Commit 761fb8ec authored by Luiz Augusto von Dentz's avatar Luiz Augusto von Dentz
Browse files

Bluetooth: L2CAP: Fix regressions caused by reusing ident 

This attempt to fix regressions caused by reusing ident which apparently
is not handled well on certain stacks causing the stack to not respond to
requests, so instead of simple returning the first unallocated id this
stores the last used tx_ident and then attempt to use the next until all
available ids are exausted and then cycle starting over to 1.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=221120
Link: https://bugzilla.kernel.org/show_bug.cgi?id=221177


Fixes: 6c3ea155 ("Bluetooth: L2CAP: Fix not tracking outstanding TX ident")
Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
Tested-by: default avatarChristian Eggers <ceggers@arri.de>
parent b6552e05

include/net/bluetooth/l2cap.h

+1 −0
Original line number Diff line number Diff line
@@ -658,6 +658,7 @@ struct l2cap_conn { 
	struct sk_buff		*rx_skb;

	__u32			rx_len;

	struct ida		tx_ida;

	__u8			tx_ident;



	struct sk_buff_head	pending_rx;

	struct work_struct	pending_rx_work;

net/bluetooth/l2cap_core.c

+26 −3
Original line number Diff line number Diff line
@@ -926,16 +926,39 @@ int l2cap_chan_check_security(struct l2cap_chan *chan, bool initiator) 


static int l2cap_get_ident(struct l2cap_conn *conn)

{

	u8 max;

	int ident;



	/* LE link does not support tools like l2ping so use the full range */

	if (conn->hcon->type == LE_LINK)

		return ida_alloc_range(&conn->tx_ida, 1, 255, GFP_ATOMIC);



		max = 255;

	/* Get next available identificator.

	 *    1 - 128 are used by kernel.

	 *  129 - 199 are reserved.

	 *  200 - 254 are used by utilities like l2ping, etc.

	 */

	return ida_alloc_range(&conn->tx_ida, 1, 128, GFP_ATOMIC);

	else

		max = 128;



	/* Allocate ident using min as last used + 1 (cyclic) */

	ident = ida_alloc_range(&conn->tx_ida, READ_ONCE(conn->tx_ident) + 1,

				max, GFP_ATOMIC);

	/* Force min 1 to start over */

	if (ident <= 0) {

		ident = ida_alloc_range(&conn->tx_ida, 1, max, GFP_ATOMIC);

		if (ident <= 0) {

			/* If all idents are in use, log an error, this is

			 * extremely unlikely to happen and would indicate a bug

			 * in the code that idents are not being freed properly.

			 */

			BT_ERR("Unable to allocate ident: %d", ident);

			return 0;

		}

	}



	WRITE_ONCE(conn->tx_ident, ident);



	return ident;

}



static void l2cap_send_acl(struct l2cap_conn *conn, struct sk_buff *skb,