From: "Gustavo F. Padovan" <padovan@profusion.mobi>
To: linux-bluetooth@vger.kernel.org
Cc: marcel@holtmann.org, gustavo@padovan.org, jprvita@profusion.mobi
Subject: [PATCH 03/10] Bluetooth: Fix configuration of the MPS value
Date: Tue, 30 Mar 2010 15:52:33 -0300 [thread overview]
Message-ID: <1269975160-9994-3-git-send-email-padovan@profusion.mobi> (raw)
In-Reply-To: <1269975160-9994-2-git-send-email-padovan@profusion.mobi>
We were accepting values bigger than we can accept. This was leading
ERTM to drop packets because of wrong FCS checks.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Reviewed-by: João Paulo Rechi Vita <jprvita@profusion.mobi>
---
include/net/bluetooth/l2cap.h | 3 ++-
net/bluetooth/l2cap.c | 36 ++++++++++++++++++++----------------
2 files changed, 22 insertions(+), 17 deletions(-)
diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
index 48f10f4..0f4e423 100644
--- a/include/net/bluetooth/l2cap.h
+++ b/include/net/bluetooth/l2cap.h
@@ -343,7 +343,8 @@ struct l2cap_pinfo {
__u8 remote_max_tx;
__u16 retrans_timeout;
__u16 monitor_timeout;
- __u16 max_pdu_size;
+ __u16 remote_mps;
+ __u16 mps;
__le16 sport;
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 40aff8d..4c98e3c 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -1605,21 +1605,21 @@ static inline int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, siz
__skb_queue_head_init(&sar_queue);
control = L2CAP_SDU_START;
- skb = l2cap_create_iframe_pdu(sk, msg, pi->max_pdu_size, control, len);
+ skb = l2cap_create_iframe_pdu(sk, msg, pi->remote_mps, control, len);
if (IS_ERR(skb))
return PTR_ERR(skb);
__skb_queue_tail(&sar_queue, skb);
- len -= pi->max_pdu_size;
- size +=pi->max_pdu_size;
+ len -= pi->remote_mps;
+ size +=pi->remote_mps;
control = 0;
while (len > 0) {
size_t buflen;
- if (len > pi->max_pdu_size) {
+ if (len > pi->remote_mps) {
control |= L2CAP_SDU_CONTINUE;
- buflen = pi->max_pdu_size;
+ buflen = pi->remote_mps;
} else {
control |= L2CAP_SDU_END;
buflen = len;
@@ -1697,7 +1697,7 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
case L2CAP_MODE_ERTM:
case L2CAP_MODE_STREAMING:
/* Entire SDU fits into one PDU */
- if (len <= pi->max_pdu_size) {
+ if (len <= pi->remote_mps) {
control = L2CAP_SDU_UNSEGMENTED;
skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0);
if (IS_ERR(skb)) {
@@ -2326,7 +2326,7 @@ done:
rfc.monitor_timeout = 0;
rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
- rfc.max_pdu_size = pi->conn->mtu - 10;
+ rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
sizeof(rfc), (unsigned long) &rfc);
@@ -2349,7 +2349,7 @@ done:
rfc.monitor_timeout = 0;
rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
- rfc.max_pdu_size = pi->conn->mtu - 10;
+ rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
sizeof(rfc), (unsigned long) &rfc);
@@ -2478,7 +2478,10 @@ done:
case L2CAP_MODE_ERTM:
pi->remote_tx_win = rfc.txwin_size;
pi->remote_max_tx = rfc.max_transmit;
- pi->max_pdu_size = rfc.max_pdu_size;
+ if (rfc.max_pdu_size > pi->conn->mtu - 10)
+ rfc.max_pdu_size = le16_to_cpu(pi->conn->mtu - 10);
+
+ pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
rfc.retrans_timeout = L2CAP_DEFAULT_RETRANS_TO;
rfc.monitor_timeout = L2CAP_DEFAULT_MONITOR_TO;
@@ -2491,7 +2494,10 @@ done:
break;
case L2CAP_MODE_STREAMING:
- pi->max_pdu_size = rfc.max_pdu_size;
+ if (rfc.max_pdu_size > pi->conn->mtu - 10)
+ rfc.max_pdu_size = le16_to_cpu(pi->conn->mtu - 10);
+
+ pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
pi->conf_state |= L2CAP_CONF_MODE_DONE;
@@ -2570,11 +2576,10 @@ static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data,
pi->remote_tx_win = rfc.txwin_size;
pi->retrans_timeout = rfc.retrans_timeout;
pi->monitor_timeout = rfc.monitor_timeout;
- pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size);
+ pi->mps = le16_to_cpu(rfc.max_pdu_size);
break;
case L2CAP_MODE_STREAMING:
- pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size);
- break;
+ pi->mps = le16_to_cpu(rfc.max_pdu_size);
}
}
@@ -3758,7 +3763,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
* Receiver will miss it and start proper recovery
* procedures and ask retransmission.
*/
- if (len > L2CAP_DEFAULT_MAX_PDU_SIZE)
+ if (len > pi->mps)
goto drop;
if (l2cap_check_fcs(pi, skb))
@@ -3789,8 +3794,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
if (pi->fcs == L2CAP_FCS_CRC16)
len -= 2;
- if (len > L2CAP_DEFAULT_MAX_PDU_SIZE || len < 4
- || __is_sframe(control))
+ if (len > pi->mps || len < 4 || __is_sframe(control))
goto drop;
if (l2cap_check_fcs(pi, skb))
--
1.6.4.4
next prev parent reply other threads:[~2010-03-30 18:52 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-23 19:48 [PATCH 00/19] Patches for eL2CAP Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 01/19] Bluetooth: Implement 'Send IorRRorRNR' event Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 02/19] Bluetooth: Support case with F bit set under WAIT_F state Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 03/19] Bluetooth: Fix memory leak of S-frames into L2CAP Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 04/19] Bluetooth: Check the minimum {I,S}-frame size " Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 05/19] Bluetooth: Check if SDU size is greater than MTU on L2CAP Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 06/19] Bluetooth: Fix expected_tx_seq calculation " Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 07/19] Bluetooth: Implement SendAck() Action on ERTM Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 08/19] Bluetooth: Move set of P-bit to l2cap_send_sframe() Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 09/19] Bluetooth: Add Recv RR (P=0)(F=0) for SREJ_SENT state on ERTM Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 10/19] Bluetooth: Use a l2cap_pinfo struct instead l2cap_pi() macro Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 11/19] Bluetooth: Fix ACL MTU issue Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 12/19] Bluetooth: Split l2cap_data_channel_sframe() Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 13/19] Bluetooth: Handle all cases of receipt of RNR-frames into L2CAP Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 14/19] Bluetooth: Group the ack of I-frames into l2cap_data_channel_rrframe() Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 15/19] Bluetooth: Remove duplicate use of __get_reqseq() macro on L2CAP Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 16/19] Bluetooth: Finish implementation for Rec RR (P=1) on ERTM Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 17/19] Bluetooth: Ignore I-frames with a duplicated txSeq Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 18/19] Bluetooth: Add timer to Acknowledge I-frames Gustavo F. Padovan
2010-03-23 19:48 ` [PATCH 19/19] Bluetooth: Move specific Basic Mode code to the right place Gustavo F. Padovan
2010-03-26 19:19 ` [PATCH 1/6] Bluetooth: Ignore Tx Window value with Streaming mode Gustavo F. Padovan
2010-03-26 19:19 ` [PATCH 2/6] Bluetooth: Read RFC conf option on a successful Conf RSP Gustavo F. Padovan
2010-03-26 19:19 ` [PATCH 3/6] Bluetooth: Fix configuration of the MPS value Gustavo F. Padovan
2010-03-26 19:19 ` [PATCH 4/6] Bluetooth: Add le16 macro to Retransmission and Monitor Timeouts values Gustavo F. Padovan
2010-03-26 19:19 ` [PATCH 5/6] Bluetooth: Check the SDU size against the MTU value Gustavo F. Padovan
2010-03-26 19:19 ` [PATCH 6/6] Bluetooth: Close channel when an invalid ReqSeq is received Gustavo F. Padovan
2010-03-30 18:52 ` [PATCH 01/10] Bluetooth: Ignore Tx Window value with Streaming mode Gustavo F. Padovan
2010-03-30 18:52 ` [PATCH 02/10] Bluetooth: Read RFC conf option on a successful Conf RSP Gustavo F. Padovan
2010-03-30 18:52 ` Gustavo F. Padovan [this message]
2010-03-30 18:52 ` [PATCH 04/10] Bluetooth: Add le16 macro to Retransmission and Monitor Timeouts values Gustavo F. Padovan
2010-03-30 18:52 ` [PATCH 05/10] Bluetooth: Check the SDU size against the MTU value Gustavo F. Padovan
2010-03-30 18:52 ` [PATCH 06/10] Bluetooth: Send Ack after clear the SREJ list Gustavo F. Padovan
2010-03-30 18:52 ` [PATCH 07/10] Bluetooth: Add sockopt configuration for txWindow on L2CAP Gustavo F. Padovan
2010-03-30 18:52 ` [PATCH 08/10] Bluetooth: Change acknowledgement to use the value of txWindow Gustavo F. Padovan
2010-03-30 18:52 ` [PATCH 09/10] Bluetooth: Add module parameter for txWindow size on L2CAP Gustavo F. Padovan
2010-03-30 18:52 ` [PATCH 10/10] Bluetooth: Enable option to configure Max Transmission value via sockopt Gustavo F. Padovan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1269975160-9994-3-git-send-email-padovan@profusion.mobi \
--to=padovan@profusion.mobi \
--cc=gustavo@padovan.org \
--cc=jprvita@profusion.mobi \
--cc=linux-bluetooth@vger.kernel.org \
--cc=marcel@holtmann.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.