Commit f6e6b168 authored by Gustavo F. Padovan's avatar Gustavo F. Padovan Committed by Marcel Holtmann

Bluetooth: Fix bug when retransmitting I-frames

If there is no frames to retransmit l2cap was crashing the kernel, now
we check if the queue is empty first.
Signed-off-by: default avatarGustavo F. Padovan <padovan@profusion.mobi>
Reviewed-by: default avatarJoão Paulo Rechi Vita <jprvita@profusion.mobi>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
parent 68d7f0ce
...@@ -3546,6 +3546,7 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str ...@@ -3546,6 +3546,7 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
if (pi->conn_state & L2CAP_CONN_REJ_ACT) if (pi->conn_state & L2CAP_CONN_REJ_ACT)
pi->conn_state &= ~L2CAP_CONN_REJ_ACT; pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
else { else {
if (!skb_queue_empty(TX_QUEUE(sk)))
sk->sk_send_head = TX_QUEUE(sk)->next; sk->sk_send_head = TX_QUEUE(sk)->next;
pi->next_tx_seq = pi->expected_ack_seq; pi->next_tx_seq = pi->expected_ack_seq;
l2cap_ertm_send(sk); l2cap_ertm_send(sk);
...@@ -3593,6 +3594,7 @@ static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control) ...@@ -3593,6 +3594,7 @@ static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control)
if (pi->conn_state & L2CAP_CONN_REJ_ACT) if (pi->conn_state & L2CAP_CONN_REJ_ACT)
pi->conn_state &= ~L2CAP_CONN_REJ_ACT; pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
else { else {
if (!skb_queue_empty(TX_QUEUE(sk)))
sk->sk_send_head = TX_QUEUE(sk)->next; sk->sk_send_head = TX_QUEUE(sk)->next;
pi->next_tx_seq = pi->expected_ack_seq; pi->next_tx_seq = pi->expected_ack_seq;
l2cap_ertm_send(sk); l2cap_ertm_send(sk);
...@@ -3625,11 +3627,13 @@ static inline void l2cap_data_channel_rejframe(struct sock *sk, u16 rx_control) ...@@ -3625,11 +3627,13 @@ static inline void l2cap_data_channel_rejframe(struct sock *sk, u16 rx_control)
if (pi->conn_state & L2CAP_CONN_REJ_ACT) if (pi->conn_state & L2CAP_CONN_REJ_ACT)
pi->conn_state &= ~L2CAP_CONN_REJ_ACT; pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
else { else {
if (!skb_queue_empty(TX_QUEUE(sk)))
sk->sk_send_head = TX_QUEUE(sk)->next; sk->sk_send_head = TX_QUEUE(sk)->next;
pi->next_tx_seq = pi->expected_ack_seq; pi->next_tx_seq = pi->expected_ack_seq;
l2cap_ertm_send(sk); l2cap_ertm_send(sk);
} }
} else { } else {
if (!skb_queue_empty(TX_QUEUE(sk)))
sk->sk_send_head = TX_QUEUE(sk)->next; sk->sk_send_head = TX_QUEUE(sk)->next;
pi->next_tx_seq = pi->expected_ack_seq; pi->next_tx_seq = pi->expected_ack_seq;
l2cap_ertm_send(sk); l2cap_ertm_send(sk);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment