Bluetooth: __l2cap_wait_ack() add defensive timeout (e432c72c) · Commits · e / devices / android_kernel_oneplus_sm7250

include/net/bluetooth/l2cap.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -56,6 +56,7 @@
		#define L2CAP_MOVE_TIMEOUT msecs_to_jiffies(4000)
		#define L2CAP_MOVE_ERTX_TIMEOUT msecs_to_jiffies(60000)
		#define L2CAP_WAIT_ACK_POLL_PERIOD msecs_to_jiffies(200)
		#define L2CAP_WAIT_ACK_TIMEOUT msecs_to_jiffies(10000)

		#define L2CAP_A2MP_DEFAULT_MTU 670

+10 −1

Original line number	Diff line number	Diff line
		@@ -1059,11 +1059,15 @@ static int __l2cap_wait_ack(struct sock sk, struct l2cap_chan chan)
		DECLARE_WAITQUEUE(wait, current);
		int err = 0;
		int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
		/* Timeout to prevent infinite loop */
		unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;

		add_wait_queue(sk_sleep(sk), &wait);
		set_current_state(TASK_INTERRUPTIBLE);
		do {
		BT_DBG("Waiting for %d ACKs", chan->unacked_frames);
		BT_DBG("Waiting for %d ACKs, timeout %04d ms",
		chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
		jiffies_to_msecs(timeout - jiffies));

		if (!timeo)
		timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
		@@ -1082,6 +1086,11 @@ static int __l2cap_wait_ack(struct sock sk, struct l2cap_chan chan)
		if (err)
		break;

		if (time_after(jiffies, timeout)) {
		err = -ENOLINK;
		break;
		}

		} while (chan->unacked_frames > 0 &&
		chan->state == BT_CONNECTED);