* [PATCH 01/13] Bluetooth: Remove max_tx and tx_window modules paramenter from L2CAP @ 2010-05-31 17:02 Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 02/13] Bluetooth: Remove L2CAP Extended Features from Kconfig Gustavo F. Padovan 0 siblings, 1 reply; 13+ messages in thread From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw) To: linux-bluetooth; +Cc: jprvita, gustavo, marcel Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> --- net/bluetooth/l2cap.c | 12 ++---------- 1 files changed, 2 insertions(+), 10 deletions(-) diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index 1b682a5..5c636b3 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c @@ -60,8 +60,6 @@ static int enable_ertm = 1; #else static int enable_ertm = 0; #endif -static int max_transmit = L2CAP_DEFAULT_MAX_TX; -static int tx_window = L2CAP_DEFAULT_TX_WINDOW; static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN; static u8 l2cap_fixed_chan[8] = { 0x02, }; @@ -808,9 +806,9 @@ static void l2cap_sock_init(struct sock *sk, struct sock *parent) pi->mode = L2CAP_MODE_ERTM; else pi->mode = L2CAP_MODE_BASIC; - pi->max_tx = max_transmit; + pi->max_tx = L2CAP_DEFAULT_MAX_TX; pi->fcs = L2CAP_FCS_CRC16; - pi->tx_win = tx_window; + pi->tx_win = L2CAP_DEFAULT_TX_WINDOW; pi->sec_level = BT_SECURITY_LOW; pi->role_switch = 0; pi->force_reliable = 0; @@ -4674,12 +4672,6 @@ module_exit(l2cap_exit); module_param(enable_ertm, bool, 0644); MODULE_PARM_DESC(enable_ertm, "Enable enhanced retransmission mode"); -module_param(max_transmit, uint, 0644); -MODULE_PARM_DESC(max_transmit, "Max transmit value (default = 3)"); - -module_param(tx_window, uint, 0644); -MODULE_PARM_DESC(tx_window, "Transmission window size value (default = 63)"); - MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION); MODULE_VERSION(VERSION); -- 1.6.4.4 ^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 02/13] Bluetooth: Remove L2CAP Extended Features from Kconfig 2010-05-31 17:02 [PATCH 01/13] Bluetooth: Remove max_tx and tx_window modules paramenter from L2CAP Gustavo F. Padovan @ 2010-05-31 17:02 ` Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 03/13] Bluetooth: Fix drop of packets with invalid req_seq/tx_seq Gustavo F. Padovan 0 siblings, 1 reply; 13+ messages in thread From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw) To: linux-bluetooth; +Cc: jprvita, gustavo, marcel This reverts commit 84fb0a6334af0ccad3544f6972c055d90fbb9fbe One can use other mechanisms to enable L2CAP Extended Features. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> --- net/bluetooth/Kconfig | 13 ------------- net/bluetooth/l2cap.c | 4 ---- 2 files changed, 0 insertions(+), 17 deletions(-) diff --git a/net/bluetooth/Kconfig b/net/bluetooth/Kconfig index ee3b304..ed37168 100644 --- a/net/bluetooth/Kconfig +++ b/net/bluetooth/Kconfig @@ -43,19 +43,6 @@ config BT_L2CAP Say Y here to compile L2CAP support into the kernel or say M to compile it as module (l2cap). -config BT_L2CAP_EXT_FEATURES - bool "L2CAP Extended Features support (EXPERIMENTAL)" - depends on BT_L2CAP && EXPERIMENTAL - help - This option enables the L2CAP Extended Features support. These - new features include the Enhanced Retransmission and Streaming - Modes, the Frame Check Sequence (FCS), and Segmentation and - Reassembly (SAR) for L2CAP packets. They are a required for the - new Alternate MAC/PHY and the Bluetooth Medical Profile. - - You should say N unless you know what you are doing. Note that - this is in an experimental state yet. - config BT_SCO tristate "SCO links support" depends on BT diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index 5c636b3..e036419 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c @@ -55,11 +55,7 @@ #define VERSION "2.14" -#ifdef CONFIG_BT_L2CAP_EXT_FEATURES -static int enable_ertm = 1; -#else static int enable_ertm = 0; -#endif static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN; static u8 l2cap_fixed_chan[8] = { 0x02, }; -- 1.6.4.4 ^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 03/13] Bluetooth: Fix drop of packets with invalid req_seq/tx_seq 2010-05-31 17:02 ` [PATCH 02/13] Bluetooth: Remove L2CAP Extended Features from Kconfig Gustavo F. Padovan @ 2010-05-31 17:02 ` Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 04/13] Bluetooth: Check skb_clone return to avoid NULL dereference Gustavo F. Padovan 0 siblings, 1 reply; 13+ messages in thread From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw) To: linux-bluetooth; +Cc: jprvita, gustavo, marcel We can't use an unsigned var since we are expecting negatives value there too. