Bluetooth: SCO: Fix sco_send_frame returning skb->len
commit037ce005afupstream. The skb in modified by hci_send_sco which pushes SCO headers thus changing skb->len causing sco_sock_sendmsg to fail. Fixes:0771cbb3b9("Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg") Tested-by: Tedd Ho-Jeong An <tedd.an@intel.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Cc: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Luiz Augusto von Dentz
Greg Kroah-Hartman
Родитель
5ae749f40d
Коммит
d01605a01f
|
|
@ -283,16 +283,17 @@ static int sco_connect(struct hci_dev *hdev, struct sock *sk)
|
||||||
static int sco_send_frame(struct sock *sk, struct sk_buff *skb)
|
static int sco_send_frame(struct sock *sk, struct sk_buff *skb)
|
||||||
{
|
{
|
||||||
struct sco_conn *conn = sco_pi(sk)->conn;
|
struct sco_conn *conn = sco_pi(sk)->conn;
|
||||||
|
int len = skb->len;
|
||||||
|
|
||||||
/* Check outgoing MTU */
|
/* Check outgoing MTU */
|
||||||
if (skb->len > conn->mtu)
|
if (len > conn->mtu)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
BT_DBG("sk %p len %d", sk, skb->len);
|
BT_DBG("sk %p len %d", sk, len);
|
||||||
|
|
||||||
hci_send_sco(conn->hcon, skb);
|
hci_send_sco(conn->hcon, skb);
|
||||||
|
|
||||||
return skb->len;
|
return len;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
|
static void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
|
||||||
|
|
@ -743,7 +744,8 @@ static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg,
|
||||||
err = -ENOTCONN;
|
err = -ENOTCONN;
|
||||||
|
|
||||||
release_sock(sk);
|
release_sock(sk);
|
||||||
if (err)
|
|
||||||
|
if (err < 0)
|
||||||
kfree_skb(skb);
|
kfree_skb(skb);
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче