Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp5813571ybf; Thu, 5 Mar 2020 07:30:12 -0800 (PST) X-Google-Smtp-Source: ADFU+vv9uCpdNTR6cnh6meCcHES2P006AwyBpDZX/nsKxdnNYg+ZV71nsVhVLs+7A4g3pnoVC25d X-Received: by 2002:a05:6830:19ec:: with SMTP id t12mr5681806ott.161.1583422212715; Thu, 05 Mar 2020 07:30:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583422212; cv=none; d=google.com; s=arc-20160816; b=oBJtBsUi4BCqCmMj+LPzN4rQr5lECk8HjalwHb1GJlzo7k7YWOvDAouPFokPcFQ0NL hDJEut2eKNkwo2nbkJ2+OE13IZOmHKt06YC+VMWyDt0riACFhkkB2COqKaMoZPUPRmC/ xBJ5lFCFurdqshA58qzWUGBev4h8lqqQJnByjSzImDm5ddU4KKX7X6UcchhUupWTqJlc aySRO090nFmUjuvfmARmyU2eNCbPNs69k30NEZiBS+WfxWjTShHiEB5u3tZQYlpShiac 9j8kupmy1qcBJkmKwkwW0u0/MtdNVkPqfacAhZdfdf3yJNZpXqb7ZNKspPIB7sNvaxSk Re4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:to:from; bh=h3+IAAJqo+wI4KaIehIXb8bNvVHtzZRxQqxJHLmNBNU=; b=cnISFHOEFZu9C0a3JqYEslPoeAAUzcgNZxMAxN3ELAPcu9K8iw+Z3BJl4I3cM2Qh3D fo2AExzD55G7IXsaqjRC2GyBMCg2Bt8HgjgxXL+vm+9fax3bT/QgNsGl81U5D5OMNg8K EsHd24+bFZ+Ut0Kw3q2kG8LSQu5Hp9B46DLk4HDOZqUrWfVM7LkNsH1qISl1rKA3XTV7 BJXSUPa6EfrvSYxNx45CtreNsPO2Op0mQMwYlMH4XWLHySU7VONC3QXp9QnGbptrGl3L noUMq9TRvL94DG9DAlsRyFswKGKA+fCA3YMToqM2BLuaS7F/KR/rJ+YowW5EG6bIHnP8 1a3g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b15si4947219ots.99.2020.03.05.07.29.57; Thu, 05 Mar 2020 07:30:12 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726390AbgCEP2r (ORCPT + 99 others); Thu, 5 Mar 2020 10:28:47 -0500 Received: from coyote.holtmann.net ([212.227.132.17]:52465 "EHLO mail.holtmann.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726142AbgCEP2r (ORCPT ); Thu, 5 Mar 2020 10:28:47 -0500 Received: from localhost.localdomain (x59cc89fd.dyn.telefonica.de [89.204.137.253]) by mail.holtmann.org (Postfix) with ESMTPSA id B5023CECED for ; Thu, 5 Mar 2020 16:38:12 +0100 (CET) From: Marcel Holtmann To: linux-bluetooth@vger.kernel.org Subject: [PATCH] Bluetooth: Fix calculation of SCO handle for packet processing Date: Thu, 5 Mar 2020 16:28:39 +0100 Message-Id: <20200305152839.92437-1-marcel@holtmann.org> X-Mailer: git-send-email 2.24.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org When processing SCO packets, the handle is wrongly assumed as 16-bit value. The actual size is 12-bits and the other 4-bits are used for packet flags. Signed-off-by: Marcel Holtmann --- net/bluetooth/hci_core.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index 4e6d61a95b20..6a88954e67c0 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c @@ -4387,13 +4387,16 @@ static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb) { struct hci_sco_hdr *hdr = (void *) skb->data; struct hci_conn *conn; - __u16 handle; + __u16 handle, flags; skb_pull(skb, HCI_SCO_HDR_SIZE); handle = __le16_to_cpu(hdr->handle); + flags = hci_flags(handle); + handle = hci_handle(handle); - BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle); + BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len, + handle, flags); hdev->stat.sco_rx++; -- 2.24.1