Page MenuHomeFreeBSD
Files F106226674

D46736.id143568.diff
No OneTemporary
Actions

D46736.id143568.diff
View Options

diff --git a/sys/netgraph/bluetooth/drivers/ubt/ng_ubt.c b/sys/netgraph/bluetooth/drivers/ubt/ng_ubt.c
--- a/sys/netgraph/bluetooth/drivers/ubt/ng_ubt.c
+++ b/sys/netgraph/bluetooth/drivers/ubt/ng_ubt.c
@@ -534,6 +534,7 @@
* Size of both command and response buffers are passed in length field of
* corresponding structures in "Parameter Total Length" format i.e.
* not including HCI packet headers.
+ * Expected event code must be placed into "Event code" of the response buffer.
*
* Must not be used after USB transfers have been configured in attach routine.
*/
@@ -572,6 +573,12 @@
if (evt == NULL)
return (USB_ERR_NORMAL_COMPLETION);
+ /* Save operation code if we expect completion event in response */
+ if(((struct ubt_hci_event *)evt)->header.event ==
+ NG_HCI_EVENT_COMMAND_COMPL)
+ ((struct ubt_hci_event_command_compl *)evt)->opcode =
+ cmd->opcode;
+
/* Initialize INTR endpoint xfer and wait for response */
mtx_init(&mtx, "ubt pb", NULL, MTX_DEF | MTX_NEW);
@@ -842,6 +849,8 @@
struct ubt_hci_event *evt = usbd_xfer_softc(xfer);
struct usb_page_cache *pc;
int actlen;
+ struct ubt_hci_evhdr evhdr;
+ uint16_t opcode;
usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
@@ -849,7 +858,25 @@
case USB_ST_TRANSFERRED:
if (actlen > UBT_HCI_EVENT_SIZE(evt))
actlen = UBT_HCI_EVENT_SIZE(evt);
+ if (actlen < sizeof(evhdr))
+ goto submit_next;
pc = usbd_xfer_get_frame(xfer, 0);
+ usbd_copy_out(pc, 0, &evhdr, sizeof(evhdr));
+ /* Check for expected event code */
+ if (evt->header.event != 0 &&
+ (evt->header.event != evhdr.event))
+ goto submit_next;
+ /* For completion events check operation code as well */
+ if (evt->header.event == NG_HCI_EVENT_COMMAND_COMPL) {
+ if (actlen < sizeof(struct ubt_hci_event_command_compl))
+ goto submit_next;
+ usbd_copy_out(pc,
+ offsetof(struct ubt_hci_event_command_compl, opcode),
+ &opcode, sizeof(opcode));
+ if (opcode !=
+ ((struct ubt_hci_event_command_compl *)evt)->opcode)
+ goto submit_next;
+ }
usbd_copy_out(pc, 0, evt, actlen);
/* OneShot mode */
wakeup(evt);
diff --git a/sys/netgraph/bluetooth/drivers/ubt/ng_ubt_intel.c b/sys/netgraph/bluetooth/drivers/ubt/ng_ubt_intel.c
--- a/sys/netgraph/bluetooth/drivers/ubt/ng_ubt_intel.c
+++ b/sys/netgraph/bluetooth/drivers/ubt/ng_ubt_intel.c
@@ -117,14 +117,14 @@
cmd.opcode = htole16(opcode);
evt = malloc(offsetof(struct ubt_hci_event_command_compl, data) +
resp_len, M_TEMP, M_ZERO | M_WAITOK);
+ evt->header.event = NG_HCI_EVENT_COMMAND_COMPL;
evt->header.length = resp_len + UBT_HCI_EVENT_COMPL_HEAD_SIZE;
error = ubt_do_hci_request(udev, &cmd, evt, UBT_INTEL_HCICMD_TIMEOUT);
if (error != USB_ERR_NORMAL_COMPLETION)
goto exit;
- if (evt->header.event == NG_HCI_EVENT_COMMAND_COMPL &&
- evt->header.length == resp_len + UBT_HCI_EVENT_COMPL_HEAD_SIZE)
+ if (evt->header.length == resp_len + UBT_HCI_EVENT_COMPL_HEAD_SIZE)
memcpy(resp, evt->data, resp_len);
else
error = USB_ERR_INVAL;
@@ -148,6 +148,7 @@
uint8_t *data;
evt = malloc(UBT_INTEL_MAX_EVT_SIZE, M_TEMP, M_ZERO | M_WAITOK);
+ evt->header.event = NG_HCI_EVENT_COMMAND_COMPL;
evt->header.length =
UBT_INTEL_MAX_EVT_SIZE - sizeof(struct ubt_hci_evhdr);

File Metadata

Mime Type
text/plain
Expires
Sat, Dec 28, 12:41 PM (6 h, 51 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
15622966
Default Alt Text
D46736.id143568.diff (3 KB)

Event Timeline