提交 44935720 编写于 作者: M Mat Martineau 提交者: Gustavo F. Padovan

Bluetooth: Linearize skbs for use in BNEP, CMTP, HIDP, and RFCOMM

Fragmented skbs are only encountered when receiving ERTM or streaming
mode L2CAP data.  BNEP, CMTP, HIDP, and RFCOMM generally use basic
mode, but they need to handle fragments without crashing.
Signed-off-by: NMat Martineau <mathewm@codeaurora.org>
Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
上级 9fd481e0
...@@ -492,7 +492,10 @@ static int bnep_session(void *arg) ...@@ -492,7 +492,10 @@ static int bnep_session(void *arg)
/* RX */ /* RX */
while ((skb = skb_dequeue(&sk->sk_receive_queue))) { while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
skb_orphan(skb); skb_orphan(skb);
bnep_rx_frame(s, skb); if (!skb_linearize(skb))
bnep_rx_frame(s, skb);
else
kfree_skb(skb);
} }
if (sk->sk_state != BT_CONNECTED) if (sk->sk_state != BT_CONNECTED)
......
...@@ -302,7 +302,10 @@ static int cmtp_session(void *arg) ...@@ -302,7 +302,10 @@ static int cmtp_session(void *arg)
while ((skb = skb_dequeue(&sk->sk_receive_queue))) { while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
skb_orphan(skb); skb_orphan(skb);
cmtp_recv_frame(session, skb); if (!skb_linearize(skb))
cmtp_recv_frame(session, skb);
else
kfree_skb(skb);
} }
cmtp_process_transmit(session); cmtp_process_transmit(session);
......
...@@ -716,12 +716,18 @@ static int hidp_session(void *arg) ...@@ -716,12 +716,18 @@ static int hidp_session(void *arg)
while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
skb_orphan(skb); skb_orphan(skb);
hidp_recv_ctrl_frame(session, skb); if (!skb_linearize(skb))
hidp_recv_ctrl_frame(session, skb);
else
kfree_skb(skb);
} }
while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
skb_orphan(skb); skb_orphan(skb);
hidp_recv_intr_frame(session, skb); if (!skb_linearize(skb))
hidp_recv_intr_frame(session, skb);
else
kfree_skb(skb);
} }
hidp_process_transmit(session); hidp_process_transmit(session);
......
...@@ -1853,7 +1853,10 @@ static inline void rfcomm_process_rx(struct rfcomm_session *s) ...@@ -1853,7 +1853,10 @@ static inline void rfcomm_process_rx(struct rfcomm_session *s)
/* Get data directly from socket receive queue without copying it. */ /* Get data directly from socket receive queue without copying it. */
while ((skb = skb_dequeue(&sk->sk_receive_queue))) { while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
skb_orphan(skb); skb_orphan(skb);
rfcomm_recv_frame(s, skb); if (!skb_linearize(skb))
rfcomm_recv_frame(s, skb);
else
kfree_skb(skb);
} }
if (sk->sk_state == BT_CLOSED) { if (sk->sk_state == BT_CLOSED) {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册