From: "Gustavo F. Padovan" <padovan@profusion.mobi>
To: linux-bluetooth@vger.kernel.org
Cc: marcel@holtmann.org, gustavo@padovan.org, jprvita@profusion.mobi
Subject: [PATCH 22/34] Bluetooth: Fix configuration of the MPS value
Date: Thu, 1 Apr 2010 17:23:40 -0300 [thread overview]
Message-ID: <1270153432-6477-23-git-send-email-padovan@profusion.mobi> (raw)
In-Reply-To: <1270153432-6477-22-git-send-email-padovan@profusion.mobi>
We were accepting values bigger than we can accept. This was leading
ERTM to drop packets because of wrong FCS checks.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Reviewed-by: João Paulo Rechi Vita <jprvita@profusion.mobi>
---
include/net/bluetooth/l2cap.h | 3 ++-
net/bluetooth/l2cap.c | 36 ++++++++++++++++++++----------------
2 files changed, 22 insertions(+), 17 deletions(-)
diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
index 48f10f4..0f4e423 100644
--- a/include/net/bluetooth/l2cap.h
+++ b/include/net/bluetooth/l2cap.h
@@ -343,7 +343,8 @@ struct l2cap_pinfo {
__u8 remote_max_tx;
__u16 retrans_timeout;
__u16 monitor_timeout;
- __u16 max_pdu_size;
+ __u16 remote_mps;
+ __u16 mps;
__le16 sport;
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 40aff8d..4c98e3c 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -1605,21 +1605,21 @@ static inline int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, siz
__skb_queue_head_init(&sar_queue);
control = L2CAP_SDU_START;
- skb = l2cap_create_iframe_pdu(sk, msg, pi->max_pdu_size, control, len);
+ skb = l2cap_create_iframe_pdu(sk, msg, pi->remote_mps, control, len);
if (IS_ERR(skb))
return PTR_ERR(skb);
__skb_queue_tail(&sar_queue, skb);
- len -= pi->max_pdu_size;
- size +=pi->max_pdu_size;
+ len -= pi->remote_mps;
+ size +=pi->remote_mps;
control = 0;
while (len > 0) {
size_t buflen;
- if (len > pi->max_pdu_size) {
+ if (len > pi->remote_mps) {
control |= L2CAP_SDU_CONTINUE;
- buflen = pi->max_pdu_size;
+ buflen = pi->remote_mps;
} else {
control |= L2CAP_SDU_END;
buflen = len;
@@ -1697,7 +1697,7 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
case L2CAP_MODE_ERTM:
case L2CAP_MODE_STREAMING:
/* Entire SDU fits into one PDU */
- if (len <= pi->max_pdu_size) {
+ if (len <= pi->remote_mps) {
control = L2CAP_SDU_UNSEGMENTED;
skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0);
if (IS_ERR(skb)) {
@@ -2326,7 +2326,7 @@ done:
rfc.monitor_timeout = 0;
rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
- rfc.max_pdu_size = pi->conn->mtu - 10;
+ rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
sizeof(rfc), (unsigned long) &rfc);
@@ -2349,7 +2349,7 @@ done:
rfc.monitor_timeout = 0;
rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
- rfc.max_pdu_size = pi->conn->mtu - 10;
+ rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
sizeof(rfc), (unsigned long) &rfc);
@@ -2478,7 +2478,10 @@ done:
case L2CAP_MODE_ERTM:
pi->remote_tx_win = rfc.txwin_size;
pi->remote_max_tx = rfc.max_transmit;
- pi->max_pdu_size = rfc.max_pdu_size;
+ if (rfc.max_pdu_size > pi->conn->mtu - 10)
+ rfc.max_pdu_size = le16_to_cpu(pi->conn->mtu - 10);
+
+ pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
rfc.retrans_timeout = L2CAP_DEFAULT_RETRANS_TO;
rfc.monitor_timeout = L2CAP_DEFAULT_MONITOR_TO;
@@ -2491,7 +2494,10 @@ done:
break;
case L2CAP_MODE_STREAMING:
- pi->max_pdu_size = rfc.max_pdu_size;
+ if (rfc.max_pdu_size > pi->conn->mtu - 10)
+ rfc.max_pdu_size = le16_to_cpu(pi->conn->mtu - 10);
+
+ pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
pi->conf_state |= L2CAP_CONF_MODE_DONE;
@@ -2570,11 +2576,10 @@ static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data,
pi->remote_tx_win = rfc.txwin_size;
pi->retrans_timeout = rfc.retrans_timeout;
pi->monitor_timeout = rfc.monitor_timeout;
- pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size);
+ pi->mps = le16_to_cpu(rfc.max_pdu_size);
break;
case L2CAP_MODE_STREAMING:
- pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size);
- break;
+ pi->mps = le16_to_cpu(rfc.max_pdu_size);
}
}
@@ -3758,7 +3763,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
* Receiver will miss it and start proper recovery
* procedures and ask retransmission.