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> --- net/bluetooth/l2cap.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index e036419..b08731d 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c @@ -3789,7 +3789,7 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str u8 tx_seq = __get_txseq(rx_control); u8 req_seq = __get_reqseq(rx_control); u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT; - u8 tx_seq_offset, expected_tx_seq_offset; + int tx_seq_offset, expected_tx_seq_offset; int num_to_ack = (pi->tx_win/6) + 1; int err = 0; @@ -4074,7 +4074,8 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk struct sock *sk; struct l2cap_pinfo *pi; u16 control, len; - u8 tx_seq, req_seq, next_tx_seq_offset, req_seq_offset; + u8 tx_seq, req_seq; + int next_tx_seq_offset, req_seq_offset; sk = l2cap_get_chan_by_scid(&conn->chan_list, cid); if (!sk) { -- 1.6.4.4 ^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 04/13] Bluetooth: Check skb_clone return to avoid NULL dereference 2010-05-31 17:02 ` [PATCH 03/13] Bluetooth: Fix drop of packets with invalid req_seq/tx_seq Gustavo F. Padovan @ 2010-05-31 17:02 ` Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 05/13] Bluetooth: Fix ERTM vars increment Gustavo F. Padovan 0 siblings, 1 reply; 13+ messages in thread From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw) To: linux-bluetooth; +Cc: jprvita, gustavo, marcel Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> --- net/bluetooth/l2cap.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index b08731d..27e69f6 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c @@ -1335,6 +1335,8 @@ static int l2cap_streaming_send(struct sock *sk) while ((skb = sk->sk_send_head)) { tx_skb = skb_clone(skb, GFP_ATOMIC); + if (!tx_skb) + break; control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT; @@ -1420,6 +1422,8 @@ static int l2cap_ertm_send(struct sock *sk) } tx_skb = skb_clone(skb, GFP_ATOMIC); + if (!tx_skb) + break; bt_cb(skb)->retries++; -- 1.6.4.4 ^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 05/13] Bluetooth: Fix ERTM vars increment 2010-05-31 17:02 ` [PATCH 04/13] Bluetooth: Check skb_clone return to avoid NULL dereference Gustavo F. Padovan @ 2010-05-31 17:02 ` Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 06/13] Bluetooth: Check packet FCS earlier Gustavo F. Padovan 0 siblings, 1 reply; 13+ messages in thread From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw) To: linux-bluetooth; +Cc: jprvita, gustavo, marcel They should be modulo 64 ;) Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> --- net/bluetooth/l2cap.c | 7 ++++--- 1 files changed, 4 insertions(+), 3 deletions(-) diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index 27e69f6..a567614 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c @@ -3745,7 +3745,7 @@ static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq) l2cap_ertm_reassembly_sdu(sk, skb, control); l2cap_pi(sk)->buffer_seq_srej = (l2cap_pi(sk)->buffer_seq_srej + 1) % 64; - tx_seq++; + tx_seq = (tx_seq + 1) % 64; } } @@ -3781,10 +3781,11 @@ static void l2cap_send_srejframe(struct sock *sk, u8 tx_seq) l2cap_send_sframe(pi, control); new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC); - new->tx_seq = pi->expected_tx_seq++; + new->tx_seq = pi->expected_tx_seq; + pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64; list_add_tail(&new->list, SREJ_LIST(sk)); } - pi->expected_tx_seq++; + pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64; } static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, struct sk_buff *skb) -- 1.6.4.4 ^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 06/13] Bluetooth: Check packet FCS earlier 2010-05-31 17:02 ` [PATCH 05/13] Bluetooth: Fix ERTM vars increment Gustavo F. Padovan @ 2010-05-31 17:02 ` Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 07/13] Bluetooth: Only check SAR bits if frame is I-frame Gustavo F. Padovan 0 siblings, 1 reply; 13+ messages in thread From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw) To: linux-bluetooth; +Cc: jprvita, gustavo, marcel This way, if FCS is enabled and the packet is corrupted, we just drop it without read it len, which could be corrupted. