* [PATCH 01/13] Bluetooth: Remove max_tx and tx_window modules paramenter from L2CAP
@ 2010-05-31 17:02 Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 02/13] Bluetooth: Remove L2CAP Extended Features from Kconfig Gustavo F. Padovan
0 siblings, 1 reply; 13+ messages in thread
From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw)
To: linux-bluetooth; +Cc: jprvita, gustavo, marcel
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
---
net/bluetooth/l2cap.c | 12 ++----------
1 files changed, 2 insertions(+), 10 deletions(-)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 1b682a5..5c636b3 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -60,8 +60,6 @@ static int enable_ertm = 1;
#else
static int enable_ertm = 0;
#endif
-static int max_transmit = L2CAP_DEFAULT_MAX_TX;
-static int tx_window = L2CAP_DEFAULT_TX_WINDOW;
static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
static u8 l2cap_fixed_chan[8] = { 0x02, };
@@ -808,9 +806,9 @@ static void l2cap_sock_init(struct sock *sk, struct sock *parent)
pi->mode = L2CAP_MODE_ERTM;
else
pi->mode = L2CAP_MODE_BASIC;
- pi->max_tx = max_transmit;
+ pi->max_tx = L2CAP_DEFAULT_MAX_TX;
pi->fcs = L2CAP_FCS_CRC16;
- pi->tx_win = tx_window;
+ pi->tx_win = L2CAP_DEFAULT_TX_WINDOW;
pi->sec_level = BT_SECURITY_LOW;
pi->role_switch = 0;
pi->force_reliable = 0;
@@ -4674,12 +4672,6 @@ module_exit(l2cap_exit);
module_param(enable_ertm, bool, 0644);
MODULE_PARM_DESC(enable_ertm, "Enable enhanced retransmission mode");
-module_param(max_transmit, uint, 0644);
-MODULE_PARM_DESC(max_transmit, "Max transmit value (default = 3)");
-
-module_param(tx_window, uint, 0644);
-MODULE_PARM_DESC(tx_window, "Transmission window size value (default = 63)");
-
MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
MODULE_VERSION(VERSION);
--
1.6.4.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 02/13] Bluetooth: Remove L2CAP Extended Features from Kconfig
2010-05-31 17:02 [PATCH 01/13] Bluetooth: Remove max_tx and tx_window modules paramenter from L2CAP Gustavo F. Padovan
@ 2010-05-31 17:02 ` Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 03/13] Bluetooth: Fix drop of packets with invalid req_seq/tx_seq Gustavo F. Padovan
0 siblings, 1 reply; 13+ messages in thread
From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw)
To: linux-bluetooth; +Cc: jprvita, gustavo, marcel
This reverts commit 84fb0a6334af0ccad3544f6972c055d90fbb9fbe
One can use other mechanisms to enable L2CAP Extended Features.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
---
net/bluetooth/Kconfig | 13 -------------
net/bluetooth/l2cap.c | 4 ----
2 files changed, 0 insertions(+), 17 deletions(-)
diff --git a/net/bluetooth/Kconfig b/net/bluetooth/Kconfig
index ee3b304..ed37168 100644
--- a/net/bluetooth/Kconfig
+++ b/net/bluetooth/Kconfig
@@ -43,19 +43,6 @@ config BT_L2CAP
Say Y here to compile L2CAP support into the kernel or say M to
compile it as module (l2cap).
-config BT_L2CAP_EXT_FEATURES
- bool "L2CAP Extended Features support (EXPERIMENTAL)"
- depends on BT_L2CAP && EXPERIMENTAL
- help
- This option enables the L2CAP Extended Features support. These
- new features include the Enhanced Retransmission and Streaming
- Modes, the Frame Check Sequence (FCS), and Segmentation and
- Reassembly (SAR) for L2CAP packets. They are a required for the
- new Alternate MAC/PHY and the Bluetooth Medical Profile.
-
- You should say N unless you know what you are doing. Note that
- this is in an experimental state yet.
