diff options
Diffstat (limited to 'net/bluetooth/hci_event.c')
| -rw-r--r-- | net/bluetooth/hci_event.c | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 4221bd256bdd..001307f81057 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c | |||
| @@ -711,7 +711,14 @@ static void hci_cc_read_local_ext_features(struct hci_dev *hdev, | |||
| 711 | if (rp->status) | 711 | if (rp->status) |
| 712 | return; | 712 | return; |
| 713 | 713 | ||
| 714 | memcpy(hdev->extfeatures, rp->features, 8); | 714 | switch (rp->page) { |
| 715 | case 0: | ||
| 716 | memcpy(hdev->features, rp->features, 8); | ||
| 717 | break; | ||
| 718 | case 1: | ||
| 719 | memcpy(hdev->host_features, rp->features, 8); | ||
| 720 | break; | ||
| 721 | } | ||
| 715 | 722 | ||
| 716 | hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status); | 723 | hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status); |
| 717 | } | 724 | } |
| @@ -1047,9 +1054,7 @@ static void hci_cc_le_set_scan_enable(struct hci_dev *hdev, | |||
| 1047 | case LE_SCANNING_DISABLED: | 1054 | case LE_SCANNING_DISABLED: |
| 1048 | clear_bit(HCI_LE_SCAN, &hdev->dev_flags); | 1055 | clear_bit(HCI_LE_SCAN, &hdev->dev_flags); |
| 1049 | 1056 | ||
| 1050 | cancel_delayed_work_sync(&hdev->adv_work); | 1057 | schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT); |
| 1051 | queue_delayed_work(hdev->workqueue, &hdev->adv_work, | ||
| 1052 | jiffies + ADV_CLEAR_TIMEOUT); | ||
| 1053 | break; | 1058 | break; |
| 1054 | 1059 | ||
| 1055 | default: | 1060 | default: |
| @@ -2266,20 +2271,19 @@ static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *s | |||
| 2266 | struct hci_ev_num_comp_pkts *ev = (void *) skb->data; | 2271 | struct hci_ev_num_comp_pkts *ev = (void *) skb->data; |
| 2267 | int i; | 2272 | int i; |
| 2268 | 2273 | ||
| 2269 | skb_pull(skb, sizeof(*ev)); | ||
| 2270 | |||
| 2271 | BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl); | ||
| 2272 | |||
| 2273 | if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) { | 2274 | if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) { |
| 2274 | BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode); | 2275 | BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode); |
| 2275 | return; | 2276 | return; |
| 2276 | } | 2277 | } |
| 2277 | 2278 | ||
| 2278 | if (skb->len < ev->num_hndl * 4) { | 2279 | if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) + |
| 2280 | ev->num_hndl * sizeof(struct hci_comp_pkts_info)) { | ||
| 2279 | BT_DBG("%s bad parameters", hdev->name); | 2281 | BT_DBG("%s bad parameters", hdev->name); |
| 2280 | return; | 2282 | return; |
| 2281 | } | 2283 | } |
| 2282 | 2284 | ||
| 2285 | BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl); | ||
| 2286 | |||
| 2283 | for (i = 0; i < ev->num_hndl; i++) { | 2287 | for (i = 0; i < ev->num_hndl; i++) { |
| 2284 | struct hci_comp_pkts_info *info = &ev->handles[i]; | 2288 | struct hci_comp_pkts_info *info = &ev->handles[i]; |
| 2285 | struct hci_conn *conn; | 2289 | struct hci_conn *conn; |