提交 95ffa978 编写于 作者: G Gustavo F. Padovan 提交者: Marcel Holtmann

Bluetooth: Fix L2CAP control bit field corruption

When resending an I-frame, ERTM was reusing the control bits from the last
time it was sent, that was causing a corruption in the new control field
due to it dirty fields.

This patches extracts only the SAR bits from the old field and reuse it to
resend the packet, the others bits should be reset and receive the
updated value.
Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
上级 c13ffa62
...@@ -1430,6 +1430,8 @@ static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq) ...@@ -1430,6 +1430,8 @@ static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
tx_skb = skb_clone(skb, GFP_ATOMIC); tx_skb = skb_clone(skb, GFP_ATOMIC);
bt_cb(skb)->retries++; bt_cb(skb)->retries++;
control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
control &= L2CAP_CTRL_SAR;
control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT) control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
| (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT); | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE); put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
...@@ -1465,6 +1467,8 @@ static int l2cap_ertm_send(struct sock *sk) ...@@ -1465,6 +1467,8 @@ static int l2cap_ertm_send(struct sock *sk)
bt_cb(skb)->retries++; bt_cb(skb)->retries++;
control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
control &= L2CAP_CTRL_SAR;
if (pi->conn_state & L2CAP_CONN_SEND_FBIT) { if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
control |= L2CAP_CTRL_FINAL; control |= L2CAP_CTRL_FINAL;
pi->conn_state &= ~L2CAP_CONN_SEND_FBIT; pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册