projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 68d7f0c)
Bluetooth: Fix bug when retransmitting I-frames
authorGustavo F. Padovan <padovan@profusion.mobi>
Sat, 1 May 2010 19:15:41 +0000 (16:15 -0300)
committerMarcel Holtmann <marcel@holtmann.org>
Mon, 10 May 2010 07:28:50 +0000 (09:28 +0200)
If there is no frames to retransmit l2cap was crashing the kernel, now
we check if the queue is empty first.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Reviewed-by: João Paulo Rechi Vita <jprvita@profusion.mobi>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
net/bluetooth/l2cap.c patch | blob | blame | history

diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index f9e4da2677afdc6d99d6bfdb59989e70ba9596dc..4c7b2d22faa5a536bf556ef3ae1ae7e780cf2809 100644 (file)
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -3546,7 +3546,8 @@ expected:
                if (pi->conn_state & L2CAP_CONN_REJ_ACT)
                        pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
                else {
-                       sk->sk_send_head = TX_QUEUE(sk)->next;
+                       if (!skb_queue_empty(TX_QUEUE(sk)))
+                               sk->sk_send_head = TX_QUEUE(sk)->next;
                        pi->next_tx_seq = pi->expected_ack_seq;
                        l2cap_ertm_send(sk);
                }
@@ -3593,7 +3594,8 @@ static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control)
                if (pi->conn_state & L2CAP_CONN_REJ_ACT)
                        pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
                else {
-                       sk->sk_send_head = TX_QUEUE(sk)->next;
+                       if (!skb_queue_empty(TX_QUEUE(sk)))
+                               sk->sk_send_head = TX_QUEUE(sk)->next;
                        pi->next_tx_seq = pi->expected_ack_seq;
                        l2cap_ertm_send(sk);
                }
@@ -3625,12 +3627,14 @@ static inline void l2cap_data_channel_rejframe(struct sock *sk, u16 rx_control)
                if (pi->conn_state & L2CAP_CONN_REJ_ACT)
                        pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
                else {
-                       sk->sk_send_head = TX_QUEUE(sk)->next;
+                       if (!skb_queue_empty(TX_QUEUE(sk)))
+                               sk->sk_send_head = TX_QUEUE(sk)->next;
                        pi->next_tx_seq = pi->expected_ack_seq;
                        l2cap_ertm_send(sk);
                }
        } else {
-               sk->sk_send_head = TX_QUEUE(sk)->next;
+               if (!skb_queue_empty(TX_QUEUE(sk)))
+                       sk->sk_send_head = TX_QUEUE(sk)->next;
                pi->next_tx_seq = pi->expected_ack_seq;
                l2cap_ertm_send(sk);