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> --- net/bluetooth/l2cap.c | 22 +++++++++++----------- 1 files changed, 11 insertions(+), 11 deletions(-) diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index a567614..97584d8 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c @@ -4114,25 +4114,25 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk skb_pull(skb, 2); len = skb->len; + /* + * We can just drop the corrupted I-frame here. + * Receiver will miss it and start proper recovery + * procedures and ask retransmission. + */ + if (l2cap_check_fcs(pi, skb)) + goto drop; + if (__is_sar_start(control)) len -= 2; if (pi->fcs == L2CAP_FCS_CRC16) len -= 2; - /* - * We can just drop the corrupted I-frame here. - * Receiver will miss it and start proper recovery - * procedures and ask retransmission. - */ if (len > pi->mps) { l2cap_send_disconn_req(pi->conn, sk); goto drop; } - if (l2cap_check_fcs(pi, skb)) - goto drop; - req_seq = __get_reqseq(control); req_seq_offset = (req_seq - pi->expected_ack_seq) % 64; if (req_seq_offset < 0) @@ -4172,6 +4172,9 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk skb_pull(skb, 2); len = skb->len; + if (l2cap_check_fcs(pi, skb)) + goto drop; + if (__is_sar_start(control)) len -= 2; @@ -4181,9 +4184,6 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk if (len > pi->mps || len < 4 || __is_sframe(control)) goto drop; - if (l2cap_check_fcs(pi, skb)) - goto drop; - tx_seq = __get_txseq(control); if (pi->expected_tx_seq == tx_seq) -- 1.6.4.4 ^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 07/13] Bluetooth: Only check SAR bits if frame is I-frame 2010-05-31 17:02 ` [PATCH 06/13] Bluetooth: Check packet FCS earlier Gustavo F. Padovan @ 2010-05-31 17:02 ` Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 08/13] Bluetooth: Stop ack_timer if ERTM enters in Local Busy or SREJ_SENT Gustavo F. Padovan 0 siblings, 1 reply; 13+ messages in thread From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw) To: linux-bluetooth; +Cc: jprvita, gustavo, marcel Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> --- net/bluetooth/l2cap.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index 97584d8..7a8454a 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c @@ -4122,7 +4122,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk if (l2cap_check_fcs(pi, skb)) goto drop; - if (__is_sar_start(control)) + if (__is_sar_start(control) && __is_iframe(control)) len -= 2; if (pi->fcs == L2CAP_FCS_CRC16) -- 1.6.4.4 ^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 08/13] Bluetooth: Stop ack_timer if ERTM enters in Local Busy or SREJ_SENT 2010-05-31 17:02 ` [PATCH 07/13] Bluetooth: Only check SAR bits if frame is I-frame Gustavo F. Padovan @ 2010-05-31 17:02 ` Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 09/13] Bluetooth: Fix ERTM channel shutdown Gustavo F. Padovan 0 siblings, 1 reply; 13+ messages in thread From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw) To: linux-bluetooth; +Cc: jprvita, gustavo, marcel The ack_timer is implemation specific, disabling it in such situation avoids some potencial errors in the ERTM protocol. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> Reviewed-by: João Paulo Rechi Vita <jprvita@profusion.mobi> --- net/bluetooth/l2cap.