summaryrefslogtreecommitdiff
path: root/drivers/bluetooth/hci_h4.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/bluetooth/hci_h4.c')
-rw-r--r--drivers/bluetooth/hci_h4.c119
1 files changed, 62 insertions, 57 deletions
diff --git a/drivers/bluetooth/hci_h4.c b/drivers/bluetooth/hci_h4.c
index 07f5f7a21961..f7190f01e135 100644
--- a/drivers/bluetooth/hci_h4.c
+++ b/drivers/bluetooth/hci_h4.c
@@ -40,6 +40,7 @@
#include <linux/signal.h>
#include <linux/ioctl.h>
#include <linux/skbuff.h>
+#include <asm/unaligned.h>
#include <net/bluetooth/bluetooth.h>
#include <net/bluetooth/hci_core.h>
@@ -113,6 +114,12 @@ static int h4_enqueue(struct hci_uart *hu, struct sk_buff *skb)
return 0;
}
+static const struct h4_recv_pkt h4_recv_pkts[] = {
+ { H4_RECV_ACL, .recv = hci_recv_frame },
+ { H4_RECV_SCO, .recv = hci_recv_frame },
+ { H4_RECV_EVENT, .recv = hci_recv_frame },
+};
+
/* Recv data */
static int h4_recv(struct hci_uart *hu, const void *data, int count)
{
@@ -121,7 +128,8 @@ static int h4_recv(struct hci_uart *hu, const void *data, int count)
if (!test_bit(HCI_UART_REGISTERED, &hu->flags))
return -EUNATCH;
- h4->rx_skb = h4_recv_buf(hu->hdev, h4->rx_skb, data, count);
+ h4->rx_skb = h4_recv_buf(hu->hdev, h4->rx_skb, data, count,
+ h4_recv_pkts, ARRAY_SIZE(h4_recv_pkts));
if (IS_ERR(h4->rx_skb)) {
int err = PTR_ERR(h4->rx_skb);
BT_ERR("%s: Frame reassembly failed (%d)", hu->hdev->name, err);
@@ -159,96 +167,93 @@ int __exit h4_deinit(void)
}
struct sk_buff *h4_recv_buf(struct hci_dev *hdev, struct sk_buff *skb,
- const unsigned char *buffer, int count)
+ const unsigned char *buffer, int count,
+ const struct h4_recv_pkt *pkts, int pkts_count)
{
while (count) {
- int len;
+ int i, len;
if (!skb) {
- switch (buffer[0]) {
- case HCI_ACLDATA_PKT:
- skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE,
- GFP_ATOMIC);
- if (!skb)
- return ERR_PTR(-ENOMEM);
+ for (i = 0; i < pkts_count; i++) {
+ if (buffer[0] != (&pkts[i])->type)
+ continue;
- bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
- bt_cb(skb)->expect = HCI_ACL_HDR_SIZE;
- break;
- case HCI_SCODATA_PKT:
- skb = bt_skb_alloc(HCI_MAX_SCO_SIZE,
+ skb = bt_skb_alloc((&pkts[i])->maxlen,
GFP_ATOMIC);
if (!skb)
return ERR_PTR(-ENOMEM);
- bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
- bt_cb(skb)->expect = HCI_SCO_HDR_SIZE;
+ bt_cb(skb)->pkt_type = (&pkts[i])->type;
+ bt_cb(skb)->expect = (&pkts[i])->hlen;
break;
- case HCI_EVENT_PKT:
- skb = bt_skb_alloc(HCI_MAX_EVENT_SIZE,
- GFP_ATOMIC);
- if (!skb)
- return ERR_PTR(-ENOMEM);
+ }
- bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
- bt_cb(skb)->expect = HCI_EVENT_HDR_SIZE;
- break;
- default:
+ /* Check for invalid packet type */
+ if (!skb)
return ERR_PTR(-EILSEQ);
- }
count -= 1;
buffer += 1;
}
- len = min_t(uint, bt_cb(skb)->expect, count);
+ len = min_t(uint, bt_cb(skb)->expect - skb->len, count);
memcpy(skb_put(skb, len), buffer, len);
count -= len;
buffer += len;
- bt_cb(skb)->expect -= len;
- switch (bt_cb(skb)->pkt_type) {
- case HCI_ACLDATA_PKT:
- if (skb->len == HCI_ACL_HDR_SIZE) {
- __le16 dlen = hci_acl_hdr(skb)->dlen;
+ /* Check for partial packet */
+ if (skb->len < bt_cb(skb)->expect)
+ continue;
+
+ for (i = 0; i < pkts_count; i++) {
+ if (bt_cb(skb)->pkt_type == (&pkts[i])->type)
+ break;
+ }
+
+ if (i >= pkts_count) {
+ kfree_skb(skb);
+ return ERR_PTR(-EILSEQ);
+ }
- /* Complete ACL header */
- bt_cb(skb)->expect = __le16_to_cpu(dlen);
+ if (skb->len == (&pkts[i])->hlen) {
+ u16 dlen;
- if (skb_tailroom(skb) < bt_cb(skb)->expect) {
- kfree_skb(skb);
- return ERR_PTR(-EMSGSIZE);
- }
- }
- break;
- case HCI_SCODATA_PKT:
- if (skb->len == HCI_SCO_HDR_SIZE) {
- /* Complete SCO header */
- bt_cb(skb)->expect = hci_sco_hdr(skb)->dlen;
+ switch ((&pkts[i])->lsize) {
+ case 0:
+ /* No variable data length */
+ (&pkts[i])->recv(hdev, skb);
+ skb = NULL;
+ break;
+ case 1:
+ /* Single octet variable length */
+ dlen = skb->data[(&pkts[i])->loff];
+ bt_cb(skb)->expect += dlen;
- if (skb_tailroom(skb) < bt_cb(skb)->expect) {
+ if (skb_tailroom(skb) < dlen) {
kfree_skb(skb);
return ERR_PTR(-EMSGSIZE);
}
- }
- break;
- case HCI_EVENT_PKT:
- if (skb->len == HCI_EVENT_HDR_SIZE) {
- /* Complete event header */
- bt_cb(skb)->expect = hci_event_hdr(skb)->plen;
+ break;
+ case 2:
+ /* Double octet variable length */
+ dlen = get_unaligned_le16(skb->data +
+ (&pkts[i])->loff);
+ bt_cb(skb)->expect += dlen;
- if (skb_tailroom(skb) < bt_cb(skb)->expect) {
+ if (skb_tailroom(skb) < dlen) {
kfree_skb(skb);
return ERR_PTR(-EMSGSIZE);
}
+ break;
+ default:
+ /* Unsupported variable length */
+ kfree_skb(skb);
+ return ERR_PTR(-EILSEQ);
}
- break;
- }
-
- if (bt_cb(skb)->expect == 0) {
+ } else {
/* Complete frame */
- hci_recv_frame(hdev, skb);
+ (&pkts[i])->recv(hdev, skb);
skb = NULL;
}
}