From: "Gustavo F. Padovan" <padovan@profusion.mobi>
To: linux-bluetooth@vger.kernel.org
Cc: marcel@holtmann.org, gustavo@padovan.org
Subject: [PATCH 3/6] Bluetooth: Fix configuration of the MPS value
Date: Fri, 26 Mar 2010 16:19:16 -0300 [thread overview]
Message-ID: <1269631159-20750-3-git-send-email-padovan@profusion.mobi> (raw)
In-Reply-To: <1269631159-20750-2-git-send-email-padovan@profusion.mobi>
We were accepting values bigger than we can accept. This was leading
ERTM to drop packets because of wrong FCS checks.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
---
include/net/bluetooth/l2cap.h | 3 ++-
net/bluetooth/l2cap.c | 36 ++++++++++++++++++++----------------
2 files changed, 22 insertions(+), 17 deletions(-)
diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
index 48f10f4..0f4e423 100644
--- a/include/net/bluetooth/l2cap.h
+++ b/include/net/bluetooth/l2cap.h
@@ -343,7 +343,8 @@ struct l2cap_pinfo {
__u8 remote_max_tx;
__u16 retrans_timeout;
__u16 monitor_timeout;
- __u16 max_pdu_size;
+ __u16 remote_mps;
+ __u16 mps;
__le16 sport;
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 40aff8d..4c98e3c 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -1605,21 +1605,21 @@ static inline int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, siz
__skb_queue_head_init(&sar_queue);
control = L2CAP_SDU_START;
- skb = l2cap_create_iframe_pdu(sk, msg, pi->max_pdu_size, control, len);
+ skb = l2cap_create_iframe_pdu(sk, msg, pi->remote_mps, control, len);
if (IS_ERR(skb))
return PTR_ERR(skb);
__skb_queue_tail(&sar_queue, skb);
- len -= pi->max_pdu_size;
- size +=pi->max_pdu_size;
+ len -= pi->remote_mps;
+ size +=pi->remote_mps;
control = 0;
while (len > 0) {
size_t buflen;
- if (len > pi->max_pdu_size) {
+ if (len > pi->remote_mps) {
control |= L2CAP_SDU_CONTINUE;
- buflen = pi->max_pdu_size;
+ buflen = pi->remote_mps;
} else {
control |= L2CAP_SDU_END;
buflen = len;
@@ -1697,7 +1697,7 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
case L2CAP_MODE_ERTM:
case L2CAP_MODE_STREAMING:
/* Entire SDU fits into one PDU */
- if (len <= pi->max_pdu_size) {
+ if (len <= pi->remote_mps) {
control = L2CAP_SDU_UNSEGMENTED;
skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0);
if (IS_ERR(skb)) {
@@ -2326,7 +2326,7 @@ done:
rfc.monitor_timeout = 0;
rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
- rfc.max_pdu_size = pi->conn->mtu - 10;
+ rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
sizeof(rfc), (unsigned long) &rfc);
@@ -2349,7 +2349,7 @@ done:
rfc.monitor_timeout = 0;
rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
- rfc.max_pdu_size = pi->conn->mtu - 10;
+ rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
sizeof(rfc), (unsigned long) &rfc);
@@ -2478,7 +2478,10 @@ done:
case L2CAP_MODE_ERTM:
pi->remote_tx_win = rfc.txwin_size;
pi->remote_max_tx = rfc.max_transmit;
- pi->max_pdu_size = rfc.max_pdu_size;
+ if (rfc.max_pdu_size > pi->conn->mtu - 10)
+ rfc.max_pdu_size = le16_to_cpu(pi->conn->mtu - 10);
+
+ pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
rfc.retrans_timeout = L2CAP_DEFAULT_RETRANS_TO;
rfc.monitor_timeout = L2CAP_DEFAULT_MONITOR_TO;
@@ -2491,7 +2494,10 @@ done:
break;
case L2CAP_MODE_STREAMING:
- pi->max_pdu_size = rfc.max_pdu_size;
+ if (rfc.max_pdu_size > pi->conn->mtu - 10)
+ rfc.max_pdu_size = le16_to_cpu(pi->conn->mtu - 10);
+
+ pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
pi->conf_state |= L2CAP_CONF_MODE_DONE;
@@ -2570,11 +2576,10 @@ static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data,
pi->remote_tx_win = rfc.txwin_size;
pi->retrans_timeout = rfc.retrans_timeout;
pi->monitor_timeout = rfc.monitor_timeout;
- pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size);
+ pi->mps = le16_to_cpu(rfc.max_pdu_size);
break;
case L2CAP_MODE_STREAMING:
- pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size);
- break;
+ pi->mps = le16_to_cpu(rfc.max_pdu_size);
}
}
@@ -3758,7 +3763,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
* Receiver will miss it and start proper recovery
* procedures and ask retransmission.