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index 7a8454a..35b7791 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c @@ -3632,6 +3632,8 @@ static int l2cap_push_rx_skb(struct sock *sk, struct sk_buff *skb, u16 control) pi->conn_state |= L2CAP_CONN_RNR_SENT; + del_timer(&pi->ack_timer); + queue_work(_busy_wq, &pi->busy_work); return err; @@ -3881,6 +3883,8 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str pi->conn_state |= L2CAP_CONN_SEND_PBIT; l2cap_send_srejframe(sk, tx_seq); + + del_timer(&pi->ack_timer); } return 0; -- 1.6.4.4 ^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 09/13] Bluetooth: Fix ERTM channel shutdown 2010-05-31 17:02 ` [PATCH 08/13] Bluetooth: Stop ack_timer if ERTM enters in Local Busy or SREJ_SENT Gustavo F. Padovan @ 2010-05-31 17:02 ` Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 10/13] Bluetooth: Fix crash when sending frames after connection is closed Gustavo F. Padovan 0 siblings, 1 reply; 13+ messages in thread From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw) To: linux-bluetooth; +Cc: jprvita, gustavo, marcel After send a Disconnection Request we shall no send and receive frames anymore. So we set it to BT_DISCONN when a Disconnection Request is sent then L2CAP will not be able to send or receive any new packet, as specified by L2CAP spec. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> Reviewed-by: João Paulo Rechi Vita <jprvita@profusion.mobi> --- net/bluetooth/l2cap.c | 50 +++++++++++++++++++++++++++++++++--------------- 1 files changed, 34 insertions(+), 16 deletions(-) diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index 35b7791..3db0078 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c @@ -428,14 +428,41 @@ static void l2cap_do_start(struct sock *sk) } } +static inline void l2cap_ertm_shutdown(struct sock *sk) +{ + struct srej_list *l, *tmp; + + del_timer(&l2cap_pi(sk)->retrans_timer); + del_timer(&l2cap_pi(sk)->monitor_timer); + del_timer(&l2cap_pi(sk)->ack_timer); + + skb_queue_purge(SREJ_QUEUE(sk)); + skb_queue_purge(BUSY_QUEUE(sk)); + + list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) { + list_del(&l->list); + kfree(l); + } +} + static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk) { struct l2cap_disconn_req req; + skb_queue_purge(TX_QUEUE(sk)); + + if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) { + del_timer(&l2cap_pi(sk)->retrans_timer); + del_timer(&l2cap_pi(sk)->monitor_timer); + del_timer(&l2cap_pi(sk)->ack_timer); + } + req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid); req.scid = cpu_to_le16(l2cap_pi(sk)->scid); l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_DISCONN_REQ, sizeof(req), &req); + + sk->sk_state = BT_DISCONN; } /* ---- L2CAP connections ---- */ @@ -726,7 +753,6 @@ static void __l2cap_sock_close(struct sock *sk, int reason) sk->sk_type == SOCK_STREAM) { struct l2cap_conn *conn = l2cap_pi(sk)->conn; - sk->sk_state = BT_DISCONN; l2cap_sock_set_timer(sk, sk->sk_sndtimeo); l2cap_send_disconn_req(conn, sk); } else @@ -1409,6 +1435,9 @@ static int l2cap_ertm_send(struct sock *sk) u16 control, fcs; int nsent = 0; + if (sk->sk_state != BT_CONNECTED) + return -ENOTCONN; + if (pi->conn_state & L2CAP_CONN_WAIT_F) return 0; @@ -3068,7 +3097,6 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr default: sk->sk_state = BT_DISCONN; - sk->sk_err = ECONNRESET; l2cap_sock_set_timer(sk, HZ * 5); l2cap_send_disconn_req(conn, sk); goto done; @@ -3123,13 +3151,8 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd skb_queue_purge(TX_QUEUE(sk)); - if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) { - skb_queue_purge(SREJ_QUEUE(sk)); - skb_queue_purge(BUSY_QUEUE(sk)); - del_timer(&l2cap_pi(sk)->retrans_timer); - del_timer(&l2cap_pi(sk)->monitor_timer); - del_timer(&l2cap_pi(sk)->ack_timer); - } + if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) + l2cap_ertm_shutdown(sk); l2cap_chan_del(sk, ECONNRESET); bh_unlock_sock(sk); @@ -3155,13 +3178,8 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd skb_queue_purge(TX_QUEUE(sk)); - if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) { - skb_queue_purge(SREJ_QUEUE(sk)); - skb_queue_purge(BUSY_QUEUE(sk)); - del_timer(&l2cap_pi(sk)->retrans_timer); - del_timer(&l2cap_pi(sk)->monitor_timer); - del_timer(&l2cap_pi(sk)->ack_timer); - } + if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) + l2cap_ertm_shutdown(sk); l2cap_chan_del(sk, 