Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ab2c1e84 authored by IHLHO KIM's avatar IHLHO KIM Committed by Chris Manton
Browse files

Fix GATT data loss due to segmentation error 

Wrong segmentation of HCI ACL data packet makes data loss.
HCI ACL Data packet header(preamble) has to be removed for the calculation.
BR_EDR will have same issue. This fix it also.

This issue came from the following patch.
https://android-review.googlesource.com/c/platform/system/bt/+/1407393

Bug: 201372527
Change-Id: I9d6b813b173512638680bdf301379851a2e34180
Tag: #refactor
Test: compile & verify basic functions working
Ignore-AOSP-First: Backport
parent 8a623418

system/stack/l2cap/l2c_link.cc

+8 −4
Original line number Diff line number Diff line
@@ -1047,6 +1047,8 @@ void l2c_OnHciModeChangeSendPendingPackets(RawAddress remote) { 
static void l2c_link_send_to_lower_br_edr(tL2C_LCB* p_lcb, BT_HDR* p_buf) {

  const uint16_t acl_packet_size_classic =

      controller_get_interface()->get_acl_packet_size_classic();

  const uint16_t acl_data_size_classic =

      controller_get_interface()->get_acl_data_size_classic();

  const uint16_t link_xmit_quota = p_lcb->link_xmit_quota;

  const bool is_bdr_and_fits_in_buffer =

      bluetooth::shim::is_gd_acl_enabled()
@@ -1062,8 +1064,8 @@ static void l2c_link_send_to_lower_br_edr(tL2C_LCB* p_lcb, BT_HDR* p_buf) { 
    l2cb.controller_xmit_window--;

  } else {

    uint16_t num_segs =

        (p_buf->len - HCI_DATA_PREAMBLE_SIZE + acl_packet_size_classic - 1) /

        acl_packet_size_classic;

        (p_buf->len - HCI_DATA_PREAMBLE_SIZE + acl_data_size_classic - 1) /

        acl_data_size_classic;



    /* If doing round-robin, then only 1 segment each time */

    if (p_lcb->link_xmit_quota == 0) {
@@ -1097,6 +1099,8 @@ static void l2c_link_send_to_lower_br_edr(tL2C_LCB* p_lcb, BT_HDR* p_buf) { 
static void l2c_link_send_to_lower_ble(tL2C_LCB* p_lcb, BT_HDR* p_buf) {

  const uint16_t acl_packet_size_ble =

      controller_get_interface()->get_acl_packet_size_ble();

  const uint16_t acl_data_size_ble =

      controller_get_interface()->get_acl_data_size_ble();

  const uint16_t link_xmit_quota = p_lcb->link_xmit_quota;

  const bool is_ble_and_fits_in_buffer = (p_buf->len <= acl_packet_size_ble);
@@ -1109,8 +1113,8 @@ static void l2c_link_send_to_lower_ble(tL2C_LCB* p_lcb, BT_HDR* p_buf) { 
    l2cb.controller_le_xmit_window--;

  } else {

    uint16_t num_segs =

        (p_buf->len - HCI_DATA_PREAMBLE_SIZE + acl_packet_size_ble - 1) /

        acl_packet_size_ble;

        (p_buf->len - HCI_DATA_PREAMBLE_SIZE + acl_data_size_ble - 1) /

        acl_data_size_ble;



    /* If doing round-robin, then only 1 segment each time */

    if (p_lcb->link_xmit_quota == 0) {