diff options
| author | Gustavo F. Padovan <padovan@profusion.mobi> | 2010-05-01 15:15:41 -0400 |
|---|---|---|
| committer | Marcel Holtmann <marcel@holtmann.org> | 2010-05-10 03:28:50 -0400 |
| commit | f6e6b16823de0aff31cb8ee8c098383e3aceec58 (patch) | |
| tree | 16665dc866c3fadbed7462b73cb4efe7f2c340b6 /net/bluetooth | |
| parent | 68d7f0ce911e41e463c45911be031cdf6a096fe8 (diff) | |
Bluetooth: Fix bug when retransmitting I-frames
If there is no frames to retransmit l2cap was crashing the kernel, now
we check if the queue is empty first.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Reviewed-by: João Paulo Rechi Vita <jprvita@profusion.mobi>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'net/bluetooth')
| -rw-r--r-- | net/bluetooth/l2cap.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index f9e4da2677a..4c7b2d22faa 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c | |||
| @@ -3546,7 +3546,8 @@ expected: | |||
| 3546 | if (pi->conn_state & L2CAP_CONN_REJ_ACT) | 3546 | if (pi->conn_state & L2CAP_CONN_REJ_ACT) |
| 3547 | pi->conn_state &= ~L2CAP_CONN_REJ_ACT; | 3547 | pi->conn_state &= ~L2CAP_CONN_REJ_ACT; |
| 3548 | else { | 3548 | else { |
| 3549 | sk->sk_send_head = TX_QUEUE(sk)->next; | 3549 | if (!skb_queue_empty(TX_QUEUE(sk))) |
| 3550 | sk->sk_send_head = TX_QUEUE(sk)->next; | ||
| 3550 | pi->next_tx_seq = pi->expected_ack_seq; | 3551 | pi->next_tx_seq = pi->expected_ack_seq; |
| 3551 | l2cap_ertm_send(sk); | 3552 | l2cap_ertm_send(sk); |
| 3552 | } | 3553 | } |
| @@ -3593,7 +3594,8 @@ static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control) | |||
| 3593 | if (pi->conn_state & L2CAP_CONN_REJ_ACT) | 3594 | if (pi->conn_state & L2CAP_CONN_REJ_ACT) |
| 3594 | pi->conn_state &= ~L2CAP_CONN_REJ_ACT; | 3595 | pi->conn_state &= ~L2CAP_CONN_REJ_ACT; |
| 3595 | else { | 3596 | else { |
| 3596 | sk->sk_send_head = TX_QUEUE(sk)->next; | 3597 | if (!skb_queue_empty(TX_QUEUE(sk))) |
| 3598 | sk->sk_send_head = TX_QUEUE(sk)->next; | ||
| 3597 | pi->next_tx_seq = pi->expected_ack_seq; | 3599 | pi->next_tx_seq = pi->expected_ack_seq; |
| 3598 | l2cap_ertm_send(sk); | 3600 | l2cap_ertm_send(sk); |
| 3599 | } | 3601 | } |
| @@ -3625,12 +3627,14 @@ static inline void l2cap_data_channel_rejframe(struct sock *sk, u16 rx_control) | |||
| 3625 | if (pi->conn_state & L2CAP_CONN_REJ_ACT) | 3627 | if (pi->conn_state & L2CAP_CONN_REJ_ACT) |
| 3626 | pi->conn_state &= ~L2CAP_CONN_REJ_ACT; | 3628 | pi->conn_state &= ~L2CAP_CONN_REJ_ACT; |
| 3627 | else { | 3629 | else { |
| 3628 | sk->sk_send_head = TX_QUEUE(sk)->next; | 3630 | if (!skb_queue_empty(TX_QUEUE(sk))) |
| 3631 | sk->sk_send_head = TX_QUEUE(sk)->next; | ||
| 3629 | pi->next_tx_seq = pi->expected_ack_seq; | 3632 | pi->next_tx_seq = pi->expected_ack_seq; |
| 3630 | l2cap_ertm_send(sk); | 3633 | l2cap_ertm_send(sk); |
| 3631 | } | 3634 | } |
| 3632 | } else { | 3635 | } else { |
| 3633 | sk->sk_send_head = TX_QUEUE(sk)->next; | 3636 | if (!skb_queue_empty(TX_QUEUE(sk))) |
| 3637 | sk->sk_send_head = TX_QUEUE(sk)->next; | ||
| 3634 | pi->next_tx_seq = pi->expected_ack_seq; | 3638 | pi->next_tx_seq = pi->expected_ack_seq; |
| 3635 | l2cap_ertm_send(sk); | 3639 | l2cap_ertm_send(sk); |
| 3636 | 3640 | ||