-
config BT_SCO
tristate "SCO links support"
depends on BT
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 5c636b3..e036419 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -55,11 +55,7 @@
#define VERSION "2.14"
-#ifdef CONFIG_BT_L2CAP_EXT_FEATURES
-static int enable_ertm = 1;
-#else
static int enable_ertm = 0;
-#endif
static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
static u8 l2cap_fixed_chan[8] = { 0x02, };
--
1.6.4.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 03/13] Bluetooth: Fix drop of packets with invalid req_seq/tx_seq
2010-05-31 17:02 ` [PATCH 02/13] Bluetooth: Remove L2CAP Extended Features from Kconfig Gustavo F. Padovan
@ 2010-05-31 17:02 ` Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 04/13] Bluetooth: Check skb_clone return to avoid NULL dereference Gustavo F. Padovan
0 siblings, 1 reply; 13+ messages in thread
From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw)
To: linux-bluetooth; +Cc: jprvita, gustavo, marcel
We can't use an unsigned var since we are expecting negatives value
there too.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
---
net/bluetooth/l2cap.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index e036419..b08731d 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -3789,7 +3789,7 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
u8 tx_seq = __get_txseq(rx_control);
u8 req_seq = __get_reqseq(rx_control);
u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
- u8 tx_seq_offset, expected_tx_seq_offset;
+ int tx_seq_offset, expected_tx_seq_offset;
int num_to_ack = (pi->tx_win/6) + 1;
int err = 0;
@@ -4074,7 +4074,8 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
struct sock *sk;
struct l2cap_pinfo *pi;
u16 control, len;
- u8 tx_seq, req_seq, next_tx_seq_offset, req_seq_offset;
+ u8 tx_seq, req_seq;
+ int next_tx_seq_offset, req_seq_offset;
sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
if (!sk) {
--
1.6.4.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 04/13] Bluetooth: Check skb_clone return to avoid NULL dereference
2010-05-31 17:02 ` [PATCH 03/13] Bluetooth: Fix drop of packets with invalid req_seq/tx_seq Gustavo F. Padovan
@ 2010-05-31 17:02 ` Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 05/13] Bluetooth: Fix ERTM vars increment Gustavo F. Padovan
0 siblings, 1 reply; 13+ messages in thread
From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw)
To: linux-bluetooth; +Cc: jprvita, gustavo, marcel
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
---
net/bluetooth/l2cap.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index b08731d..27e69f6 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -1335,6 +1335,8 @@ static int l2cap_streaming_send(struct sock *sk)
while ((skb = sk->sk_send_head)) {
tx_skb = skb_clone(skb, GFP_ATOMIC);
+ if (!tx_skb)
+ break;
control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
@@ -1420,6 +1422,8 @@ static int l2cap_ertm_send(struct sock *sk)
}
tx_skb = skb_clone(skb, GFP_ATOMIC);
+ if (!tx_skb)
+ break;
bt_cb(skb)->retries++;
--
1.6.4.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 05/13] Bluetooth: Fix ERTM vars increment
2010-05-31 17:02 ` [PATCH 04/13] Bluetooth: Check skb_clone return to avoid NULL dereference Gustavo F. Padovan
@ 2010-05-31 17:02 ` Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 06/13] Bluetooth: Check packet FCS earlier Gustavo F. Padovan
0 siblings, 1 reply; 13+ messages in thread
From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw)
To: linux-bluetooth; +Cc: jprvita, gustavo, marcel
They should be modulo 64 ;)
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
---
net/bluetooth/l2cap.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 27e69f6..a567614 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -3745,7 +3745,7 @@ static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq)
l2cap_ertm_reassembly_sdu(sk, skb, control);
l2cap_pi(sk)->buffer_seq_srej =
(l2cap_pi(sk)->buffer_seq_srej + 1) % 64;
- tx_seq++;
+ tx_seq = (tx_seq + 1) % 64;
}
}
@@ -3781,10 +3781,11 @@ static void l2cap_send_srejframe(struct sock *sk, u8 tx_seq)
l2cap_send_sframe(pi, control);
new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
- new->tx_seq = pi->expected_tx_seq++;
+ new->tx_seq = pi->expected_tx_seq;
+ pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
list_add_tail(&new->list, SREJ_LIST(sk));
}
- pi->expected_tx_seq++;
+ pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
}
static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
--
1.6.4.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 06/13] Bluetooth: Check packet FCS earlier
2010-05-31 17:02 ` [PATCH 05/13] Bluetooth: Fix ERTM vars increment Gustavo F. Padovan
@ 2010-05-31 17:02 ` Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 07/13] Bluetooth: Only check SAR bits if frame is I-frame Gustavo F. Padovan
0 siblings, 1 reply; 13+ messages in thread
From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw)
To: linux-bluetooth; +Cc: jprvita, gustavo, marcel
This way, if FCS is enabled and the packet is corrupted, we just drop it
without read it len, which could be corrupted.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
---
net/bluetooth/l2cap.c | 22 +++++++++++-----------
1 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index a567614..97584d8 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -4114,25 +4114,25 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
skb_pull(skb, 2);
len = skb->len;
+ /*
+ * We can just drop the corrupted I-frame here.
