Module Name: src
Committed By: plunky
Date: Wed Jul 27 10:25:09 UTC 2011
Modified Files:
src/sys/netbt: hci_event.c hci_link.c l2cap_signal.c rfcomm_session.c
Log Message:
cleanup some DIAGNOSTIC and KASSERT code
- remove #ifdef DIAGNOSTIC, so that we won't act
differently
- handle the cases where a Bluetooth adapter
sends invalid packet data (I've not seen this,
but it is not impossible)
- use KASSERT for actual impossible situations
(to catch bad future development)
To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 src/sys/netbt/hci_event.c src/sys/netbt/hci_link.c
cvs rdiff -u -r1.13 -r1.14 src/sys/netbt/l2cap_signal.c
cvs rdiff -u -r1.17 -r1.18 src/sys/netbt/rfcomm_session.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netbt/hci_event.c
diff -u src/sys/netbt/hci_event.c:1.22 src/sys/netbt/hci_event.c:1.23
--- src/sys/netbt/hci_event.c:1.22 Mon Nov 22 19:56:51 2010
+++ src/sys/netbt/hci_event.c Wed Jul 27 10:25:09 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: hci_event.c,v 1.22 2010/11/22 19:56:51 plunky Exp $ */
+/* $NetBSD: hci_event.c,v 1.23 2011/07/27 10:25:09 plunky Exp $ */
/*-
* Copyright (c) 2005 Iain Hibbert.
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: hci_event.c,v 1.22 2010/11/22 19:56:51 plunky Exp $");
+__KERNEL_RCSID(0, "$NetBSD: hci_event.c,v 1.23 2011/07/27 10:25:09 plunky Exp $");
#include <sys/param.h>
#include <sys/kernel.h>
@@ -157,8 +157,7 @@
* process HCI Events
*
* We will free the mbuf at the end, no need for any sub
- * functions to handle that. We kind of assume that the
- * device sends us valid events.
+ * functions to handle that.
*/
void
hci_event(struct mbuf *m, struct hci_unit *unit)
@@ -167,11 +166,15 @@
KASSERT(m->m_flags & M_PKTHDR);
- KASSERT(m->m_pkthdr.len >= sizeof(hdr));
+ if (m->m_pkthdr.len < sizeof(hdr))
+ goto done;
+
m_copydata(m, 0, sizeof(hdr), &hdr);
m_adj(m, sizeof(hdr));
KASSERT(hdr.type == HCI_EVENT_PKT);
+ if (m->m_pkthdr.len != hdr.length)
+ goto done;
DPRINTFN(1, "(%s) event %s\n",
device_xname(unit->hci_dev), hci_eventstr(hdr.event));
@@ -233,6 +236,7 @@
break;
}
+done:
m_freem(m);
}
@@ -246,7 +250,9 @@
{
hci_command_status_ep ep;
- KASSERT(m->m_pkthdr.len >= sizeof(ep));
+ if (m->m_pkthdr.len < sizeof(ep))
+ return;
+
m_copydata(m, 0, sizeof(ep), &ep);
m_adj(m, sizeof(ep));
@@ -292,7 +298,9 @@
hci_command_compl_ep ep;
hci_status_rp rp;
- KASSERT(m->m_pkthdr.len >= sizeof(ep));
+ if (m->m_pkthdr.len < sizeof(ep))
+ return;
+
m_copydata(m, 0, sizeof(ep), &ep);
m_adj(m, sizeof(ep));
@@ -369,7 +377,9 @@
uint16_t handle, num;
int num_acl = 0, num_sco = 0;
- KASSERT(m->m_pkthdr.len >= sizeof(ep));
+ if (m->m_pkthdr.len < sizeof(ep))
+ return;
+
m_copydata(m, 0, sizeof(ep), &ep);
m_adj(m, sizeof(ep));
@@ -439,7 +449,9 @@
hci_inquiry_response ir;
struct hci_memo *memo;
- KASSERT(m->m_pkthdr.len >= sizeof(ep));
+ if (m->m_pkthdr.len < sizeof(ep))
+ return;
+
m_copydata(m, 0, sizeof(ep), &ep);
m_adj(m, sizeof(ep));
@@ -447,7 +459,9 @@
