From 2df012001d36e56cd92dab0255cf4bce3f5b16bc Mon Sep 17 00:00:00 2001 From: David Herrmann Date: Sat, 6 Apr 2013 20:28:48 +0200 Subject: [PATCH] Bluetooth: hidp: handle kernel_sendmsg() errors correctly We shouldn't push back the skbs if kernel_sendmsg() fails. Instead, we terminate the connection and drop the skb. Only on EAGAIN we push it back and return. l2cap doesn't return EAGAIN, yet, but this guarantees we're safe if it will at some time in the future. Signed-off-by: David Herrmann Acked-by: Marcel Holtmann Signed-off-by: Gustavo Padovan --- net/bluetooth/hidp/core.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c index 481bbb8..3f6ef06 100644 --- a/net/bluetooth/hidp/core.c +++ b/net/bluetooth/hidp/core.c @@ -639,13 +639,19 @@ static int hidp_send_frame(struct socket *sock, unsigned char *data, int len) static void hidp_process_intr_transmit(struct hidp_session *session) { struct sk_buff *skb; + int ret; BT_DBG("session %p", session); while ((skb = skb_dequeue(&session->intr_transmit))) { - if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) { + ret = hidp_send_frame(session->intr_sock, skb->data, skb->len); + if (ret == -EAGAIN) { skb_queue_head(&session->intr_transmit, skb); break; + } else if (ret < 0) { + hidp_session_terminate(session); + kfree_skb(skb); + break; } hidp_set_timer(session); @@ -656,13 +662,19 @@ static void hidp_process_intr_transmit(struct hidp_session *session) static void hidp_process_ctrl_transmit(struct hidp_session *session) { struct sk_buff *skb; + int ret; BT_DBG("session %p", session); while ((skb = skb_dequeue(&session->ctrl_transmit))) { - if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) { + ret = hidp_send_frame(session->ctrl_sock, skb->data, skb->len); + if (ret == -EAGAIN) { skb_queue_head(&session->ctrl_transmit, skb); break; + } else if (ret < 0) { + hidp_session_terminate(session); + kfree_skb(skb); + break; } hidp_set_timer(session); -- 2.7.4