Message ID | 20220608135105.146452-1-soenke.huster@eknoes.de |
---|---|
State | New |
Headers | show |
Series | Bluetooth: RFCOMM: Use skb_trim to trim checksum | expand |
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c index 7324764384b6..7360e905d045 100644 --- a/net/bluetooth/rfcomm/core.c +++ b/net/bluetooth/rfcomm/core.c @@ -1747,8 +1747,8 @@ static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s, type = __get_type(hdr->ctrl); /* Trim FCS */ - skb->len--; skb->tail--; - fcs = *(u8 *)skb_tail_pointer(skb); + skb_trim(skb, skb->len - 1); + fcs = *(skb->data + skb->len); if (__check_fcs(skb->data, type, fcs)) { BT_ERR("bad checksum in packet");
Use the skb helper instead of direct manipulation. This fixes the following page fault, when connecting my Android phone: BUG: unable to handle page fault for address: ffffed1021de29ff #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page RIP: 0010:rfcomm_run+0x831/0x4040 (net/bluetooth/rfcomm/core.c:1751) Signed-off-by: Soenke Huster <soenke.huster@eknoes.de> --- net/bluetooth/rfcomm/core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)