| Message ID | 20200305152839.92437-1-marcel@holtmann.org (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Johan Hedberg |
| Headers | show |
| Series | Bluetooth: Fix calculation of SCO handle for packet processing | expand |
Hi Marcel, On Thu, Mar 5, 2020 at 10:28 AM Marcel Holtmann <marcel@holtmann.org> wrote: > > When processing SCO packets, the handle is wrongly assumed as 16-bit > value. The actual size is 12-bits and the other 4-bits are used for > packet flags. > > Signed-off-by: Marcel Holtmann <marcel@holtmann.org> > --- > net/bluetooth/hci_core.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c > index 4e6d61a95b20..6a88954e67c0 100644 > --- a/net/bluetooth/hci_core.c > +++ b/net/bluetooth/hci_core.c > @@ -4387,13 +4387,16 @@ static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb) > { > struct hci_sco_hdr *hdr = (void *) skb->data; > struct hci_conn *conn; > - __u16 handle; > + __u16 handle, flags; > > skb_pull(skb, HCI_SCO_HDR_SIZE); > > handle = __le16_to_cpu(hdr->handle); > + flags = hci_flags(handle); > + handle = hci_handle(handle); > > - BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle); > + BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len, > + handle, flags); > > hdev->stat.sco_rx++; > > -- > 2.24.1 > LGTM.
Hi Marcel, On Thu, Mar 05, 2020, Marcel Holtmann wrote: > When processing SCO packets, the handle is wrongly assumed as 16-bit > value. The actual size is 12-bits and the other 4-bits are used for > packet flags. > > Signed-off-by: Marcel Holtmann <marcel@holtmann.org> > --- > net/bluetooth/hci_core.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) Applied to bluetooth-next. Thanks. Johan
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index 4e6d61a95b20..6a88954e67c0 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c @@ -4387,13 +4387,16 @@ static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb) { struct hci_sco_hdr *hdr = (void *) skb->data; struct hci_conn *conn; - __u16 handle; + __u16 handle, flags; skb_pull(skb, HCI_SCO_HDR_SIZE); handle = __le16_to_cpu(hdr->handle); + flags = hci_flags(handle); + handle = hci_handle(handle); - BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle); + BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len, + handle, flags); hdev->stat.sco_rx++;
When processing SCO packets, the handle is wrongly assumed as 16-bit value. The actual size is 12-bits and the other 4-bits are used for packet flags. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> --- net/bluetooth/hci_core.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)