+ * Receiver will miss it and start proper recovery
+ * procedures and ask retransmission.
+ */
+ if (l2cap_check_fcs(pi, skb))
+ goto drop;
+
if (__is_sar_start(control))
len -= 2;
if (pi->fcs == L2CAP_FCS_CRC16)
len -= 2;
- /*
- * We can just drop the corrupted I-frame here.
- * Receiver will miss it and start proper recovery
- * procedures and ask retransmission.
- */
if (len > pi->mps) {
l2cap_send_disconn_req(pi->conn, sk);
goto drop;
}
- if (l2cap_check_fcs(pi, skb))
- goto drop;
-
req_seq = __get_reqseq(control);
req_seq_offset = (req_seq - pi->expected_ack_seq) % 64;
if (req_seq_offset < 0)
@@ -4172,6 +4172,9 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
skb_pull(skb, 2);
len = skb->len;
+ if (l2cap_check_fcs(pi, skb))
+ goto drop;
+
if (__is_sar_start(control))
len -= 2;
@@ -4181,9 +4184,6 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
if (len > pi->mps || len < 4 || __is_sframe(control))
goto drop;
- if (l2cap_check_fcs(pi, skb))
- goto drop;
-
tx_seq = __get_txseq(control);
if (pi->expected_tx_seq == tx_seq)
--
1.6.4.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 07/13] Bluetooth: Only check SAR bits if frame is I-frame
2010-05-31 17:02 ` [PATCH 06/13] Bluetooth: Check packet FCS earlier Gustavo F. Padovan
@ 2010-05-31 17:02 ` Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 08/13] Bluetooth: Stop ack_timer if ERTM enters in Local Busy or SREJ_SENT Gustavo F. Padovan
0 siblings, 1 reply; 13+ messages in thread
From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw)
To: linux-bluetooth; +Cc: jprvita, gustavo, marcel
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
---
net/bluetooth/l2cap.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 97584d8..7a8454a 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -4122,7 +4122,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
if (l2cap_check_fcs(pi, skb))
goto drop;
- if (__is_sar_start(control))
+ if (__is_sar_start(control) && __is_iframe(control))
len -= 2;
if (pi->fcs == L2CAP_FCS_CRC16)
--
1.6.4.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 08/13] Bluetooth: Stop ack_timer if ERTM enters in Local Busy or SREJ_SENT
2010-05-31 17:02 ` [PATCH 07/13] Bluetooth: Only check SAR bits if frame is I-frame Gustavo F. Padovan
@ 2010-05-31 17:02 ` Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 09/13] Bluetooth: Fix ERTM channel shutdown Gustavo F. Padovan
0 siblings, 1 reply; 13+ messages in thread
From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw)
To: linux-bluetooth; +Cc: jprvita, gustavo, marcel
The ack_timer is implemation specific, disabling it in such situation
avoids some potencial errors in the ERTM protocol.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Reviewed-by: João Paulo Rechi Vita <jprvita@profusion.mobi>
---
net/bluetooth/l2cap.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 7a8454a..35b7791 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -3632,6 +3632,8 @@ static int l2cap_push_rx_skb(struct sock *sk, struct sk_buff *skb, u16 control)
pi->conn_state |= L2CAP_CONN_RNR_SENT;
+ del_timer(&pi->ack_timer);
+
queue_work(_busy_wq, &pi->busy_work);
return err;
@@ -3881,6 +3883,8 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
pi->conn_state |= L2CAP_CONN_SEND_PBIT;
l2cap_send_srejframe(sk, tx_seq);
+
+ del_timer(&pi->ack_timer);
}
return 0;
--
1.6.4.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 09/13] Bluetooth: Fix ERTM channel shutdown
2010-05-31 17:02 ` [PATCH 08/13] Bluetooth: Stop ack_timer if ERTM enters in Local Busy or SREJ_SENT Gustavo F. Padovan
@ 2010-05-31 17:02 ` Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 10/13] Bluetooth: Fix crash when sending frames after connection is closed Gustavo F. Padovan
0 siblings, 1 reply; 13+ messages in thread
From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw)
To: linux-bluetooth; +Cc: jprvita, gustavo, marcel
