Bluetooth: check L2CAP length in first ACL fragment
Current Bluetooth code assembles fragments of big L2CAP packets in l2cap_recv_acldata and then checks allowed L2CAP size in assemled L2CAP packet (pi->imtu < skb->len). The patch moves allowed L2CAP size check to the early stage when we receive the first fragment of L2CAP packet. We do not need to reserve and keep L2CAP fragments for bad packets. Updated version after comments from Mat Martineau <mathewm@codeaurora.org> and Gustavo Padovan <padovan@profusion.mobi>. Trace below is received when using stress tools sending big fragmented L2CAP packets. ... [ 1712.798492] swapper: page allocation failure. order:4, mode:0x4020 [ 1712.804809] [<c0031870>] (unwind_backtrace+0x0/0xdc) from [<c00a1f70>] (__alloc_pages_nodemask+0x4) [ 1712.814666] [<c00a1f70>] (__alloc_pages_nodemask+0x47c/0x4d4) from [<c00a1fd8>] (__get_free_pages+) [ 1712.824645] [<c00a1fd8>] (__get_free_pages+0x10/0x3c) from [<c026eb5c>] (__alloc_skb+0x4c/0xfc) [ 1712.833465] [<c026eb5c>] (__alloc_skb+0x4c/0xfc) from [<bf28c738>] (l2cap_recv_acldata+0xf0/0x1f8 ) [ 1712.843322] [<bf28c738>] (l2cap_recv_acldata+0xf0/0x1f8 [l2cap]) from [<bf0094ac>] (hci_rx_task+0x) ... Signed-off-by:Andrei Emeltchenko <andrei.emeltchenko@nokia.com> Acked-by:
Marcel Holtmann <marcel@holtmann.org> Signed-off-by:
Gustavo F. Padovan <padovan@profusion.mobi>
Loading
Please register or sign in to comment
