_compl_pkts()
		check that the packet does contain data to cover the
		stated number of handle/num pairs

l2cap_signal.c:
	l2cap_recv_signal()
		just ignore packets with not enough data rather than
		trying to reject them (may not have cmd.ident)

	l2cap_recv_command_rej()
		check we have a valid reason and/or data before use
2018-08-21 14:59:13 +00:00
kamil a5946f550b Appease GCC in hci_filter_test()
Cast the returned value from hci_filter_test explicitly to int, as
requested by GCC when building with Undefined Behavior Sanitizer.
2018-07-25 19:09:38 +00:00
plunky 4fe8989f00 add HCI_SPEC_50 2017-12-21 09:30:30 +00:00
jakllsch 9b0a9a1385 avoid -Werror=sign-conversion 2017-01-28 19:19:41 +00:00
christos dc0230d3b5 factor out common subexpressions. 2017-01-28 19:07:16 +00:00
maya 21cc7f1b6b acknowleg -> acknowledg, proceedure -> procedure.
only comments were changed.

from miod
2016-12-12 15:58:44 +00:00
joerg d1a3b09c2e The last named argument of a variadic function shall not be default
promoted according to ISO C.
2016-10-04 14:13:46 +00:00
riastradh 7c7b1739c8 Revert previous: ran cvs commit when I meant cvs diff. Sorry!
Hit up-arrow one too few times.
2016-01-21 15:41:29 +00:00
riastradh b41d562bd0 Give proper prototype to ip_output. 2016-01-21 15:27:48 +00:00
plunky 0f446f141d there is no longer a reason to have a separate hci_send function now
that the hci_usrreq function is disassembled, so merge hci_send_pcb
back into hci_send()
2015-12-22 11:40:07 +00:00
plunky 522f084ab1 add version and extended feature flags defined in 4.2 specification,
add cache for page 2 of extended features and return this in
the SIOCGBTFEAT ioctl (no change in size)
2015-11-28 09:04:34 +00:00
plunky b0d4935612 note recent spec additions to L2CAP Info command regarding fixed channels 2015-11-28 08:57:33 +00:00
plunky ca14c58257 add in PSMs defined in later versions of specification 2015-11-28 07:50:37 +00:00
dholland 1fbab01a93 More on PR 41200: headers that declare ioctls should include sys/ioccom.h.
This covers (I think) all the MI headers outside of external/ (and dist/).
2015-09-06 06:00:59 +00:00
rtr fd12cf39ee make connect syscall use sockaddr_big and modify pr_{send,connect}
nam parameter type from buf * to sockaddr *.

final commit for parameter type changes to protocol user requests

* bump kernel version to 7.99.15 for parameter type changes to pr_{send,connect}
2015-05-02 17:18:03 +00:00
rtr d2aa9dd71f remove pr_generic from struct pr_usrreqs and all implementations of
pr_generic in protocols.

bump to 7.99.13

approved by rmind@
2015-04-26 21:40:48 +00:00
rtr eddf3af3c6 make accept, getsockname and getpeername syscalls use sockaddr_big and modify
pr_{accept,sockname,peername} nam parameter type from mbuf * to sockaddr *.

* retained use of mbuftypes[MT_SONAME] for now.
* bump to netbsd version 7.99.12 for parameter type change.

patch posted to tech-net@ 2015/04/19
2015-04-24 22:32:37 +00:00
rtr a2ba5e69ab * change pr_bind to accept struct sockaddr * instead of struct mbuf *
* update protocol bind implementations to use/expect sockaddr *
  instead of mbuf *
* introduce sockaddr_big struct for storage of addr data passed via
  sys_bind; sockaddr_big is of sufficient size and alignment to
  accommodate all addr data sizes received.
* modify sys_bind to allocate sockaddr_big instead of using an mbuf.
* bump kernel version to 7.99.9 for change to pr_bind() parameter type.

Patch posted to tech-net@
  http://mail-index.netbsd.org/tech-net/2015/03/15/msg005004.html

The choice to use a new structure sockaddr_big has been retained since
changing sockaddr_storage size would lead to unnecessary ABI change. The
use of the new structure does not preclude future work that increases
the size of sockaddr_storage and at that time sockaddr_big may be
trivially replaced.