After send a Disconnection Request we shall no send and receive frames
anymore. So we set it to BT_DISCONN when a Disconnection Request is
sent then L2CAP will not be able to send or receive any new packet, as
specified by L2CAP spec.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Reviewed-by: João Paulo Rechi Vita <jprvita@profusion.mobi>
---
net/bluetooth/l2cap.c | 50 +++++++++++++++++++++++++++++++++---------------
1 files changed, 34 insertions(+), 16 deletions(-)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 35b7791..3db0078 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -428,14 +428,41 @@ static void l2cap_do_start(struct sock *sk)
}
}
+static inline void l2cap_ertm_shutdown(struct sock *sk)
+{
+ struct srej_list *l, *tmp;
+
+ del_timer(&l2cap_pi(sk)->retrans_timer);
+ del_timer(&l2cap_pi(sk)->monitor_timer);
+ del_timer(&l2cap_pi(sk)->ack_timer);
+
+ skb_queue_purge(SREJ_QUEUE(sk));
+ skb_queue_purge(BUSY_QUEUE(sk));
+
+ list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) {
+ list_del(&l->list);
+ kfree(l);
+ }
+}
+
static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk)
{
struct l2cap_disconn_req req;
+ skb_queue_purge(TX_QUEUE(sk));
+
+ if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
+ del_timer(&l2cap_pi(sk)->retrans_timer);
+ del_timer(&l2cap_pi(sk)->monitor_timer);
+ del_timer(&l2cap_pi(sk)->ack_timer);
+ }
+
req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
l2cap_send_cmd(conn, l2cap_get_ident(conn),
L2CAP_DISCONN_REQ, sizeof(req), &req);
+
+ sk->sk_state = BT_DISCONN;
}
/* ---- L2CAP connections ---- */
@@ -726,7 +753,6 @@ static void __l2cap_sock_close(struct sock *sk, int reason)
sk->sk_type == SOCK_STREAM) {
struct l2cap_conn *conn = l2cap_pi(sk)->conn;
- sk->sk_state = BT_DISCONN;
l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
l2cap_send_disconn_req(conn, sk);
} else
@@ -1409,6 +1435,9 @@ static int l2cap_ertm_send(struct sock *sk)
u16 control, fcs;
int nsent = 0;
+ if (sk->sk_state != BT_CONNECTED)
+ return -ENOTCONN;
+
if (pi->conn_state & L2CAP_CONN_WAIT_F)
return 0;
@@ -3068,7 +3097,6 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
default:
sk->sk_state = BT_DISCONN;
- sk->sk_err = ECONNRESET;
l2cap_sock_set_timer(sk, HZ * 5);
l2cap_send_disconn_req(conn, sk);
goto done;
@@ -3123,13 +3151,8 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
skb_queue_purge(TX_QUEUE(sk));
- if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
- skb_queue_purge(SREJ_QUEUE(sk));
- skb_queue_purge(BUSY_QUEUE(sk));
- del_timer(&l2cap_pi(sk)->retrans_timer);
- del_timer(&l2cap_pi(sk)->monitor_timer);
- del_timer(&l2cap_pi(sk)->ack_timer);
- }
+ if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
+ l2cap_ertm_shutdown(sk);
l2cap_chan_del(sk, ECONNRESET);
bh_unlock_sock(sk);
@@ -3155,13 +3178,8 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
skb_queue_purge(TX_QUEUE(sk));
- if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
- skb_queue_purge(SREJ_QUEUE(sk));
- skb_queue_purge(BUSY_QUEUE(sk));
- del_timer(&l2cap_pi(sk)->retrans_timer);
- del_timer(&l2cap_pi(sk)->monitor_timer);
- del_timer(&l2cap_pi(sk)->ack_timer);
- }
+ if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
+ l2cap_ertm_shutdown(sk);
l2cap_chan_del(sk, 0);
bh_unlock_sock(sk);
--
1.6.4.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 10/13] Bluetooth: Fix crash when sending frames after connection is closed
2010-05-31 17:02 ` [PATCH 09/13] Bluetooth: Fix ERTM channel shutdown Gustavo F. Padovan
@ 2010-05-31 17:02 ` Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 11/13] Bluetooth: Fix ERTM error reporting to the userspace Gustavo F. Padovan
0 siblings, 1 reply; 13+ messages in thread
From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw)
To: linux-bluetooth; +Cc: jprvita, gustavo, marcel
At the time the channel is closed we can't really know if the timer
