aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMat Martineau <mathewm@codeaurora.org>2010-08-05 18:54:22 -0400
committerMarcel Holtmann <marcel@holtmann.org>2010-08-10 07:59:09 -0400
commit86b1b26326279299c93ddb11ab4782d3896bf84c (patch)
tree0c3834245d1fec2fc843b6b81f3d02e437f67705
parentc4e9b56e24422e71424b24eee27c2b134a191d7b (diff)
Bluetooth: Fix endianness issue with L2CAP MPS configuration
Incoming configuration values must be converted to native CPU order before use. This fixes a bug where a little-endian MPS value is compared to a native CPU value. On big-endian processors, this can cause ERTM and streaming mode segmentation to produce PDUs that are larger than the remote stack is expecting, or that would produce fragmented skbs that the current FCS code cannot handle. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-rw-r--r--net/bluetooth/l2cap.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 3e3cd9d4e52c..9d1f1544d9d3 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -2705,8 +2705,9 @@ done:
2705 case L2CAP_MODE_ERTM: 2705 case L2CAP_MODE_ERTM:
2706 pi->remote_tx_win = rfc.txwin_size; 2706 pi->remote_tx_win = rfc.txwin_size;
2707 pi->remote_max_tx = rfc.max_transmit; 2707 pi->remote_max_tx = rfc.max_transmit;
2708 if (rfc.max_pdu_size > pi->conn->mtu - 10) 2708
2709 rfc.max_pdu_size = le16_to_cpu(pi->conn->mtu - 10); 2709 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
2710 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2710 2711
2711 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size); 2712 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
2712 2713
@@ -2723,8 +2724,8 @@ done:
2723 break; 2724 break;
2724 2725
2725 case L2CAP_MODE_STREAMING: 2726 case L2CAP_MODE_STREAMING:
2726 if (rfc.max_pdu_size > pi->conn->mtu - 10) 2727 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
2727 rfc.max_pdu_size = le16_to_cpu(pi->conn->mtu - 10); 2728 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2728 2729
2729 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size); 2730 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
2730 2731