Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This attempts to detect if HCI_EV_NUM_COMP_PKTS contain an unbalanced
(more than currently considered outstanding) number of packets otherwise
it could cause the hcon->sent to underflow and loop around breaking the
tracking of the outstanding packets pending acknowledgment.

Fixes: f42809185896 ("Bluetooth: Simplify num_comp_pkts_evt function")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

Luiz Augusto von Dentz 7 months ago 15bf2c63 b7fafbc4

+11 -1

1 changed file

expand all

net

bluetooth

hci_event.c

+11 -1

net/bluetooth/hci_event.c

··· 4404 4404 if (!conn) 4405 4405 continue; 4406 4406 4407 - conn->sent -= count; 4407 + /* Check if there is really enough packets outstanding before 4408 + * attempting to decrease the sent counter otherwise it could 4409 + * underflow.. 4410 + */ 4411 + if (conn->sent >= count) { 4412 + conn->sent -= count; 4413 + } else { 4414 + bt_dev_warn(hdev, "hcon %p sent %u < count %u", 4415 + conn, conn->sent, count); 4416 + conn->sent = 0; 4417 + } 4408 4418 4409 4419 for (i = 0; i < count; ++i) 4410 4420 hci_conn_tx_dequeue(conn);