Tested by mrg@ and myself, discussed with rmind@, posted to tech-net@
2015-04-03 20:01:07 +00:00
plunky 6e4644bb36 since rfcomm_attach_pcb may be called from (soft) interrupt context
(for incoming connections), use kmem_intr_()
2014-11-16 21:34:27 +00:00
rtr 8cf67cc6d5 split PRU_CONNECT2 & PRU_PURGEIF function out of pr_generic() usrreq
switches and put into separate functions

  - always KASSERT(solocked(so)) even if not implemented
    (for PRU_CONNECT2 only)

  - replace calls to pr_generic() with req = PRU_CONNECT2 with calls to
    pr_connect2()

  - replace calls to pr_generic() with req = PRU_PURGEIF with calls to
    pr_purgeif()

put common code from unp_connect2() (used by unp_connect() into
unp_connect1() and call out to it when needed

patch only briefly reviewed by rmind@
2014-08-09 05:33:00 +00:00
rtr 822872eada split PRU_RCVD function out of pr_generic() usrreq switches and put into
separate functions

  - always KASSERT(solocked(so)) even if not implemented

  - replace calls to pr_generic() with req = PRU_RCVD with calls to
    pr_rcvd()
2014-08-08 03:05:44 +00:00
rtr 651e5bd3f8 split PRU_SEND function out of pr_generic() usrreq switches and put into
separate functions

   xxx_send(struct socket *, struct mbuf *, struct mbuf *,
       struct mbuf *, struct lwp *)

  - always KASSERT(solocked(so)) even if not implemented

  - replace calls to pr_generic() with req = PRU_SEND with calls to
    pr_send()

rename existing functions that operate on PCB for consistency (and to
free up their names for xxx_send() PRUs

  - l2cap_send() -> l2cap_send_pcb()
  - sco_send() -> sco_send_pcb()
  - rfcomm_send() -> rfcomm_send_pcb()

patch reviewed by rmind
2014-08-05 07:55:31 +00:00
rtr ce6a5ff64f revert the removal of struct lwp * parameter from bind, listen and connect
user requests.

this should resolve the issue relating to nfs client hangs presented
recently by wiz on current-users@
2014-08-05 05:24:26 +00:00
rtr da517405a0 release mbuf on failure of PRU_SEND 2014-07-31 15:16:06 +00:00
rtr 892163b8e9 split PRU_DISCONNECT, PRU_SHUTDOWN and PRU_ABORT function out of
pr_generic() usrreq switches and put into separate functions

   xxx_disconnect(struct socket *)
   xxx_shutdown(struct socket *)
   xxx_abort(struct socket *)

   - always KASSERT(solocked(so)) even if not implemented
   - replace calls to pr_generic() with req =
PRU_{DISCONNECT,SHUTDOWN,ABORT}
     with calls to pr_{disconnect,shutdown,abort}() respectively

rename existing internal functions used to implement above functionality
to permit use of the names for xxx_{disconnect,shutdown,abort}().

   - {l2cap,sco,rfcomm}_disconnect() ->
{l2cap,sco,rfcomm}_disconnect_pcb()
   - {unp,rip,tcp}_disconnect() -> {unp,rip,tcp}_disconnect1()
   - unp_shutdown() -> unp_shutdown1()

patch reviewed by rmind
2014-07-31 03:39:35 +00:00
rtr ad6ae402db split PRU_CONNECT function out of pr_generic() usrreq switches and put
into seaparate functions

  xxx_listen(struct socket *, struct mbuf *)

  - always KASSERT(solocked(so)) and KASSERT(nam != NULL)
  - replace calls to pr_generic() with req = PRU_CONNECT with
    pr_connect()
  - rename existin {l2cap,sco,rfcomm}_connect() to
    {l2cap,sco,rfcomm}_connect_pcb() respectively to permit
    naming consistency with other protocols functions.
  - drop struct lwp * parameter from unp_connect() and at_pcbconnect()
    and use curlwp instead where appropriate.