*/
- if (len > L2CAP_DEFAULT_MAX_PDU_SIZE)
+ if (len > pi->mps)
goto drop;
if (l2cap_check_fcs(pi, skb))
@@ -3789,8 +3794,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
if (pi->fcs == L2CAP_FCS_CRC16)
len -= 2;
- if (len > L2CAP_DEFAULT_MAX_PDU_SIZE || len < 4
- || __is_sframe(control))
+ if (len > pi->mps || len < 4 || __is_sframe(control))
goto drop;
if (l2cap_check_fcs(pi, skb))
--
1.6.4.4
next prev parent reply other threads:[~2010-03-26 19:19 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-23 19:48 [PATCH 00/19] Patches for eL2CAP Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 01/19] Bluetooth: Implement 'Send IorRRorRNR' event Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 02/19] Bluetooth: Support case with F bit set under WAIT_F state Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 03/19] Bluetooth: Fix memory leak of S-frames into L2CAP Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 04/19] Bluetooth: Check the minimum {I,S}-frame size " Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 05/19] Bluetooth: Check if SDU size is greater than MTU on L2CAP Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 06/19] Bluetooth: Fix expected_tx_seq calculation " Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 07/19] Bluetooth: Implement SendAck() Action on ERTM Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 08/19] Bluetooth: Move set of P-bit to l2cap_send_sframe() Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 09/19] Bluetooth: Add Recv RR (P=0)(F=0) for SREJ_SENT state on ERTM Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 10/19] Bluetooth: Use a l2cap_pinfo struct instead l2cap_pi() macro Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 11/19] Bluetooth: Fix ACL MTU issue Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 12/19] Bluetooth: Split l2cap_data_channel_sframe() Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 13/19] Bluetooth: Handle all cases of receipt of RNR-frames into L2CAP Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 14/19] Bluetooth: Group the ack of I-frames into l2cap_data_channel_rrframe() Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 15/19] Bluetooth: Remove duplicate use of __get_reqseq() macro on L2CAP Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 16/19] Bluetooth: Finish implementation for Rec RR (P=1) on ERTM Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 17/19] Bluetooth: Ignore I-frames with a duplicated txSeq Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 18/19] Bluetooth: Add timer to Acknowledge I-frames Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 19/19] Bluetooth: Move specific Basic Mode code to the right place Gustavo F. Padovan
2010-03-26 19:19 ` [PATCH 1/6] Bluetooth: Ignore Tx Window value with Streaming mode Gustavo F. Padovan
2010-03-26 19:19 ` [PATCH 2/6] Bluetooth: Read RFC conf option on a successful Conf RSP Gustavo F. Padovan
2010-03-26 19:19 ` Gustavo F. Padovan [this message]
2010-03-26 19:19 ` [PATCH 4/6] Bluetooth: Add le16 macro to Retransmission and Monitor Timeouts values Gustavo F. Padovan
2010-03-26 19:19 ` [PATCH 5/6] Bluetooth: Check the SDU size against the MTU value Gustavo F. Padovan
2010-03-26 19:19 ` [PATCH 6/6] Bluetooth: Close channel when an invalid ReqSeq is received Gustavo F. Padovan
2010-03-30 18:52 ` [PATCH 01/10] Bluetooth: Ignore Tx Window value with Streaming mode Gustavo F. Padovan
2010-03-30 18:52 ` [PATCH 02/10] Bluetooth: Read RFC conf option on a successful Conf RSP Gustavo F. Padovan
2010-03-30 18:52 ` [PATCH 03/10] Bluetooth: Fix configuration of the MPS value Gustavo F. Padovan
2010-03-30 18:52 ` [PATCH 04/10] Bluetooth: Add le16 macro to Retransmission and Monitor Timeouts values Gustavo F. Padovan
2010-03-30 18:52 ` [PATCH 05/10] Bluetooth: Check the SDU size against the MTU value Gustavo F. Padovan
2010-03-30 18:52 ` [PATCH 06/10] Bluetooth: Send Ack after clear the SREJ list Gustavo F. Padovan
2010-03-30 18:52 ` [PATCH 07/10] Bluetooth: Add sockopt configuration for txWindow on L2CAP Gustavo F. Padovan
2010-03-30 18:52 ` [PATCH 08/10] Bluetooth: Change acknowledgement to use the value of txWindow Gustavo F. Padovan
2010-03-30 18:52 ` [PATCH 09/10] Bluetooth: Add module parameter for txWindow size on L2CAP Gustavo F. Padovan
2010-03-30 18:52 ` [PATCH 10/10] Bluetooth: Enable option to configure Max Transmission value via sockopt Gustavo F. Padovan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1269631159-20750-3-git-send-email-padovan@profusion.mobi \
--to=padovan@profusion.mobi \
--cc=gustavo@padovan.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=marcel@holtmann.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).