was really deleted, since we used del_timer(). We can't call
del_timer_sync() in interrupt context! So sometimes the acktimeout
expires and try to send a acknowledgement, but we don't have any
connection anymore.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Reviewed-by: João Paulo Rechi Vita <jprvita@profusion.mobi>
---
net/bluetooth/l2cap.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 3db0078..e5b766d 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -345,8 +345,12 @@ static inline void l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
struct sk_buff *skb;
struct l2cap_hdr *lh;
struct l2cap_conn *conn = pi->conn;
+ struct sock *sk = (struct sock *)pi;
int count, hlen = L2CAP_HDR_SIZE + 2;
+ if (sk->sk_state != BT_CONNECTED)
+ return;
+
if (pi->fcs == L2CAP_FCS_CRC16)
hlen += 2;
--
1.6.4.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 11/13] Bluetooth: Fix ERTM error reporting to the userspace
2010-05-31 17:02 ` [PATCH 10/13] Bluetooth: Fix crash when sending frames after connection is closed Gustavo F. Padovan
@ 2010-05-31 17:02 ` Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 12/13] Bluetooth: Fix handle of received P-bit Gustavo F. Padovan
0 siblings, 1 reply; 13+ messages in thread
From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw)
To: linux-bluetooth; +Cc: jprvita, gustavo, marcel
If any error occurs during transfers we have to tell userspace that
something wrong happened.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Reviewed-by: João Paulo Rechi Vita <jprvita@profusion.mobi>
---
net/bluetooth/l2cap.c | 39 ++++++++++++++++++++++-----------------
1 files changed, 22 insertions(+), 17 deletions(-)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index e5b766d..775204a 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -449,7 +449,7 @@ static inline void l2cap_ertm_shutdown(struct sock *sk)
}
}
-static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk)
+static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk, int err)
{
struct l2cap_disconn_req req;
@@ -467,6 +467,7 @@ static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk)
L2CAP_DISCONN_REQ, sizeof(req), &req);
sk->sk_state = BT_DISCONN;
+ sk->sk_err = err;
}
/* ---- L2CAP connections ---- */
@@ -758,7 +759,7 @@ static void __l2cap_sock_close(struct sock *sk, int reason)
struct l2cap_conn *conn = l2cap_pi(sk)->conn;
l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
- l2cap_send_disconn_req(conn, sk);
+ l2cap_send_disconn_req(conn, sk, reason);
} else
l2cap_chan_del(sk, reason);
break;
@@ -1303,7 +1304,7 @@ static void l2cap_monitor_timeout(unsigned long arg)
bh_lock_sock(sk);
if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
- l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk);
+ l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk, ECONNABORTED);
bh_unlock_sock(sk);
return;
}
@@ -1413,7 +1414,7 @@ static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
if (pi->remote_max_tx &&
bt_cb(skb)->retries == pi->remote_max_tx) {
- l2cap_send_disconn_req(pi->conn, sk);
+ l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED);
return;
}
@@ -1450,7 +1451,7 @@ static int l2cap_ertm_send(struct sock *sk)
if (pi->remote_max_tx &&
bt_cb(skb)->retries == pi->remote_max_tx) {
- l2cap_send_disconn_req(pi->conn, sk);
+ l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED);
break;
}
@@ -2168,6 +2169,10 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
err = bt_sock_wait_state(sk, BT_CLOSED,
sk->sk_lingertime);
}
+
+ if (!err && sk->sk_err)
+ err = -sk->sk_err;
+
release_sock(sk);
return err;
}
@@ -2439,7 +2444,7 @@ static int l2cap_build_conf_req(struct sock *sk, void *data)
case L2CAP_MODE_ERTM:
pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
if (!l2cap_mode_supported(pi->mode, pi->conn->feat_mask))
- l2cap_send_disconn_req(pi->conn, sk);
