Avoid race conditions when acessing the sock.
Signed-off-by: Gustavo F. Padovan <[email protected]>
---
net/bluetooth/l2cap.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index c04526f..efac637 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -1192,6 +1192,7 @@ static void l2cap_monitor_timeout(unsigned long arg)
struct sock *sk = (void *) arg;
u16 control;
+ bh_lock_sock(sk);
if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk);
return;
@@ -1203,6 +1204,7 @@ static void l2cap_monitor_timeout(unsigned long arg)
control = L2CAP_CTRL_POLL;
control |= L2CAP_SUPER_RCV_READY;
l2cap_send_sframe(l2cap_pi(sk), control);
+ bh_unlock_sock(sk);
}
static void l2cap_retrans_timeout(unsigned long arg)
@@ -1210,6 +1212,7 @@ static void l2cap_retrans_timeout(unsigned long arg)
struct sock *sk = (void *) arg;
u16 control;
+ bh_lock_sock(sk);
l2cap_pi(sk)->retry_count = 1;
__mod_monitor_timer();
@@ -1218,6 +1221,7 @@ static void l2cap_retrans_timeout(unsigned long arg)
control = L2CAP_CTRL_POLL;
control |= L2CAP_SUPER_RCV_READY;
l2cap_send_sframe(l2cap_pi(sk), control);
+ bh_unlock_sock(sk);
}
static void l2cap_drop_acked_frames(struct sock *sk)
--
1.6.3.3
Simplify the conversion to the right endian.
Signed-off-by: Gustavo F. Padovan <[email protected]>
---
net/bluetooth/l2cap.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index efac637..e5847c5 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -2924,7 +2924,7 @@ static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cm
if (enable_ertm)
feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
| L2CAP_FEAT_FCS;
- put_unaligned(cpu_to_le32(feat_mask), (__le32 *) rsp->data);
+ put_unaligned_le32(feat_mask, rsp->data);
l2cap_send_cmd(conn, cmd->ident,
L2CAP_INFO_RSP, sizeof(buf), buf);
} else if (type == L2CAP_IT_FIXED_CHAN) {
@@ -3572,7 +3572,7 @@ static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
break;
case L2CAP_CID_CONN_LESS:
- psm = get_unaligned((__le16 *) skb->data);
+ psm = get_unaligned_le16(skb->data);
skb_pull(skb, 2);
l2cap_conless_channel(conn, psm, skb);
break;
--
1.6.3.3
Hi Marcel,
> I am actually forgiving when people send patches as attachments since
> sometimes the corporate email servers are just stupid. However gzipped
> patches is where I draw the line. Please re-send it.
Please check patch below:
Subject: [PATCH] Bluetooth: Fix locking scheme regression.
When locking was introduced the error path branch was not taken
into account. Error was found in sparse code checking. Kudos to
Jani Nikula.
Signed-off-by: Andrei Emeltchenko <[email protected]>
Acked-by: Gustavo F. Padovan <[email protected]>
---
net/bluetooth/l2cap.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 947f8bb..6f5d98f 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -1208,6 +1208,7 @@ static void l2cap_monitor_timeout(unsigned long arg)
bh_lock_sock(sk);
if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk);
+ bh_unlock_sock(sk);
return;
}
--
1.6.0.4
Hi Andrei,
> > Avoid race conditions when acessing the sock.
> >
> > Signed-off-by: Gustavo F. Padovan <[email protected]>
> > ---
> > net/bluetooth/l2cap.c | 4 ++++
> > 1 files changed, 4 insertions(+), 0 deletions(-)
> >
> > diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
> > index c04526f..efac637 100644
> > --- a/net/bluetooth/l2cap.c
> > +++ b/net/bluetooth/l2cap.c
> > @@ -1192,6 +1192,7 @@ static void l2cap_monitor_timeout(unsigned long arg)
> > struct sock *sk = (void *) arg;
> > u16 control;
> >
> > + bh_lock_sock(sk);
> > if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
> > l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk);
>
> missing unlock ?
>
> > return;
> > @@ -1203,6 +1204,7 @@ static void l2cap_monitor_timeout(unsigned long arg)
> > control = L2CAP_CTRL_POLL;
> > control |= L2CAP_SUPER_RCV_READY;
> > l2cap_send_sframe(l2cap_pi(sk), control);
> > + bh_unlock_sock(sk);
> > }
>
> Please consider following patch:
>
> --- a/net/bluetooth/l2cap.c
> +++ b/net/bluetooth/l2cap.c
> @@ -1208,6 +1208,7 @@ static void l2cap_monitor_timeout(unsigned long arg)
> bh_lock_sock(sk);
> if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
> l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk);
> + bh_unlock_sock(sk);
> return;
> }
>
>
> Also see complete patch attached.
