From 6340650400525a9ca8d86b1b4501cc50670dce0d Mon Sep 17 00:00:00 2001 From: "Gustavo F. Padovan" Date: Tue, 3 Aug 2010 23:49:29 -0300 Subject: Bluetooth: Don't send RFC for Basic Mode if only it is supported If the remote side doesn't support Enhanced Retransmission Mode neither Streaming Mode, we shall not send the RFC option. Some devices that only supports Basic Mode do not understanding the RFC option. This patch fixes the regression found with these devices. Signed-off-by: Gustavo F. Padovan Signed-off-by: Marcel Holtmann --- net/bluetooth/l2cap.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'net/bluetooth/l2cap.c') diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index 9ba1e8eee37c..0f34e1275147 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c @@ -2527,6 +2527,10 @@ done: if (pi->imtu != L2CAP_DEFAULT_MTU) l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu); + if (!(pi->conn->feat_mask & L2CAP_FEAT_ERTM) && + !(pi->conn->feat_mask & L2CAP_FEAT_STREAMING)) + break; + rfc.mode = L2CAP_MODE_BASIC; rfc.txwin_size = 0; rfc.max_transmit = 0; @@ -2534,6 +2538,8 @@ done: rfc.monitor_timeout = 0; rfc.max_pdu_size = 0; + l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), + (unsigned long) &rfc); break; case L2CAP_MODE_ERTM: @@ -2546,6 +2552,9 @@ done: if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10) rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10); + l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), + (unsigned long) &rfc); + if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS)) break; @@ -2566,6 +2575,9 @@ done: if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10) rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10); + l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), + (unsigned long) &rfc); + if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS)) break; @@ -2577,9 +2589,6 @@ done: break; } - l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), - (unsigned long) &rfc); - /* FIXME: Need actual value of the flush timeout */ //if (flush_to != L2CAP_DEFAULT_FLUSH_TO) // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to); -- cgit v1.2.2 From adb08edea0119f7a5484a9f6a385fbcecdf85a63 Mon Sep 17 00:00:00 2001 From: Ville Tervo Date: Wed, 4 Aug 2010 09:43:33 +0300 Subject: Bluetooth: Check result code of L2CAP information response Check result code of L2CAP information response. Otherwise it would read invalid feature mask and access invalid memory. Signed-off-by: Ville Tervo Signed-off-by: Marcel Holtmann --- net/bluetooth/l2cap.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'net/bluetooth/l2cap.c') diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index 0f34e1275147..3e3cd9d4e52c 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c @@ -3348,6 +3348,15 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cm del_timer(&conn->info_timer); + if (result != L2CAP_IR_SUCCESS) { + conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; + conn->info_ident = 0; + + l2cap_conn_start(conn); + + return 0; + } + if (type == L2CAP_IT_FEAT_MASK) { conn->feat_mask = get_unaligned_le32(rsp->data); -- cgit v1.2.2