(ep.num_responses == 1 ? "" : "s"));
while(ep.num_responses--) {
- KASSERT(m->m_pkthdr.len >= sizeof(ir));
+ if (m->m_pkthdr.len < sizeof(ir))
+ return;
+
m_copydata(m, 0, sizeof(ir), &ir);
m_adj(m, sizeof(ir));
@@ -476,7 +490,9 @@
hci_rssi_response rr;
struct hci_memo *memo;
- KASSERT(m->m_pkthdr.len >= sizeof(ep));
+ if (m->m_pkthdr.len < sizeof(ep))
+ return;
+
m_copydata(m, 0, sizeof(ep), &ep);
m_adj(m, sizeof(ep));
@@ -484,7 +500,9 @@
(ep.num_responses == 1 ? "" : "s"));
while(ep.num_responses--) {
- KASSERT(m->m_pkthdr.len >= sizeof(rr));
+ if (m->m_pkthdr.len < sizeof(rr))
+ return;
+
m_copydata(m, 0, sizeof(rr), &rr);
m_adj(m, sizeof(rr));
@@ -512,7 +530,9 @@
hci_extended_result_ep ep;
struct hci_memo *memo;
- KASSERT(m->m_pkthdr.len >= sizeof(ep));
+ if (m->m_pkthdr.len < sizeof(ep))
+ return;
+
m_copydata(m, 0, sizeof(ep), &ep);
m_adj(m, sizeof(ep));
@@ -546,7 +566,9 @@
struct hci_link *link;
int err;
- KASSERT(m->m_pkthdr.len >= sizeof(ep));
+ if (m->m_pkthdr.len < sizeof(ep))
+ return;
+
m_copydata(m, 0, sizeof(ep), &ep);
m_adj(m, sizeof(ep));
@@ -641,7 +663,9 @@
hci_discon_compl_ep ep;
struct hci_link *link;
- KASSERT(m->m_pkthdr.len >= sizeof(ep));
+ if (m->m_pkthdr.len < sizeof(ep))
+ return;
+
m_copydata(m, 0, sizeof(ep), &ep);
m_adj(m, sizeof(ep));
@@ -668,7 +692,9 @@
hci_reject_con_cp rp;
struct hci_link *link;
- KASSERT(m->m_pkthdr.len >= sizeof(ep));
+ if (m->m_pkthdr.len < sizeof(ep))
+ return;
+
m_copydata(m, 0, sizeof(ep), &ep);
m_adj(m, sizeof(ep));
@@ -715,7 +741,9 @@
struct hci_link *link;
int err;
- KASSERT(m->m_pkthdr.len >= sizeof(ep));
+ if (m->m_pkthdr.len < sizeof(ep))
+ return;
+
m_copydata(m, 0, sizeof(ep), &ep);
m_adj(m, sizeof(ep));
@@ -757,7 +785,9 @@
struct hci_link *link;
int err;
- KASSERT(m->m_pkthdr.len >= sizeof(ep));
+ if (m->m_pkthdr.len < sizeof(ep))
+ return;
+
m_copydata(m, 0, sizeof(ep), &ep);
m_adj(m, sizeof(ep));
@@ -801,7 +831,9 @@
struct hci_link *link;
int err;
- KASSERT(m->m_pkthdr.len >= sizeof(ep));
+ if (m->m_pkthdr.len < sizeof(ep))
+ return;
+
m_copydata(m, 0, sizeof(ep), &ep);
m_adj(m, sizeof(ep));
@@ -841,7 +873,9 @@
hci_read_clock_offset_compl_ep ep;
struct hci_link *link;
- KASSERT(m->m_pkthdr.len >= sizeof(ep));
+ if (m->m_pkthdr.len < sizeof(ep))
+ return;
+
m_copydata(m, 0, sizeof(ep), &ep);
m_adj(m, sizeof(ep));
@@ -865,7 +899,9 @@
{
hci_read_bdaddr_rp rp;
- KASSERT(m->m_pkthdr.len >= sizeof(rp));
+ if (m->m_pkthdr.len < sizeof(rp))
+ return;
+
m_copydata(m, 0, sizeof(rp), &rp);
m_adj(m, sizeof(rp));
@@ -890,7 +926,9 @@
{
hci_read_buffer_size_rp rp;
- KASSERT(m->m_pkthdr.len >= sizeof(rp));
+ if (m->m_pkthdr.len < sizeof(rp))
+ return;
+
m_copydata(m, 0, sizeof(rp), &rp);
m_adj(m, sizeof(rp));
@@ -920,7 +958,9 @@
{
hci_read_local_features_rp rp;
- KASSERT(m->m_pkthdr.len >= sizeof(rp));
+ if (m->m_pkthdr.len < sizeof(rp))
+ return;
+
m_copydata(m, 0, sizeof(rp), &rp);
m_adj(m, sizeof(rp));
@@ -1029,7 +1069,9 @@
{
hci_read_local_extended_features_rp rp;
