When building fragmented skb's skb->len keeps track of the size of head
plus all fragments combined, however when queueing the skb for sending we
need to report the head size instead of the total size, so we just set
skb->len to skb_headlen().
This bug appeared when implementing MSG_MORE support for L2CAP sockets, it
never showed up before because l2cap_skbuff_fromiovec() never accounted skb
size correctly. A following patch will fix this.
Signed-off-by: Gustavo Padovan <[email protected]>
---
net/bluetooth/hci_core.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index a492b374..a7208e8 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -2162,6 +2162,12 @@ static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue,
struct hci_dev *hdev = conn->hdev;
struct sk_buff *list;
+ skb->len = skb_headlen(skb);
+ skb->data_len = 0;
+
+ bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
+ hci_add_acl_hdr(skb, conn->handle, flags);
+
list = skb_shinfo(skb)->frag_list;
if (!list) {
/* Non fragmented */
@@ -2205,8 +2211,6 @@ void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
BT_DBG("%s chan %p flags 0x%x", hdev->name, chan, flags);
skb->dev = (void *) hdev;
- bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
- hci_add_acl_hdr(skb, conn->handle, flags);
hci_queue_acl(conn, &chan->data_q, skb, flags);
--
1.7.10.1
Hi Mat,
* Mat Martineau <[email protected]> [2012-05-09 16:28:53 -0700]:
>
> On Wed, 9 May 2012, Gustavo Padovan wrote:
>
> >When we add a fragment to a skb, len, data_len and truesize fields needs
> >to be updated.
>
> truesize is not updated in this version of the patch. Also, change
> "needs" to "need"
Thanks for the English fixes in both patches! I'll resend a v3 with those
fixes in.
Gustavo
On Wed, 9 May 2012, Gustavo Padovan wrote:
> When we add a fragment to a skb, len, data_len and truesize fields needs
> to be updated.
truesize is not updated in this version of the patch. Also, change
"needs" to "need"
>
> Signed-off-by: Gustavo Padovan <[email protected]>
> ---
> net/bluetooth/l2cap_core.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
> index 66a1a55..f45f92d 100644
> --- a/net/bluetooth/l2cap_core.c
> +++ b/net/bluetooth/l2cap_core.c
> @@ -1851,6 +1851,9 @@ static inline int l2cap_skbuff_fromiovec(struct l2cap_chan *chan,
> sent += count;
> len -= count;
>
> + skb->len += (*frag)->len;
> + skb->data_len += (*frag)->len;
> +
> frag = &(*frag)->next;
> }
>
> --
> 1.7.10.1
--
Mat Martineau
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum
On Wed, 9 May 2012, Gustavo Padovan wrote:
> When building fragmented skb's skb->len keeps track of the size of head
> plus all fragments combined, however when queueing the skb for sending we
> need to report the head size instead of the total size, so we just set
> skb->len to skb_headlen().
>
> This bug appeared when implementing MSG_MORE support for L2CAP sockets, it
> never showed up before because l2cap_skbuff_fromiovec() never accounted skb
> size correctly. A following patch will fix this.
>
> Signed-off-by: Gustavo Padovan <[email protected]>
> ---
> net/bluetooth/hci_core.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
> index a492b374..a7208e8 100644
> --- a/net/bluetooth/hci_core.c
> +++ b/net/bluetooth/hci_core.c
> @@ -2162,6 +2162,12 @@ static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue,
> struct hci_dev *hdev = conn->hdev;
> struct sk_buff *list;
>
> + skb->len = skb_headlen(skb);
> + skb->data_len = 0;
> +
> + bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
> + hci_add_acl_hdr(skb, conn->handle, flags);
> +
> list = skb_shinfo(skb)->frag_list;
> if (!list) {
> /* Non fragmented */
> @@ -2205,8 +2211,6 @@ void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
> BT_DBG("%s chan %p flags 0x%x", hdev->name, chan, flags);
>
> skb->dev = (void *) hdev;
> - bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
> - hci_add_acl_hdr(skb, conn->handle, flags);
>
> hci_queue_acl(conn, &chan->data_q, skb, flags);
>
> --
> 1.7.10.1
Looks fine to me. For the patch title, you might say "Bluetooth: Fix
packet size provided to the controller"
Reviewed-by: Mat Martineau <[email protected]>
--
Mat Martineau
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum
Hah! it should be "PATCH" actually :)
* Gustavo Padovan <[email protected]> [2012-05-09 18:27:15 -0300]:
> When building fragmented skb's skb->len keeps track of the size of head
> plus all fragments combined, however when queueing the skb for sending we
> need to report the head size instead of the total size, so we just set
> skb->len to skb_headlen().
>
> This bug appeared when implementing MSG_MORE support for L2CAP sockets, it
> never showed up before because l2cap_skbuff_fromiovec() never accounted skb
> size correctly. A following patch will fix this.
>
> Signed-off-by: Gustavo Padovan <[email protected]>
> ---
> net/bluetooth/hci_core.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
> index a492b374..a7208e8 100644
> --- a/net/bluetooth/hci_core.c
> +++ b/net/bluetooth/hci_core.c
> @@ -2162,6 +2162,12 @@ static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue,
> struct hci_dev *hdev = conn->hdev;
> struct sk_buff *list;
>
> + skb->len = skb_headlen(skb);
> + skb->data_len = 0;
> +
> + bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
> + hci_add_acl_hdr(skb, conn->handle, flags);
> +
> list = skb_shinfo(skb)->frag_list;
> if (!list) {
> /* Non fragmented */
> @@ -2205,8 +2211,6 @@ void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
> BT_DBG("%s chan %p flags 0x%x", hdev->name, chan, flags);
>
> skb->dev = (void *) hdev;
> - bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
> - hci_add_acl_hdr(skb, conn->handle, flags);
>
> hci_queue_acl(conn, &chan->data_q, skb, flags);
>
> --
> 1.7.10.1
>
Gustavo
When we add a fragment to a skb, len, data_len and truesize fields needs
to be updated.
Signed-off-by: Gustavo Padovan <[email protected]>
---
net/bluetooth/l2cap_core.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 66a1a55..f45f92d 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -1851,6 +1851,9 @@ static inline int l2cap_skbuff_fromiovec(struct l2cap_chan *chan,
sent += count;
len -= count;
+ skb->len += (*frag)->len;
+ skb->data_len += (*frag)->len;
+
frag = &(*frag)->next;
}
--
1.7.10.1