]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8f80c63)
Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established
authorPauli Virtanen <pav@iki.fi>
Sat, 9 Aug 2025 08:36:20 +0000 (11:36 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 28 Aug 2025 14:28:48 +0000 (16:28 +0200)
[ Upstream commit 0b3725dbf61b51e7c663834811b3691157ae17d6 ]

BN == 0x00 in CIS Established means no isochronous data for the
corresponding direction (Core v6.1 pp. 2394). In this case SDU MTU
should be 0.

However, the specification does not say the Max_PDU_C_To_P or P_To_C are
then zero.  Intel AX210 in Framed CIS mode sets nonzero Max_PDU for
direction with zero BN.  This causes failure later when we try to LE
Setup ISO Data Path for disabled direction, which is disallowed (Core
v6.1 pp. 2750).

Fix by setting SDU MTU to 0 if BN == 0.

Fixes: 2be22f1941d5f ("Bluetooth: hci_event: Fix parsing of CIS Established Event")
Signed-off-by: Pauli Virtanen <pav@iki.fi>
Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
net/bluetooth/hci_event.c patch | blob | blame | history

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 3b22ce3aa95bb555345ec751ed8c21bdc4756c93..c06010c0d882937ad7f7dabcbf249e26d3b33d2e 100644 (file)
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -6664,8 +6664,8 @@ static void hci_le_cis_estabilished_evt(struct hci_dev *hdev, void *data,
                qos->ucast.out.latency =
                        DIV_ROUND_CLOSEST(get_unaligned_le24(ev->p_latency),
                                          1000);
-               qos->ucast.in.sdu = le16_to_cpu(ev->c_mtu);
-               qos->ucast.out.sdu = le16_to_cpu(ev->p_mtu);
+               qos->ucast.in.sdu = ev->c_bn ? le16_to_cpu(ev->c_mtu) : 0;
+               qos->ucast.out.sdu = ev->p_bn ? le16_to_cpu(ev->p_mtu) : 0;
                qos->ucast.in.phy = ev->c_phy;
                qos->ucast.out.phy = ev->p_phy;
                break;
@@ -6679,8 +6679,8 @@ static void hci_le_cis_estabilished_evt(struct hci_dev *hdev, void *data,
                qos->ucast.in.latency =
                        DIV_ROUND_CLOSEST(get_unaligned_le24(ev->p_latency),
                                          1000);
-               qos->ucast.out.sdu = le16_to_cpu(ev->c_mtu);
-               qos->ucast.in.sdu = le16_to_cpu(ev->p_mtu);
+               qos->ucast.out.sdu = ev->c_bn ? le16_to_cpu(ev->c_mtu) : 0;
+               qos->ucast.in.sdu = ev->p_bn ? le16_to_cpu(ev->p_mtu) : 0;
                qos->ucast.out.phy = ev->c_phy;
                qos->ucast.in.phy = ev->p_phy;
                break;
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git