+ l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
break;
default:
pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
@@ -3008,7 +3013,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
/* Complete config. */
len = l2cap_parse_conf_req(sk, rsp);
if (len < 0) {
- l2cap_send_disconn_req(conn, sk);
+ l2cap_send_disconn_req(conn, sk, ECONNRESET);
goto unlock;
}
@@ -3078,7 +3083,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
char req[64];
if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
- l2cap_send_disconn_req(conn, sk);
+ l2cap_send_disconn_req(conn, sk, ECONNRESET);
goto done;
}
@@ -3087,7 +3092,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
len = l2cap_parse_conf_rsp(sk, rsp->data,
len, req, &result);
if (len < 0) {
- l2cap_send_disconn_req(conn, sk);
+ l2cap_send_disconn_req(conn, sk, ECONNRESET);
goto done;
}
@@ -3102,7 +3107,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
default:
sk->sk_state = BT_DISCONN;
l2cap_sock_set_timer(sk, HZ * 5);
- l2cap_send_disconn_req(conn, sk);
+ l2cap_send_disconn_req(conn, sk, ECONNRESET);
goto done;
}
@@ -3545,7 +3550,7 @@ drop:
pi->sdu = NULL;
disconnect:
- l2cap_send_disconn_req(pi->conn, sk);
+ l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
kfree_skb(skb);
return 0;
}
@@ -3568,7 +3573,7 @@ static void l2cap_busy_work(struct work_struct *work)
if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) {
err = -EBUSY;
- l2cap_send_disconn_req(pi->conn, sk);
+ l2cap_send_disconn_req(pi->conn, sk, EBUSY);
goto done;
}
@@ -3844,7 +3849,7 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
/* invalid tx_seq */
if (tx_seq_offset >= pi->tx_win) {
- l2cap_send_disconn_req(pi->conn, sk);
+ l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
goto drop;
}
@@ -4155,7 +4160,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
len -= 2;
if (len > pi->mps) {
- l2cap_send_disconn_req(pi->conn, sk);
+ l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
goto drop;
}
@@ -4171,20 +4176,20 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
/* check for invalid req-seq */
if (req_seq_offset > next_tx_seq_offset) {
- l2cap_send_disconn_req(pi->conn, sk);
+ l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
goto drop;
}
if (__is_iframe(control)) {
if (len < 4) {
- l2cap_send_disconn_req(pi->conn, sk);
+ l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
goto drop;
}
l2cap_data_channel_iframe(sk, control, skb);
} else {
if (len != 0) {
- l2cap_send_disconn_req(pi->conn, sk);
+ l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
goto drop;
}
--
1.6.4.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 12/13] Bluetooth: Fix handle of received P-bit
2010-05-31 17:02 ` [PATCH 11/13] Bluetooth: Fix ERTM error reporting to the userspace Gustavo F. Padovan
@ 2010-05-31 17:02 ` Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 13/13] Bluetooth: Add debug output to ERTM code Gustavo F. Padovan
0 siblings, 1 reply; 13+ messages in thread
From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw)
To: linux-bluetooth; +Cc: jprvita, gustavo, marcel
This is a protocol error. We shall send a F-bit in response
to any P-bit received.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Reviewed-by: João Paulo Rechi Vita <jprvita@profusion.mobi>
---
net/bluetooth/l2cap.c | 14 +++++++++++++-
1 files changed, 13 insertions(+), 1 deletions(-)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 775204a..fc0084b 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -1421,8 +1421,15 @@ static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
tx_skb = skb_clone(skb, GFP_ATOMIC);
bt_cb(skb)->retries++;
control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
+
+ if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
+ control |= L2CAP_CTRL_FINAL;
+ pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
+ }
+
control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
