Bluetooth: Fix ATT MTU size to 23
We only support a 23 octet MTU, so auto-respond to all
MTU change requests with the 23 octet response.
Change-Id: Ic69d5f068759d983f8cd98b329acbb9d3a481c49
CRs-fixed: 336025
Signed-off-by: Brian Gix <bgix@codeaurora.org>
diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
index 312de3f..09c1b7f 100644
--- a/include/net/bluetooth/l2cap.h
+++ b/include/net/bluetooth/l2cap.h
@@ -648,6 +648,8 @@
#define L2CAP_AMP_STATE_RESEGMENT 12
#define L2CAP_ATT_ERROR 0x01
+#define L2CAP_ATT_MTU_REQ 0x02
+#define L2CAP_ATT_MTU_RSP 0x03
#define L2CAP_ATT_RESPONSE_BIT 0x01
#define L2CAP_ATT_INDICATE 0x1D
#define L2CAP_ATT_NOT_SUPPORTED 0x06
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index c73b2be..da688bb 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -7215,6 +7215,7 @@
struct sock *sk;
struct sk_buff *skb_rsp;
struct l2cap_hdr *lh;
+ u8 mtu_rsp[] = {L2CAP_ATT_MTU_RSP, 23, 0};
u8 err_rsp[] = {L2CAP_ATT_ERROR, 0x00, 0x00, 0x00,
L2CAP_ATT_NOT_SUPPORTED};
@@ -7232,6 +7233,22 @@
if (l2cap_pi(sk)->imtu < skb->len)
goto drop;
+ if (skb->data[0] == L2CAP_ATT_MTU_REQ) {
+ skb_rsp = bt_skb_alloc(sizeof(mtu_rsp) + L2CAP_HDR_SIZE,
+ GFP_ATOMIC);
+ if (!skb_rsp)
+ goto drop;
+
+ lh = (struct l2cap_hdr *) skb_put(skb_rsp, L2CAP_HDR_SIZE);
+ lh->len = cpu_to_le16(sizeof(mtu_rsp));
+ lh->cid = cpu_to_le16(L2CAP_CID_LE_DATA);
+ memcpy(skb_put(skb_rsp, sizeof(mtu_rsp)), mtu_rsp,
+ sizeof(mtu_rsp));
+ hci_send_acl(conn->hcon, NULL, skb_rsp, 0);
+
+ goto free_skb;
+ }
+
if (!sock_queue_rcv_skb(sk, skb))
goto done;