aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorMat Martineau <mathewm@codeaurora.org>2011-07-22 17:53:58 -0400
committerGustavo F. Padovan <gustavo@padovan.org>2011-09-27 17:15:55 -0400
commit449357200c5d73d80a9c42dee5dafed684b3cd17 (patch)
tree333e387c99dc8cd03d334e61f1a5147b4e5bd8f9 /net
parent9fd481e03c1e9c76c814b88b9ea1cbda9afb0812 (diff)
Bluetooth: Linearize skbs for use in BNEP, CMTP, HIDP, and RFCOMM
Fragmented skbs are only encountered when receiving ERTM or streaming mode L2CAP data. BNEP, CMTP, HIDP, and RFCOMM generally use basic mode, but they need to handle fragments without crashing. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Diffstat (limited to 'net')
-rw-r--r--net/bluetooth/bnep/core.c5
-rw-r--r--net/bluetooth/cmtp/core.c5
-rw-r--r--net/bluetooth/hidp/core.c10
-rw-r--r--net/bluetooth/rfcomm/core.c5
4 files changed, 20 insertions, 5 deletions
diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c
index d9edfe8bf9d6..91bcd3a961ec 100644
--- a/net/bluetooth/bnep/core.c
+++ b/net/bluetooth/bnep/core.c
@@ -492,7 +492,10 @@ static int bnep_session(void *arg)
492 /* RX */ 492 /* RX */
493 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 493 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
494 skb_orphan(skb); 494 skb_orphan(skb);
495 bnep_rx_frame(s, skb); 495 if (!skb_linearize(skb))
496 bnep_rx_frame(s, skb);
497 else
498 kfree_skb(skb);
496 } 499 }
497 500
498 if (sk->sk_state != BT_CONNECTED) 501 if (sk->sk_state != BT_CONNECTED)
diff --git a/net/bluetooth/cmtp/core.c b/net/bluetooth/cmtp/core.c
index 521baa4fe835..7d00ddf9e9dc 100644
--- a/net/bluetooth/cmtp/core.c
+++ b/net/bluetooth/cmtp/core.c
@@ -302,7 +302,10 @@ static int cmtp_session(void *arg)
302 302
303 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 303 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
304 skb_orphan(skb); 304 skb_orphan(skb);
305 cmtp_recv_frame(session, skb); 305 if (!skb_linearize(skb))
306 cmtp_recv_frame(session, skb);
307 else
308 kfree_skb(skb);
306 } 309 }
307 310
308 cmtp_process_transmit(session); 311 cmtp_process_transmit(session);
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index b83979c548b2..075a3e920caf 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -716,12 +716,18 @@ static int hidp_session(void *arg)
716 716
717 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { 717 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
718 skb_orphan(skb); 718 skb_orphan(skb);
719 hidp_recv_ctrl_frame(session, skb); 719 if (!skb_linearize(skb))
720 hidp_recv_ctrl_frame(session, skb);
721 else
722 kfree_skb(skb);
720 } 723 }
721 724
722 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { 725 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
723 skb_orphan(skb); 726 skb_orphan(skb);
724 hidp_recv_intr_frame(session, skb); 727 if (!skb_linearize(skb))
728 hidp_recv_intr_frame(session, skb);
729 else
730 kfree_skb(skb);
725 } 731 }
726 732
727 hidp_process_transmit(session); 733 hidp_process_transmit(session);
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index 5ba3f6df665c..38b618c96de6 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -1853,7 +1853,10 @@ static inline void rfcomm_process_rx(struct rfcomm_session *s)
1853 /* Get data directly from socket receive queue without copying it. */ 1853 /* Get data directly from socket receive queue without copying it. */
1854 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1854 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1855 skb_orphan(skb); 1855 skb_orphan(skb);
1856 rfcomm_recv_frame(s, skb); 1856 if (!skb_linearize(skb))
1857 rfcomm_recv_frame(s, skb);
1858 else
1859 kfree_skb(skb);
1857 } 1860 }
1858 1861
1859 if (sk->sk_state == BT_CLOSED) { 1862 if (sk->sk_state == BT_CLOSED) {
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-10 15:21:15 -0500