| (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
+
put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
if (pi->fcs == L2CAP_FCS_CRC16) {
@@ -3388,7 +3395,6 @@ static inline void l2cap_send_i_or_rr_or_rnr(struct sock *sk)
u16 control = 0;
pi->frames_sent = 0;
- pi->conn_state |= L2CAP_CONN_SEND_FBIT;
control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
@@ -3957,6 +3963,7 @@ static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control)
l2cap_drop_acked_frames(sk);
if (rx_control & L2CAP_CTRL_POLL) {
+ pi->conn_state |= L2CAP_CONN_SEND_FBIT;
if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
(pi->unacked_frames > 0))
@@ -4024,6 +4031,8 @@ static inline void l2cap_data_channel_srejframe(struct sock *sk, u16 rx_control)
if (rx_control & L2CAP_CTRL_POLL) {
pi->expected_ack_seq = tx_seq;
l2cap_drop_acked_frames(sk);
+
+ pi->conn_state |= L2CAP_CONN_SEND_FBIT;
l2cap_retransmit_one_frame(sk, tx_seq);
spin_lock_bh(&pi->send_lock);
@@ -4058,6 +4067,9 @@ static inline void l2cap_data_channel_rnrframe(struct sock *sk, u16 rx_control)
pi->expected_ack_seq = tx_seq;
l2cap_drop_acked_frames(sk);
+ if (rx_control & L2CAP_CTRL_POLL)
+ pi->conn_state |= L2CAP_CONN_SEND_FBIT;
+
if (!(pi->conn_state & L2CAP_CONN_SREJ_SENT)) {
del_timer(&pi->retrans_timer);
if (rx_control & L2CAP_CTRL_POLL)
--
1.6.4.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 13/13] Bluetooth: Add debug output to ERTM code
2010-05-31 17:02 ` [PATCH 12/13] Bluetooth: Fix handle of received P-bit Gustavo F. Padovan
@ 2010-05-31 17:02 ` Gustavo F. Padovan
0 siblings, 0 replies; 13+ messages in thread
From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw)
To: linux-bluetooth; +Cc: jprvita, gustavo, marcel
Use the dynamic debug to output info about ERTM protocol stuff.
The following script can be used to enable debug for ERTM:
DEBUGFS="/sys/kernel/debug/dynamic_debug/control"
echo -n 'func l2cap_send_disconn_req +p' > $DEBUGFS
echo -n 'func l2cap_monitor_timeout +p' > $DEBUGFS
echo -n 'func l2cap_retrans_timeout +p' > $DEBUGFS
echo -n 'func l2cap_busy_work +p' > $DEBUGFS
echo -n 'func l2cap_push_rx_skb +p' > $DEBUGFS
echo -n 'func l2cap_data_channel_iframe +p' > $DEBUGFS
echo -n 'func l2cap_data_channel_rrframe +p' > $DEBUGFS
echo -n 'func l2cap_data_channel_rejframe +p' > $DEBUGFS
echo -n 'func l2cap_data_channel_srejframe +p' > $DEBUGFS
echo -n 'func l2cap_data_channel_rnrframe +p' > $DEBUGFS
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Reviewed-by: João Paulo Rechi Vita <jprvita@profusion.mobi>
---
net/bluetooth/l2cap.c | 25 ++++++++++++++++++++++++-
1 files changed, 24 insertions(+), 1 deletions(-)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index fc0084b..ba980dc 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -453,6 +453,8 @@ static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk, int
{
struct l2cap_disconn_req req;
+ BT_DBG("sk %p", sk);
+
skb_queue_purge(TX_QUEUE(sk));
if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
@@ -1302,6 +1304,8 @@ static void l2cap_monitor_timeout(unsigned long arg)
{
struct sock *sk = (void *) arg;
+ BT_DBG("sk %p", sk);
+
bh_lock_sock(sk);
if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk, ECONNABORTED);
@@ -1320,6 +1324,8 @@ static void l2cap_retrans_timeout(unsigned long arg)
{
struct sock *sk = (void *) arg;
+ BT_DBG("sk %p", sk);
+
bh_lock_sock(sk);
l2cap_pi(sk)->retry_count = 1;
__mod_monitor_timer();
@@ -3631,6 +3637,8 @@ done:
pi->conn_state &= ~L2CAP_CONN_LOCAL_BUSY;
pi->conn_state &= ~L2CAP_CONN_RNR_SENT;
+ BT_DBG("sk %p, Exit local busy", sk);
+
set_current_state(TASK_RUNNING);
remove_wait_queue(sk_sleep(sk), &wait);
@@ -3655,6 +3663,8 @@ static int l2cap_push_rx_skb(struct sock *sk, struct sk_buff *skb, u16 control)
}
/* Busy Condition */
+ BT_DBG("sk %p, Enter local busy", sk);
+
pi->conn_state |= L2CAP_CONN_LOCAL_BUSY;
bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
__skb_queue_tail(BUSY_QUEUE(sk), skb);
@@ -3833,7 +3843,8 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
int num_to_ack = (pi->tx_win/6) + 1;
int err = 0;
- BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
+ BT_DBG("sk %p len %d tx_seq %d rx_control 0x%4.4x", sk, skb->len, tx_seq,
+ rx_control);
if (L2CAP_CTRL_FINAL & rx_control &&
l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) {
@@ -3878,6 +3889,7 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
pi->buffer_seq = pi->buffer_seq_srej;
pi->conn_state &= ~L2CAP_CONN_SREJ_SENT;
l2cap_send_ack(pi);
+ BT_DBG("sk %p, Exit SREJ_SENT", sk);
}
} else {
struct srej_list *l;
@@ -3906,6 +3918,8 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
pi->conn_state |= L2CAP_CONN_SREJ_SENT;
+ BT_DBG("sk %p, Enter SREJ", sk);
+
INIT_LIST_HEAD(SREJ_LIST(sk));
pi->buffer_seq_srej = pi->buffer_seq;
@@ -3959,6 +3973,9 @@ static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control)
{
struct l2cap_pinfo *pi = l2cap_pi(sk);
+ BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, __get_reqseq(rx_control),
+ rx_control);
+
pi->expected_ack_seq = __get_reqseq(rx_control);
l2cap_drop_acked_frames(sk);
@@ -4004,6 +4021,8 @@ static inline void l2cap_data_channel_rejframe(struct sock *sk, u16 rx_control)
struct l2cap_pinfo *pi = l2cap_pi(sk);
u8 tx_seq = __get_reqseq(rx_control);
+ BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
+
pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
pi->expected_ack_seq = tx_seq;
@@ -4026,6 +4045,8 @@ static inline void l2cap_data_channel_srejframe(struct sock *sk, u16 rx_control)
struct l2cap_pinfo *pi = l2cap_pi(sk);
u8 tx_seq = __get_reqseq(rx_control);
+ BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
+
pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
if (rx_control & L2CAP_CTRL_POLL) {
@@ -4063,6 +4084,8 @@ static inline void l2cap_data_channel_rnrframe(struct sock *sk, u16 rx_control)
struct l2cap_pinfo *pi = l2cap_pi(sk);
u8 tx_seq = __get_reqseq(rx_control);
+ BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
+
pi->conn_state |= L2CAP_CONN_REMOTE_BUSY;
pi->expected_ack_seq = tx_seq;
l2cap_drop_acked_frames(sk);
--
1.6.4.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
end of thread, other threads:[~2010-05-31 17:02 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-05-31 17:02 [PATCH 01/13] Bluetooth: Remove max_tx and tx_window modules paramenter from L2CAP Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 02/13] Bluetooth: Remove L2CAP Extended Features from Kconfig Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 03/13] Bluetooth: Fix drop of packets with invalid req_seq/tx_seq Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 04/13] Bluetooth: Check skb_clone return to avoid NULL dereference Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 05/13] Bluetooth: Fix ERTM vars increment Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 06/13] Bluetooth: Check packet FCS earlier Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 07/13] Bluetooth: Only check SAR bits if frame is I-frame Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 08/13] Bluetooth: Stop ack_timer if ERTM enters in Local Busy or SREJ_SENT Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 09/13] Bluetooth: Fix ERTM channel shutdown Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 10/13] Bluetooth: Fix crash when sending frames after connection is closed Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 11/13] Bluetooth: Fix ERTM error reporting to the userspace Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 12/13] Bluetooth: Fix handle of received P-bit Gustavo F. Padovan
2010-05-31 17:02 ` [PATCH 13/13] Bluetooth: Add debug output to ERTM code Gustavo F. Padovan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).