*/
- if (len > L2CAP_DEFAULT_MAX_PDU_SIZE)
+ if (len > pi->mps)
goto drop;
if (l2cap_check_fcs(pi, skb))
@@ -3789,8 +3794,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
if (pi->fcs == L2CAP_FCS_CRC16)
len -= 2;
- if (len > L2CAP_DEFAULT_MAX_PDU_SIZE || len < 4
- || __is_sframe(control))
+ if (len > pi->mps || len < 4 || __is_sframe(control))
goto drop;
if (l2cap_check_fcs(pi, skb))
--
1.6.4.4
next prev parent reply other threads:[~2010-04-01 20:23 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-01 20:23 Patches for eL2CAP Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 01/34] Bluetooth: Implement 'Send IorRRorRNR' event Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 02/34] Bluetooth: Support case with F bit set under WAIT_F state Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 03/34] Bluetooth: Fix memory leak of S-frames into L2CAP Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 04/34] Bluetooth: Check the minimum {I,S}-frame size " Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 05/34] Bluetooth: Check if SDU size is greater than MTU on L2CAP Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 06/34] Bluetooth: Fix expected_tx_seq calculation " Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 07/34] Bluetooth: Implement SendAck() Action on ERTM Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 08/34] Bluetooth: Move set of P-bit to l2cap_send_sframe() Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 09/34] Bluetooth: Add Recv RR (P=0)(F=0) for SREJ_SENT state on ERTM Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 10/34] Bluetooth: Use a l2cap_pinfo struct instead l2cap_pi() macro Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 11/34] Bluetooth: Fix ACL MTU issue Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 12/34] Bluetooth: Split l2cap_data_channel_sframe() Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 13/34] Bluetooth: Handle all cases of receipt of RNR-frames into L2CAP Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 14/34] Bluetooth: Group the ack of I-frames into l2cap_data_channel_rrframe() Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 15/34] Bluetooth: Remove duplicate use of __get_reqseq() macro on L2CAP Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 16/34] Bluetooth: Finish implementation for Rec RR (P=1) on ERTM Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 17/34] Bluetooth: Ignore I-frames with a duplicated txSeq Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 18/34] Bluetooth: Add timer to Acknowledge I-frames Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 19/34] Bluetooth: Move specific Basic Mode code to the right place Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 20/34] Bluetooth: Ignore Tx Window value with Streaming mode Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 21/34] Bluetooth: Read RFC conf option on a successful Conf RSP Gustavo F. Padovan
2010-04-01 20:23 ` Gustavo F. Padovan [this message]
2010-04-01 20:23 ` [PATCH 23/34] Bluetooth: Add le16 macro to Retransmission and Monitor Timeouts values Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 24/34] Bluetooth: Check the SDU size against the MTU value Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 25/34] Bluetooth: Send Ack after clear the SREJ list Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 26/34] Bluetooth: Add sockopt configuration for txWindow on L2CAP Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 27/34] Bluetooth: Change acknowledgement to use the value of txWindow Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 28/34] Bluetooth: Add module parameter for txWindow size on L2CAP Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 29/34] Bluetooth: Enable option to configure Max Transmission value via sockopt Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 30/34] Bluetooth: Make hci_send_acl() void Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 31/34] Bluetooth: Make hci_send_sco() void Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 32/34] Bluetooth: Return the data length sent on connectionless channels Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 33/34] Bluetooth: Clean sco_send_frame() flow Gustavo F. Padovan
2010-04-01 20:23 ` [PATCH 34/34] Bluetooth: Remove unneeded check for MTU on sco_send_frame() Gustavo F. Padovan
2010-04-19 20:15 ` Patches for eL2CAP Gustavo F. Padovan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1270153432-6477-23-git-send-email-padovan@profusion.mobi \
--to=padovan@profusion.mobi \
--cc=gustavo@padovan.org \
--cc=jprvita@profusion.mobi \
--cc=linux-bluetooth@vger.kernel.org \
--cc=marcel@holtmann.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).