I am actually forgiving when people send patches as attachments since
sometimes the corporate email servers are just stupid. However gzipped
patches is where I draw the line. Please re-send it.
Regards
Marcel
Hi,
On Mon, Dec 14, 2009 at 8:36 AM, Andrei Emeltchenko
<[email protected]> wrote:
> Hi,
>
> On Mon, Aug 24, 2009 at 5:45 AM, Gustavo F. Padovan
> <[email protected]> wrote:
>> Avoid race conditions when acessing the sock.
>>
>> Signed-off-by: Gustavo F. Padovan <[email protected]>
>> ---
>> =A0net/bluetooth/l2cap.c | =A0 =A04 ++++
>> =A01 files changed, 4 insertions(+), 0 deletions(-)
>>
>> diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
>> index c04526f..efac637 100644
>> --- a/net/bluetooth/l2cap.c
>> +++ b/net/bluetooth/l2cap.c
>> @@ -1192,6 +1192,7 @@ static void l2cap_monitor_timeout(unsigned long ar=
g)
>> =A0 =A0 =A0 =A0struct sock *sk =3D (void *) arg;
>> =A0 =A0 =A0 =A0u16 control;
>>
>> + =A0 =A0 =A0 bh_lock_sock(sk);
>> =A0 =A0 =A0 =A0if (l2cap_pi(sk)->retry_count >=3D l2cap_pi(sk)->remote_m=
ax_tx) {
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0l2cap_send_disconn_req(l2cap_pi(sk)->conn=
, sk);
>
> missing unlock ?
>
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0return;
>> @@ -1203,6 +1204,7 @@ static void l2cap_monitor_timeout(unsigned long ar=
g)
>> =A0 =A0 =A0 =A0control =3D L2CAP_CTRL_POLL;
>> =A0 =A0 =A0 =A0control |=3D L2CAP_SUPER_RCV_READY;
>> =A0 =A0 =A0 =A0l2cap_send_sframe(l2cap_pi(sk), control);
>> + =A0 =A0 =A0 bh_unlock_sock(sk);
>> =A0}
>
> Please consider following patch:
>
> --- a/net/bluetooth/l2cap.c
> +++ b/net/bluetooth/l2cap.c
> @@ -1208,6 +1208,7 @@ static void l2cap_monitor_timeout(unsigned long arg=
)
> =A0 =A0 =A0 =A0bh_lock_sock(sk);
> =A0 =A0 =A0 =A0if (l2cap_pi(sk)->retry_count >=3D l2cap_pi(sk)->remote_ma=
x_tx) {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0l2cap_send_disconn_req(l2cap_pi(sk)->conn,=
sk);
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 bh_unlock_sock(sk);
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0return;
> =A0 =A0 =A0 =A0}
>
>
> Also see complete patch attached.
Acked-by: Gustavo F. Padovan <[email protected]>
>
> Regards,
> Andrei Emeltchenko
>
--=20
Gustavo F. Padovan
http://padovan.org
Hi,
On Mon, Aug 24, 2009 at 5:45 AM, Gustavo F. Padovan
<[email protected]> wrote:
> Avoid race conditions when acessing the sock.
>
> Signed-off-by: Gustavo F. Padovan <[email protected]>
> ---
> ?net/bluetooth/l2cap.c | ? ?4 ++++
> ?1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
> index c04526f..efac637 100644
> --- a/net/bluetooth/l2cap.c
> +++ b/net/bluetooth/l2cap.c
> @@ -1192,6 +1192,7 @@ static void l2cap_monitor_timeout(unsigned long arg)
> ? ? ? ?struct sock *sk = (void *) arg;
> ? ? ? ?u16 control;
>
> + ? ? ? bh_lock_sock(sk);
> ? ? ? ?if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
> ? ? ? ? ? ? ? ?l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk);
missing unlock ?
> ? ? ? ? ? ? ? ?return;
> @@ -1203,6 +1204,7 @@ static void l2cap_monitor_timeout(unsigned long arg)
> ? ? ? ?control = L2CAP_CTRL_POLL;
> ? ? ? ?control |= L2CAP_SUPER_RCV_READY;
> ? ? ? ?l2cap_send_sframe(l2cap_pi(sk), control);
> + ? ? ? bh_unlock_sock(sk);
> ?}
Please consider following patch:
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -1208,6 +1208,7 @@ static void l2cap_monitor_timeout(unsigned long arg)
bh_lock_sock(sk);
if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk);
+ bh_unlock_sock(sk);
return;
}
Also see complete patch attached.
Regards,
Andrei Emeltchenko