Bluetooth: hci_core: Fix missing instances using HCI_MAX_AD_LENGTH

There a few instances still using HCI_MAX_AD_LENGTH instead of using
max_adv_len which takes care of detecting what is the actual maximum
length depending on if the controller supports EA or not.

Fixes: 112b5090c219 ("Bluetooth: MGMT: Fix always using HCI_MAX_AD_LENGTH")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index 6fb055e..6e2988b 100644 (file)
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -83,7 +83,7 @@ struct discovery_state {
        u8                      last_adv_addr_type;
        s8                      last_adv_rssi;
        u32                     last_adv_flags;
-       u8                      last_adv_data[HCI_MAX_AD_LENGTH];
+       u8                      last_adv_data[HCI_MAX_EXT_AD_LENGTH];
        u8                      last_adv_data_len;
        bool                    report_invalid_rssi;
        bool                    result_filtering;
@@ -290,7 +290,7 @@ struct adv_pattern {
        __u8 ad_type;
        __u8 offset;
        __u8 length;
-       __u8 value[HCI_MAX_AD_LENGTH];
+       __u8 value[HCI_MAX_EXT_AD_LENGTH];
 };
 
 struct adv_rssi_thresholds {
@@ -726,7 +726,7 @@ struct hci_conn {
        __u16           le_conn_interval;
        __u16           le_conn_latency;
        __u16           le_supv_timeout;
-       __u8            le_adv_data[HCI_MAX_AD_LENGTH];
+       __u8            le_adv_data[HCI_MAX_EXT_AD_LENGTH];
        __u8            le_adv_data_len;
        __u8            le_per_adv_data[HCI_MAX_PER_AD_LENGTH];
        __u8            le_per_adv_data_len;

diff --git a/net/bluetooth/eir.c b/net/bluetooth/eir.c
index 8a85f6c..9214189 100644 (file)
--- a/net/bluetooth/eir.c
+++ b/net/bluetooth/eir.c
@@ -33,7 +33,7 @@ u8 eir_append_local_name(struct hci_dev *hdev, u8 *ptr, u8 ad_len)
        size_t complete_len;
 
        /* no space left for name (+ NULL + type + len) */
-       if ((HCI_MAX_AD_LENGTH - ad_len) < HCI_MAX_SHORT_NAME_LENGTH + 3)
+       if ((max_adv_len(hdev) - ad_len) < HCI_MAX_SHORT_NAME_LENGTH + 3)
                return ad_len;
 
        /* use complete name if present and fits */

diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index d6c9b7b..ba2e006 100644 (file)
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -5381,9 +5381,9 @@ static u8 parse_adv_monitor_pattern(struct adv_monitor *m, u8 pattern_count,
        for (i = 0; i < pattern_count; i++) {
                offset = patterns[i].offset;
                length = patterns[i].length;
-               if (offset >= HCI_MAX_AD_LENGTH ||
-                   length > HCI_MAX_AD_LENGTH ||
-                   (offset + length) > HCI_MAX_AD_LENGTH)
+               if (offset >= HCI_MAX_EXT_AD_LENGTH ||
+                   length > HCI_MAX_EXT_AD_LENGTH ||
+                   (offset + length) > HCI_MAX_EXT_AD_LENGTH)
                        return MGMT_STATUS_INVALID_PARAMS;
 
                p = kmalloc(sizeof(*p), GFP_KERNEL);