Bluetooth: __l2cap_wait_ack() add defensive timeout
authorDean Jenkins <Dean_Jenkins@mentor.com>
Tue, 23 Jun 2015 16:59:39 +0000 (17:59 +0100)
committerMarcel Holtmann <marcel@holtmann.org>
Thu, 23 Jul 2015 15:10:51 +0000 (17:10 +0200)
Add a timeout to prevent the do while loop running in an
infinite loop. This ensures that the channel will be
instructed to close within 10 seconds so prevents
l2cap_sock_shutdown() getting stuck forever.

Returns -ENOLINK when the timeout is reached. The channel
will be subequently closed and not all data will be ACK'ed.

Signed-off-by: Dean Jenkins <Dean_Jenkins@mentor.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
include/net/bluetooth/l2cap.h
net/bluetooth/l2cap_sock.c

index 3dcad4159b0b816dc634fe9be99a6acfaa0ec220..c98afc08cc2612e046cd070b22d25aa18a88c457 100644 (file)
@@ -56,6 +56,7 @@
 #define L2CAP_MOVE_TIMEOUT             msecs_to_jiffies(4000)
 #define L2CAP_MOVE_ERTX_TIMEOUT                msecs_to_jiffies(60000)
 #define L2CAP_WAIT_ACK_POLL_PERIOD     msecs_to_jiffies(200)
+#define L2CAP_WAIT_ACK_TIMEOUT         msecs_to_jiffies(10000)
 
 #define L2CAP_A2MP_DEFAULT_MTU         670
 
index f0b052a75e8aacadb16ac51ddb120bb4189a8207..586b3d580cfcba0422828cab1843363178dfe85c 100644 (file)
@@ -1059,11 +1059,15 @@ static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
        DECLARE_WAITQUEUE(wait, current);
        int err = 0;
        int timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
+       /* Timeout to prevent infinite loop */
+       unsigned long timeout = jiffies + L2CAP_WAIT_ACK_TIMEOUT;
 
        add_wait_queue(sk_sleep(sk), &wait);
        set_current_state(TASK_INTERRUPTIBLE);
        do {
-               BT_DBG("Waiting for %d ACKs", chan->unacked_frames);
+               BT_DBG("Waiting for %d ACKs, timeout %04d ms",
+                      chan->unacked_frames, time_after(jiffies, timeout) ? 0 :
+                      jiffies_to_msecs(timeout - jiffies));
 
                if (!timeo)
                        timeo = L2CAP_WAIT_ACK_POLL_PERIOD;
@@ -1082,6 +1086,11 @@ static int __l2cap_wait_ack(struct sock *sk, struct l2cap_chan *chan)
                if (err)
                        break;
 
+               if (time_after(jiffies, timeout)) {
+                       err = -ENOLINK;
+                       break;
+               }
+
        } while (chan->unacked_frames > 0 &&
                 chan->state == BT_CONNECTED);