Gustavo - On Wed, 9 May 2012, Gustavo Padovan wrote:
skb->len is the wrong var to tell the size of a packet, skb->len keeps the size of the overall skb, including its head and fragments, then when sending the head the wrong size is passed if the we have a framented skb. We fix this by using skb_datalen(skb) which is the total skb size minus the fragments size, i.e., the actual head size. This bug appeared when implementing MSG_MORE support for L2CAP sockets, it never showed up before because l2cap_skbuff_fromiovec() never accounted skb size correctly. A following patch will fix this. Signed-off-by: Gustavo Padovan <gustavo@xxxxxxxxxxx> --- drivers/bluetooth/bluecard_cs.c | 5 +++-- drivers/bluetooth/bpa10x.c | 4 ++-- drivers/bluetooth/bt3c_cs.c | 4 ++-- drivers/bluetooth/btusb.c | 4 ++-- drivers/bluetooth/btwilink.c | 2 +- drivers/bluetooth/dtl1_cs.c | 13 +++++++------ drivers/bluetooth/hci_bcsp.c | 8 ++++++-- drivers/bluetooth/hci_ldisc.c | 7 ++++--- drivers/bluetooth/hci_vhci.c | 2 +- net/bluetooth/hci_core.c | 2 +- 10 files changed, 29 insertions(+), 22 deletions(-)
The drivers should never see fragmented skbs, so this change should not be necessary. See my reply to the next patch for the full background information.
-- Mat Martineau Employee of Qualcomm Innovation Center, Inc. Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
