Skip to content

Commit

Permalink
Bluetooth: Linearize skbs for use in BNEP, CMTP, HIDP, and RFCOMM
Browse files Browse the repository at this point in the history 
Fragmented skbs are only encountered when receiving ERTM or streaming
mode L2CAP data.  BNEP, CMTP, HIDP, and RFCOMM generally use basic
mode, but they need to handle fragments without crashing.

Signed-off-by: Mat Martineau <[email protected]>
Signed-off-by: Gustavo F. Padovan <[email protected]>
  • Loading branch information
@padovan
Mat Martineau authored and padovan committed Sep 27, 2011
1 parent 9fd481e commit 4493572
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 5 deletions.
5 changes: 4 additions & 1 deletion net/bluetooth/bnep/core.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -492,7 +492,10 @@ static int bnep_session(void *arg)
/* RX */
while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
skb_orphan(skb);
bnep_rx_frame(s, skb);
if (!skb_linearize(skb))
bnep_rx_frame(s, skb);
else
kfree_skb(skb);
}

if (sk->sk_state != BT_CONNECTED)
Expand Down
5 changes: 4 additions & 1 deletion net/bluetooth/cmtp/core.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -302,7 +302,10 @@ static int cmtp_session(void *arg)

while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
skb_orphan(skb);
cmtp_recv_frame(session, skb);
if (!skb_linearize(skb))
cmtp_recv_frame(session, skb);
else
kfree_skb(skb);
}

cmtp_process_transmit(session);
Expand Down
10 changes: 8 additions & 2 deletions net/bluetooth/hidp/core.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -716,12 +716,18 @@ static int hidp_session(void *arg)

while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
skb_orphan(skb);
hidp_recv_ctrl_frame(session, skb);
if (!skb_linearize(skb))
hidp_recv_ctrl_frame(session, skb);
else
kfree_skb(skb);
}

while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
skb_orphan(skb);
hidp_recv_intr_frame(session, skb);
if (!skb_linearize(skb))
hidp_recv_intr_frame(session, skb);
else
kfree_skb(skb);
}

hidp_process_transmit(session);
Expand Down
5 changes: 4 additions & 1 deletion net/bluetooth/rfcomm/core.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1853,7 +1853,10 @@ static inline void rfcomm_process_rx(struct rfcomm_session *s)
/* Get data directly from socket receive queue without copying it. */
while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
skb_orphan(skb);
rfcomm_recv_frame(s, skb);
if (!skb_linearize(skb))
rfcomm_recv_frame(s, skb);
else
kfree_skb(skb);
}

if (sk->sk_state == BT_CLOSED) {
Expand Down

0 comments on commit 4493572

Please sign in to comment.