patch reviewed by rmind
2014-07-30 10:04:25 +00:00
rtr 6dd8eef044 split PRU_BIND and PRU_LISTEN function out of pr_generic() usrreq
switches and put into separate functions
  xxx_bind(struct socket *, struct mbuf *)
  xxx_listen(struct socket *)

  - always KASSERT(solocked(so)) even if not implemented

  - replace calls to pr_generic() with req = PRU_BIND with call to
    pr_bind()

  - replace calls to pr_generic() with req = PRU_LISTEN with call to
    pr_listen()

  - drop struct lwp * parameter from at_pcbsetaddr(), in_pcbbind() and
    unp_bind() and always use curlwp.

rename existing functions that operate on PCB for consistency (and to
free up their names for xxx_{bind,listen}() PRUs

  - l2cap_{bind,listen}() -> l2cap_{bind,listen}_pcb()
  - sco_{bind,listen}() -> sco_{bind,listen}_pcb()
  - rfcomm_{bind,listen}() -> rfcomm_{bind,listen}_pcb()

patch reviewed by rmind

welcome to netbsd 6.99.48
2014-07-24 15:12:03 +00:00
rtr 35b22fa96a split PRU_SENDOOB and PRU_RCVOOB function out of pr_generic() usrreq
switches and put into separate functions
  xxx_sendoob(struct socket *, struct mbuf *, struct mbuf *)
  xxx_recvoob(struct socket *, struct mbuf *, int)

  - always KASSERT(solocked(so)) even if request is not implemented

  - replace calls to pr_generic() with req = PRU_{SEND,RCV}OOB with
    calls to pr_{send,recv}oob() respectively.

there is still some tweaking of m_freem(m) and m_freem(control) to come
for consistency.  not performed with this commit for clarity.

reviewed by rmind
2014-07-23 13:17:18 +00:00
rtr d27b133d27 * split PRU_ACCEPT function out of pr_generic() usrreq switches and put
into a separate function xxx_accept(struct socket *, struct mbuf *)

note: future cleanup will take place to remove struct mbuf parameter
type and replace it with a more appropriate type.

patch reviewed by rmind
2014-07-09 14:41:42 +00:00
rtr d575eb5454 * split PRU_PEERADDR and PRU_SOCKADDR function out of pr_generic()
usrreq switches and put into separate functions
  xxx_{peer,sock}addr(struct socket *, struct mbuf *).

    - KASSERT(solocked(so)) always in new functions even if request
      is not implemented

    - KASSERT(pcb != NULL) and KASSERT(nam) if the request is
      implemented and not for tcp.

* for tcp roll #ifdef KPROF and #ifdef DEBUG code from tcp_usrreq() into
  easier to cut & paste functions tcp_debug_capture() and
tcp_debug_trace()

    - functions provided by rmind
    - remaining use of PRU_{PEER,SOCK}ADDR #define to be removed in a
      future commit.

* rename netbt functions to permit consistency of pru function names
  (as has been done with other requests already split out).

    - l2cap_{peer,sock}addr()  -> l2cap_{peer,sock}_addr_pcb()
    - rfcomm_{peer,sock}addr() -> rfcomm_{peer,sock}_addr_pcb()
    - sco_{peer,sock}addr()    -> sco_{peer,sock}_addr_pcb()

* split/refactor do_sys_getsockname(lwp, fd, which, nam) into
  two functions do_sys_get{peer,sock}name(fd, nam).

