• Marcel Holtmann's avatar
    Bluetooth: Fix issue with shared SKB between HCI raw socket and driver · e0edf373
    Marcel Holtmann authored
    Any HCI raw socket gets a copy of each SKB that is either received or
    send via the Bluetooth subsystem. The raw socket uses SKB clones to
    send out data, but the problem is that it needs to add an extra packet
    type byte in front of it. And some drivers need to also add an extra
    header before submitting the packet.
    
    So far this all worked magically fine since all of the drivers and the
    raw sockets are adding the same byte at the same location. But that is
    by pure coincidence. Since the data of cloned SKBs is shared, this means
    that the raw socket and driver kept writing into the shared data area.
    
    To fix this the only safe way is if the HCI raw socket creates a copy of
    the SKB before sending it out. To not always copy all SKBs around, the
    copy is only created once and only after any of the HCI filter checks
    succeeded.
    Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
    Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
    e0edf373
hci_sock.c 18.3 KB