0); bh_unlock_sock(sk); -- 1.6.4.4 ^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 10/13] Bluetooth: Fix crash when sending frames after connection is closed 2010-05-31 17:02 ` [PATCH 09/13] Bluetooth: Fix ERTM channel shutdown Gustavo F. Padovan @ 2010-05-31 17:02 ` Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 11/13] Bluetooth: Fix ERTM error reporting to the userspace Gustavo F. Padovan 0 siblings, 1 reply; 13+ messages in thread From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw) To: linux-bluetooth; +Cc: jprvita, gustavo, marcel At the time the channel is closed we can't really know if the timer was really deleted, since we used del_timer(). We can't call del_timer_sync() in interrupt context! So sometimes the acktimeout expires and try to send a acknowledgement, but we don't have any connection anymore. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> Reviewed-by: João Paulo Rechi Vita <jprvita@profusion.mobi> --- net/bluetooth/l2cap.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index 3db0078..e5b766d 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c @@ -345,8 +345,12 @@ static inline void l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control) struct sk_buff *skb; struct l2cap_hdr *lh; struct l2cap_conn *conn = pi->conn; + struct sock *sk = (struct sock *)pi; int count, hlen = L2CAP_HDR_SIZE + 2; + if (sk->sk_state != BT_CONNECTED) + return; + if (pi->fcs == L2CAP_FCS_CRC16) hlen += 2; -- 1.6.4.4 ^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 11/13] Bluetooth: Fix ERTM error reporting to the userspace 2010-05-31 17:02 ` [PATCH 10/13] Bluetooth: Fix crash when sending frames after connection is closed Gustavo F. Padovan @ 2010-05-31 17:02 ` Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 12/13] Bluetooth: Fix handle of received P-bit Gustavo F. Padovan 0 siblings, 1 reply; 13+ messages in thread From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw) To: linux-bluetooth; +Cc: jprvita, gustavo, marcel If any error occurs during transfers we have to tell userspace that something wrong happened. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> Reviewed-by: João Paulo Rechi Vita <jprvita@profusion.mobi> --- net/bluetooth/l2cap.c | 39 ++++++++++++++++++++++----------------- 1 files changed, 22 insertions(+), 17 deletions(-) diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index e5b766d..775204a 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c @@ -449,7 +449,7 @@ static inline void l2cap_ertm_shutdown(struct sock *sk) } } -static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk) +static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk, int err) { struct l2cap_disconn_req req; @@ -467,6 +467,7 @@ static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk) L2CAP_DISCONN_REQ, sizeof(req), &req); sk->sk_state = BT_DISCONN; + sk->sk_err = err; } /* ---- L2CAP connections ---- */ @@ -758,7 +759,7 @@ static void __l2cap_sock_close(struct sock *sk, int reason) struct l2cap_conn *conn = l2cap_pi(sk)->conn; l2cap_sock_set_timer(sk, sk->sk_sndtimeo); - l2cap_send_disconn_req(conn, sk); + l2cap_send_disconn_req(conn, sk, reason); } else l2cap_chan_del(sk, reason); break; @@ -1303,7 +1304,7 @@ static void l2cap_monitor_timeout(unsigned long arg) bh_lock_sock(sk); if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) { - l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk); + l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk, ECONNABORTED); bh_unlock_sock(sk); return; } @@ -1413,7 +1414,7 @@ static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq) if (pi->remote_max_tx && bt_cb(skb)->retries == pi->remote_max_tx) { - l2cap_send_disconn_req(pi->conn, sk); + l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED); return; } @@ -1450,7 +1451,7 @@ static int l2cap_ertm_send(struct sock *sk) if (pi->remote_max_tx && bt_cb(skb)->retries == pi->remote_max_tx) { - l2cap_send_disconn_req(pi->conn, sk); + l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED); break; } @@ -2168,6 +2169,10 @@ static