- KASSERT(m->m_pkthdr.len >= sizeof(rp));
+ if (m->m_pkthdr.len < sizeof(rp))
+ return;
+
m_copydata(m, 0, sizeof(rp), &rp);
m_adj(m, sizeof(rp));
@@ -1076,7 +1118,9 @@
{
hci_read_local_ver_rp rp;
- KASSERT(m->m_pkthdr.len >= sizeof(rp));
+ if (m->m_pkthdr.len < sizeof(rp))
+ return;
+
m_copydata(m, 0, sizeof(rp), &rp);
m_adj(m, sizeof(rp));
@@ -1103,7 +1147,9 @@
{
hci_read_local_commands_rp rp;
- KASSERT(m->m_pkthdr.len >= sizeof(rp));
+ if (m->m_pkthdr.len < sizeof(rp))
+ return;
+
m_copydata(m, 0, sizeof(rp), &rp);
m_adj(m, sizeof(rp));
@@ -1132,7 +1178,9 @@
struct hci_link *link, *next;
int acl;
- KASSERT(m->m_pkthdr.len >= sizeof(rp));
+ if (m->m_pkthdr.len < sizeof(rp))
+ return;
+
m_copydata(m, 0, sizeof(rp), &rp);
m_adj(m, sizeof(rp));
Index: src/sys/netbt/hci_link.c
diff -u src/sys/netbt/hci_link.c:1.22 src/sys/netbt/hci_link.c:1.23
--- src/sys/netbt/hci_link.c:1.22 Thu Oct 14 07:05:03 2010
+++ src/sys/netbt/hci_link.c Wed Jul 27 10:25:09 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: hci_link.c,v 1.22 2010/10/14 07:05:03 plunky Exp $ */
+/* $NetBSD: hci_link.c,v 1.23 2011/07/27 10:25:09 plunky Exp $ */
/*-
* Copyright (c) 2005 Iain Hibbert.
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: hci_link.c,v 1.22 2010/10/14 07:05:03 plunky Exp $");
+__KERNEL_RCSID(0, "$NetBSD: hci_link.c,v 1.23 2011/07/27 10:25:09 plunky Exp $");
#include <sys/param.h>
#include <sys/kernel.h>
@@ -432,29 +432,22 @@
KASSERT(m != NULL);
KASSERT(unit != NULL);
- KASSERT(m->m_pkthdr.len >= sizeof(hdr));
+ if (m->m_pkthdr.len < sizeof(hdr))
+ goto bad;
+
m_copydata(m, 0, sizeof(hdr), &hdr);
m_adj(m, sizeof(hdr));
-#ifdef DIAGNOSTIC
- if (hdr.type != HCI_ACL_DATA_PKT) {
- aprint_error_dev(unit->hci_dev, "bad ACL packet type\n");
- goto bad;
- }
-
- if (m->m_pkthdr.len != le16toh(hdr.length)) {
- aprint_error_dev(unit->hci_dev,
- "bad ACL packet length (%d != %d)\n",
- m->m_pkthdr.len, le16toh(hdr.length));
- goto bad;
- }
-#endif
+ KASSERT(hdr.type == HCI_ACL_DATA_PKT);
hdr.length = le16toh(hdr.length);
hdr.con_handle = le16toh(hdr.con_handle);
handle = HCI_CON_HANDLE(hdr.con_handle);
pb = HCI_PB_FLAG(hdr.con_handle);
+ if (m->m_pkthdr.len != hdr.length)
+ goto bad;
+
link = hci_link_lookup_handle(unit, handle);
if (link == NULL) {
hci_discon_cp cp;
@@ -486,10 +479,8 @@
aprint_error_dev(unit->hci_dev,
"dropped incomplete ACL packet\n");
- if (m->m_pkthdr.len < sizeof(l2cap_hdr_t)) {
- aprint_error_dev(unit->hci_dev, "short ACL packet\n");
+ if (m->m_pkthdr.len < sizeof(l2cap_hdr_t))
goto bad;
- }
link->hl_rxp = m;
got = m->m_pkthdr.len;
@@ -510,7 +501,9 @@
break;
default:
- aprint_error_dev(unit->hci_dev, "unknown packet type\n");
+ DPRINTF("%s: unknown packet type\n",
+ device_xname(unit->hci_dev));
+
goto bad;
}
@@ -837,28 +830,20 @@
KASSERT(m != NULL);
KASSERT(unit != NULL);
- KASSERT(m->m_pkthdr.len >= sizeof(hdr));
- m_copydata(m, 0, sizeof(hdr), &hdr);
- m_adj(m, sizeof(hdr));
-
-#ifdef DIAGNOSTIC
