[PATCH 3.13 001/105] Bluetooth: Fix HCI H5 corrupted ack value

Kamal Mostafa kamal at canonical.com
Mon Oct 27 18:55:36 UTC 2014


3.13.11.10 -stable review patch.  If anyone has any objections, please let me know.

------------------

From: Loic Poulain <loic.poulain at intel.com>

commit 4807b51895dce8aa650ebebc51fa4a795ed6b8b8 upstream.

In this expression: seq = (seq - 1) % 8
seq (u8) is implicitly converted to an int in the arithmetic operation.
So if seq value is 0, operation is ((0 - 1) % 8) => (-1 % 8) => -1.
The new seq value is 0xff which is an invalid ACK value, we expect 0x07.
It leads to frequent dropped ACK and retransmission.
Fix this by using '&' binary operator instead of '%'.

Signed-off-by: Loic Poulain <loic.poulain at intel.com>
Signed-off-by: Marcel Holtmann <marcel at holtmann.org>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 drivers/bluetooth/hci_h5.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/bluetooth/hci_h5.c b/drivers/bluetooth/hci_h5.c
index e36a024..5651992 100644
--- a/drivers/bluetooth/hci_h5.c
+++ b/drivers/bluetooth/hci_h5.c
@@ -237,7 +237,7 @@ static void h5_pkt_cull(struct h5 *h5)
 			break;
 
 		to_remove--;
-		seq = (seq - 1) % 8;
+		seq = (seq - 1) & 0x07;
 	}
 
 	if (seq != h5->rx_ack)
-- 
1.9.1





More information about the kernel-team mailing list