int l2cap_sock_shutdown(struct socket *sock, int how) err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); } + + if (!err && sk->sk_err) + err = -sk->sk_err; + release_sock(sk); return err; } @@ -2439,7 +2444,7 @@ static int l2cap_build_conf_req(struct sock *sk, void *data) case L2CAP_MODE_ERTM: pi->conf_state |= L2CAP_CONF_STATE2_DEVICE; if (!l2cap_mode_supported(pi->mode, pi->conn->feat_mask)) - l2cap_send_disconn_req(pi->conn, sk); + l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); break; default: pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask); @@ -3008,7 +3013,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr /* Complete config. */ len = l2cap_parse_conf_req(sk, rsp); if (len < 0) { - l2cap_send_disconn_req(conn, sk); + l2cap_send_disconn_req(conn, sk, ECONNRESET); goto unlock; } @@ -3078,7 +3083,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr char req[64]; if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) { - l2cap_send_disconn_req(conn, sk); + l2cap_send_disconn_req(conn, sk, ECONNRESET); goto done; } @@ -3087,7 +3092,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr len = l2cap_parse_conf_rsp(sk, rsp->data, len, req, &result); if (len < 0) { - l2cap_send_disconn_req(conn, sk); + l2cap_send_disconn_req(conn, sk, ECONNRESET); goto done; } @@ -3102,7 +3107,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr default: sk->sk_state = BT_DISCONN; l2cap_sock_set_timer(sk, HZ * 5); - l2cap_send_disconn_req(conn, sk); + l2cap_send_disconn_req(conn, sk, ECONNRESET); goto done; } @@ -3545,7 +3550,7 @@ drop: pi->sdu = NULL; disconnect: - l2cap_send_disconn_req(pi->conn, sk); + l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); kfree_skb(skb); return 0; } @@ -3568,7 +3573,7 @@ static void l2cap_busy_work(struct work_struct *work) if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) { err = -EBUSY; - l2cap_send_disconn_req(pi->conn, sk); + l2cap_send_disconn_req(pi->conn, sk, EBUSY); goto done; } @@ -3844,7 +3849,7 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str /* invalid tx_seq */ if (tx_seq_offset >= pi->tx_win) { - l2cap_send_disconn_req(pi->conn, sk); + l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); goto drop; } @@ -4155,7 +4160,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk len -= 2; if (len > pi->mps) { - l2cap_send_disconn_req(pi->conn, sk); + l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); goto drop; } @@ -4171,20 +4176,20 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk /* check for invalid req-seq */ if (req_seq_offset > next_tx_seq_offset) { - l2cap_send_disconn_req(pi->conn, sk); + l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); goto drop; } if (__is_iframe(control)) { if (len < 4) { - l2cap_send_disconn_req(pi->conn, sk); + l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); goto drop; } l2cap_data_channel_iframe(sk, control, skb); } else { if (len != 0) { - l2cap_send_disconn_req(pi->conn, sk); + l2cap_send_disconn_req(pi->conn, sk, ECONNRESET); goto drop; } -- 1.6.4.4 ^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 12/13] Bluetooth: Fix handle of received P-bit 2010-05-31 17:02 ` [PATCH 11/13] Bluetooth: Fix ERTM error reporting to the userspace Gustavo F. Padovan @ 2010-05-31 17:02 ` Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 13/13] Bluetooth: Add debug output to ERTM code Gustavo F. Padovan 0 siblings, 1 reply; 13+ messages in thread From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw) To: linux-bluetooth; +Cc: jprvita, gustavo, marcel This is a protocol error. We shall send a F-bit in response to any P-bit received. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> Reviewed-by: João Paulo Rechi Vita <jprvita@profusion.mobi> --- net/bluetooth/l2cap.c | 14 +++++++++++++- 1 files changed, 13 insertions(+), 1 deletions(-) diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index 775204a..fc0084b 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c @@ -1421,8 +1421,15 @@ static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq) tx_skb = skb_clone(skb, GFP_ATOMIC); bt_cb(skb)->retries++; control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); + + if (pi->conn_state & L2CAP_CONN_SEND_FBIT) { + control |= L2CAP_CTRL_FINAL; + pi->conn_state &= ~L2CAP_CONN_SEND_FBIT; + } + control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT) | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT); + put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE); if (pi->fcs == L2CAP_FCS_CRC16) { @@ -3388,7 +3395,6 @@ static inline void l2cap_send_i_or_rr_or_rnr(struct sock *sk) u16 control = 0; pi->frames_sent = 0; - pi->conn_state |= L2CAP_CONN_SEND_FBIT; control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; @@ -3957,6 +3963,7 @@ static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control) l2cap_drop_acked_frames(sk); if (rx_control & L2CAP_CTRL_POLL) { + pi->conn_state |= L2CAP_CONN_SEND_FBIT; if (pi->conn_state & L2CAP_CONN_SREJ_SENT) { if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) && (pi->unacked_frames > 0)) @@ -4024,6 +4031,8 @@ static inline void l2cap_data_channel_srejframe(struct sock *sk, u16 rx_control) if (rx_control & L2CAP_CTRL_POLL) { pi->expected_ack_seq = tx_seq; l2cap_drop_acked_frames(sk); + + pi->conn_state |= L2CAP_CONN_SEND_FBIT; l2cap_retransmit_one_frame(sk, tx_seq); spin_lock_bh(&pi->send_lock); @@ -4058,6 +4067,9 @@ static inline void l2cap_data_channel_rnrframe(struct sock *sk, u16 rx_control) pi->expected_ack_seq = tx_seq; l2cap_drop_acked_frames(sk); + if (rx_control & L2CAP_CTRL_POLL) + pi->conn_state |= L2CAP_CONN_SEND_FBIT; + if (!(pi->conn_state & L2CAP_CONN_SREJ_SENT)) { del_timer(&pi->retrans_timer); if (rx_control & L2CAP_CTRL_POLL) -- 1.6.4.4 ^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 13/13] Bluetooth: Add debug output to ERTM code 2010-05-31 17:02 ` [PATCH 12/13] Bluetooth: Fix handle of received P-bit Gustavo F. Padovan @ 2010-05-31 17:02 ` Gustavo F. Padovan 0 siblings, 0 replies; 13+ messages in thread From: Gustavo F. Padovan @ 2010-05-31 17:02 UTC (permalink / raw) To: linux-bluetooth; +Cc: jprvita, gustavo, marcel Use the dynamic debug to output info about ERTM protocol stuff. The following script can be used to enable debug for ERTM: DEBUGFS="/sys/kernel/debug/dynamic_debug/control" echo -n 'func l2cap_send_disconn_req +p' > $DEBUGFS echo -n 'func l2cap_monitor_timeout +p' > $DEBUGFS echo -n 'func l2cap_retrans_timeout +p' > $DEBUGFS echo -n 'func l2cap_busy_work +p' > $DEBUGFS echo -n 'func l2cap_push_rx_skb +p' > $DEBUGFS echo -n 'func l2cap_data_channel_iframe +p' > $DEBUGFS echo -n 'func l2cap_data_channel_rrframe +p' > $DEBUGFS echo -n 'func l2cap_data_channel_rejframe +p' > $DEBUGFS echo -n 'func l2cap_data_channel_srejframe +p' > $DEBUGFS echo -n 'func l2cap_data_channel_rnrframe +p' > $DEBUGFS Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> Reviewed-by: João Paulo Rechi Vita <jprvita@profusion.mobi> --- net/bluetooth/l2cap.c | 25 ++++++++++++++++++++++++- 1 files changed, 24 insertions(+), 1 deletions(-) diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index fc0084b..ba980dc 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c @@ -453,6 +453,8 @@ static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk, int { struct l2cap_disconn_req req; + BT_DBG("sk %p", sk); + skb_queue_purge(TX_QUEUE(sk)); if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) { @@ -1302,6 +1304,8 @@ static void l2cap_monitor_timeout(unsigned long arg) { struct sock *sk = (void *) arg; + BT_DBG("sk %p", sk); + bh_lock_sock(sk); if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) { l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk, ECONNABORTED); @@ -1320,6 +1324,8 @@ static void l2cap_retrans_timeout(unsigned long arg) { struct sock *sk = (void *) arg; + BT_DBG("sk %p", sk); + bh_lock_sock(sk); l2cap_pi(sk)->retry_count = 1; __mod_monitor_timer(); @@ -3631,6 +3637,8 @@ done: pi->conn_state &= ~L2CAP_CONN_LOCAL_BUSY; pi->conn_state &= ~L2CAP_CONN_RNR_SENT; + BT_DBG("sk %p, Exit local busy", sk); + set_current_state(TASK_RUNNING); remove_wait_queue(sk_sleep(sk), &wait); @@ -3655,6 +3663,8 @@ static int l2cap_push_rx_skb(struct sock *sk, struct sk_buff *skb, u16 control) } /* Busy Condition */ + BT_DBG("sk %p, Enter local busy", sk); + pi->conn_state |= L2CAP_CONN_LOCAL_BUSY; bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT; __skb_queue_tail(BUSY_QUEUE(sk), skb); @@ -3833,7 +3843,8 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str int num_to_ack = (pi->tx_win/6) + 1; int err = 0; - BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len); + BT_DBG("sk %p len %d tx_seq %d rx_control 0x%4.4x", sk, skb->len, tx_seq, + rx_control); if (L2CAP_CTRL_FINAL & rx_control && l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) { @@ -3878,6 +3889,7 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str pi->buffer_seq = pi->buffer_seq_srej; pi->conn_state &= ~L2CAP_CONN_SREJ_SENT; l2cap_send_ack(pi); + BT_DBG("sk %p, Exit SREJ_SENT", sk); } } else { struct srej_list *l; @@ -3906,6 +3918,8 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str pi->conn_state |= L2CAP_CONN_SREJ_SENT; + BT_DBG("sk %p, Enter SREJ", sk); + INIT_LIST_HEAD(SREJ_LIST(sk)); pi->buffer_seq_srej = pi->buffer_seq; @@ -3959,6 +3973,9 @@ static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control) { struct l2cap_pinfo *pi = l2cap_pi(sk); + BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, __get_reqseq(rx_control), + rx_control); + pi->expected_ack_seq = __get_reqseq(rx_control); l2cap_drop_acked_frames(sk); @@ -4004,6 +4021,8 @@ static inline void l2cap_data_channel_rejframe(struct sock *sk, u16 rx_control) struct l2cap_pinfo *pi = l2cap_pi(sk); u8 tx_seq = __get_reqseq(rx_control); + BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control); + pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; pi->expected_ack_seq = tx_seq; @@ -4026,6 +4045,8 @@ static inline void l2cap_data_channel_srejframe(struct sock *sk, u16 rx_control) struct l2cap_pinfo *pi = l2cap_pi(sk); u8 tx_seq = __get_reqseq(rx_control); + BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control); + pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; if (rx_control & L2CAP_CTRL_POLL) { @@ -4063,6 +4084,8 @@ static inline void l2cap_data_channel_rnrframe(struct sock *sk, u16 rx_control) struct l2cap_pinfo *pi = l2cap_pi(sk); u8 tx_seq = __get_reqseq(rx_control); + BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control); + pi->conn_state |= L2CAP_CONN_REMOTE_BUSY; pi->expected_ack_seq = tx_seq; l2cap_drop_acked_frames(sk); -- 1.6.4.4 ^ permalink raw reply related [flat|nested] 13+ messages in thread
end of thread, other threads:[~2010-05-31 17:02 UTC | newest] Thread overview: 13+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2010-05-31 17:02 [PATCH 01/13] Bluetooth: Remove max_tx and tx_window modules paramenter from L2CAP Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 02/13] Bluetooth: Remove L2CAP Extended Features from Kconfig Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 03/13] Bluetooth: Fix drop of packets with invalid req_seq/tx_seq Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 04/13] Bluetooth: Check skb_clone return to avoid NULL dereference Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 05/13] Bluetooth: Fix ERTM vars increment Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 06/13] Bluetooth: Check packet FCS earlier Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 07/13] Bluetooth: Only check SAR bits if frame is I-frame Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 08/13] Bluetooth: Stop ack_timer if ERTM enters in Local Busy or SREJ_SENT Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 09/13] Bluetooth: Fix ERTM channel shutdown Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 10/13] Bluetooth: Fix crash when sending frames after connection is closed Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 11/13] Bluetooth: Fix ERTM error reporting to the userspace Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 12/13] Bluetooth: Fix handle of received P-bit Gustavo F. Padovan 2010-05-31 17:02 ` [PATCH 13/13] Bluetooth: Add debug output to ERTM code Gustavo F. Padovan
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).