- if (hdr.type != HCI_SCO_DATA_PKT) {
- aprint_error_dev(unit->hci_dev, "bad SCO packet type\n");
+ if (m->m_pkthdr.len < sizeof(hdr))
goto bad;
- }
- if (m->m_pkthdr.len != hdr.length) {
- aprint_error_dev(unit->hci_dev,
- "bad SCO packet length (%d != %d)\n",
- m->m_pkthdr.len, hdr.length);
+ m_copydata(m, 0, sizeof(hdr), &hdr);
+ m_adj(m, sizeof(hdr));
- goto bad;
- }
-#endif
+ KASSERT(hdr.type == HCI_SCO_DATA_PKT);
hdr.con_handle = le16toh(hdr.con_handle);
handle = HCI_CON_HANDLE(hdr.con_handle);
+ if (m->m_pkthdr.len != hdr.length)
+ goto bad;
+
link = hci_link_lookup_handle(unit, handle);
if (link == NULL || link->hl_type == HCI_LINK_ACL) {
DPRINTF("%s: dumping packet for unknown handle #%d\n",
Index: src/sys/netbt/l2cap_signal.c
diff -u src/sys/netbt/l2cap_signal.c:1.13 src/sys/netbt/l2cap_signal.c:1.14
--- src/sys/netbt/l2cap_signal.c:1.13 Sun Jul 17 20:54:53 2011
+++ src/sys/netbt/l2cap_signal.c Wed Jul 27 10:25:09 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: l2cap_signal.c,v 1.13 2011/07/17 20:54:53 joerg Exp $ */
+/* $NetBSD: l2cap_signal.c,v 1.14 2011/07/27 10:25:09 plunky Exp $ */
/*-
* Copyright (c) 2005 Iain Hibbert.
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: l2cap_signal.c,v 1.13 2011/07/17 20:54:53 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: l2cap_signal.c,v 1.14 2011/07/27 10:25:09 plunky Exp $");
#include <sys/param.h>
#include <sys/kernel.h>
@@ -155,10 +155,7 @@
goto reject;
}
}
-
-#ifdef DIAGNOSTIC
panic("impossible!");
-#endif
reject:
l2cap_send_command_rej(link, cmd.ident, L2CAP_REJ_NOT_UNDERSTOOD);
@@ -930,14 +927,8 @@
l2cap_hdr_t *hdr;
l2cap_cmd_hdr_t *cmd;
-#ifdef DIAGNOSTIC
- if (link == NULL)
- return ENETDOWN;
-
- if (sizeof(l2cap_cmd_hdr_t) + length > link->hl_mtu)
- aprint_error_dev(link->hl_unit->hci_dev,
- "exceeding L2CAP Signal MTU for link!\n");
-#endif
+ KASSERT(link != NULL);
+ KASSERT(sizeof(l2cap_cmd_hdr_t) + length <= link->hl_mtu);
m = m_gethdr(M_DONTWAIT, MT_DATA);
if (m == NULL)
Index: src/sys/netbt/rfcomm_session.c
diff -u src/sys/netbt/rfcomm_session.c:1.17 src/sys/netbt/rfcomm_session.c:1.18
--- src/sys/netbt/rfcomm_session.c:1.17 Wed Nov 17 20:19:25 2010
+++ src/sys/netbt/rfcomm_session.c Wed Jul 27 10:25:09 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: rfcomm_session.c,v 1.17 2010/11/17 20:19:25 plunky Exp $ */
+/* $NetBSD: rfcomm_session.c,v 1.18 2011/07/27 10:25:09 plunky Exp $ */
/*-
* Copyright (c) 2006 Itronix Inc.
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: rfcomm_session.c,v 1.17 2010/11/17 20:19:25 plunky Exp $");
+__KERNEL_RCSID(0, "$NetBSD: rfcomm_session.c,v 1.18 2011/07/27 10:25:09 plunky Exp $");
#include <sys/param.h>
#include <sys/kernel.h>
@@ -456,12 +456,11 @@
*/
while (count-- > 0) {
credit = SIMPLEQ_FIRST(&rs->rs_credits);
-#ifdef DIAGNOSTIC
if (credit == NULL) {
printf("%s: too many packets completed!\n", __func__);
break;
}
-#endif
+
dlc = credit->rc_dlc;
if (dlc != NULL) {
dlc->rd_pending--;