    - move PRU_PEERADDR handling into do_sys_getpeername() from
      do_sys_getsockname()
    - have svr4_stream directly call do_sys_get{sock,peer}name()
      respectively instead of providing `which' & fix a DPRINTF string
      that incorrectly wrote "getpeername" when it meant "getsockname"
    - fix sys_getpeername() and sys_getsockname() to call
      do_sys_get{sock,peer}name() without `which' and `lwp' & adjust
      comments
    - bump kernel version for removal of lwp & which parameters from
      do_sys_getsockname()

note: future cleanup to remove struct mbuf * abuse in
xxx_{peer,sock}name()
still to come, not done in this commit since it is easier to do post
split.

patch reviewed by rmind

welcome to 6.99.47
2014-07-09 04:54:03 +00:00
rtr ff90c29d04 * sprinkle KASSERT(solocked(so)); in all pr_stat() functions.
* fix remaining inconsistent struct socket parameter names.
2014-07-07 17:13:56 +00:00
rtr 909a1fc699 backout change that made pr_stat return EOPNOTSUPP for protocols that
were not filling in struct stat.

decision made after further discussion with rmind and investigation of
how other operating systems behave.  soo_stat() is doing just enough to
be able to call what gets returned valid and thus justifys a return of
success.

additional review will be done to determine of the pr_stat functions
that were already returning EOPNOTSUPP can be considered successful with
what soo_stat() is doing.
2014-07-07 15:13:21 +00:00
rtr 183fc9ab77 * have pr_stat return EOPNOTSUPP consistently for all protocols that do
not fill in struct stat instead of returning success.

* in pr_stat remove all checks for non-NULL so->so_pcb except where the
  pcb is actually used (i.e. cases where we don't return EOPNOTSUPP).

proposed on tech-net@
2014-07-07 07:09:58 +00:00
rtr a60320ca07 * split PRU_SENSE functionality out of xxx_usrreq() switches and place into
separate xxx_stat(struct socket *, struct stat *) functions.
* replace calls using pr_generic with req == PRU_SENSE with pr_stat().

further change will follow that cleans up the pattern used to extract the
pcb and test for its presence.

reviewed by rmind
2014-07-06 03:33:33 +00:00
rtr 0dedd9772f fix parameter types in pr_ioctl, called xx_control() functions and remove
abuse of pointer to struct mbuf type.

param2 changed to u_long type and uses parameter name 'cmd' (ioctl command)
param3 changed to void * type and uses parameter name 'data'
param4 changed to struct ifnet * and uses parameter name 'ifp'
param5 has been removed (formerly struct lwp *) and uses of 'l' have been
       replaced with curlwp from curproc(9).

callers have had (now unnecessary) casts to struct mbuf * removed, called
code has had (now unnecessary) casts to u_long, void * and struct ifnet *
respectively removed.

reviewed by rmind@
2014-07-01 05:49:18 +00:00
rtr d54d7ab24a * split PRU_CONTROL functionality out of xxx_userreq() switches and place
into separate xxx_ioctl() functions.
* place KASSERT(req != PRU_CONTROL) inside xxx_userreq() as it is now
  inappropriate for req = PRU_CONTROL in xxx_userreq().
* replace calls to pr_generic() with req = PRU_CONTROL with pr_ioctl().
* remove & fixup references to PRU_CONTROL xxx_userreq() function comments.
* fix various comments references for xxx_userreq() that mentioned
  PRU_CONTROL as xxx_userreq() no longer handles the request.

a further change will follow to fix parameter and naming inconsistencies
retained from original code.

Reviewed by rmind@
2014-06-22 08:10:18 +00:00
rmind e401453f3f Adjust PR_WRAP_USRREQS() to include the attach/detach functions.
We still need the kernel-lock for some corner cases.
2014-05-20 19:04:00 +00:00
rmind 56a73a7d30 netbt: rename some attach/detach functions to have _pcb suffix, so
we could use standard attach/detach naming for pr_usrreq functions.
No functional change.
2014-05-20 18:25:54 +00:00
martin e2e67479c9 Make it compile without options DIAGNOSTIC by removing a variable only set
once and only tested once in an assert.
2014-05-19 15:44:04 +00:00
rmind 19429f513e l2cap_detach1: fix gcc warning for non-DIAGNOSTIC case. 2014-05-19 03:18:57 +00:00
rmind 4ae03c1815 - Split off PRU_ATTACH and PRU_DETACH logic into separate functions.
- Replace malloc with kmem and eliminate M_PCB while here.
- Sprinkle more asserts.
2014-05-19 02:51:24 +00:00