diff options
Diffstat (limited to 'net/nfc/llcp/commands.c')
| -rw-r--r-- | net/nfc/llcp/commands.c | 30 |
1 files changed, 20 insertions, 10 deletions
diff --git a/net/nfc/llcp/commands.c b/net/nfc/llcp/commands.c index b75a9b3f9e89..094f7e27e910 100644 --- a/net/nfc/llcp/commands.c +++ b/net/nfc/llcp/commands.c @@ -420,7 +420,8 @@ int nfc_llcp_send_connect(struct nfc_llcp_sock *sock) } /* If the socket parameters are not set, use the local ones */ - miux = sock->miux > LLCP_MAX_MIUX ? local->miux : sock->miux; + miux = be16_to_cpu(sock->miux) > LLCP_MAX_MIUX ? + local->miux : sock->miux; rw = sock->rw > LLCP_MAX_RW ? local->rw : sock->rw; miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&miux, 0, @@ -475,7 +476,8 @@ int nfc_llcp_send_cc(struct nfc_llcp_sock *sock) return -ENODEV; /* If the socket parameters are not set, use the local ones */ - miux = sock->miux > LLCP_MAX_MIUX ? local->miux : sock->miux; + miux = be16_to_cpu(sock->miux) > LLCP_MAX_MIUX ? + local->miux : sock->miux; rw = sock->rw > LLCP_MAX_RW ? local->rw : sock->rw; miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&miux, 0, @@ -656,6 +658,7 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock, struct nfc_llcp_local *local; size_t frag_len = 0, remaining_len; u8 *msg_data, *msg_ptr; + u16 remote_miu; pr_debug("Send I frame len %zd\n", len); @@ -692,9 +695,11 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock, remaining_len = len; msg_ptr = msg_data; - while (remaining_len > 0) { + do { + remote_miu = sock->remote_miu > LLCP_MAX_MIU ? + local->remote_miu : sock->remote_miu; - frag_len = min_t(size_t, sock->remote_miu, remaining_len); + frag_len = min_t(size_t, remote_miu, remaining_len); pr_debug("Fragment %zd bytes remaining %zd", frag_len, remaining_len); @@ -706,7 +711,8 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock, skb_put(pdu, LLCP_SEQUENCE_SIZE); - memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len); + if (likely(frag_len > 0)) + memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len); skb_queue_tail(&sock->tx_queue, pdu); @@ -718,7 +724,7 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock, remaining_len -= frag_len; msg_ptr += frag_len; - } + } while (remaining_len > 0); kfree(msg_data); @@ -732,6 +738,7 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap, struct nfc_llcp_local *local; size_t frag_len = 0, remaining_len; u8 *msg_ptr, *msg_data; + u16 remote_miu; int err; pr_debug("Send UI frame len %zd\n", len); @@ -752,9 +759,11 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap, remaining_len = len; msg_ptr = msg_data; - while (remaining_len > 0) { + do { + remote_miu = sock->remote_miu > LLCP_MAX_MIU ? + local->remote_miu : sock->remote_miu; - frag_len = min_t(size_t, sock->remote_miu, remaining_len); + frag_len = min_t(size_t, remote_miu, remaining_len); pr_debug("Fragment %zd bytes remaining %zd", frag_len, remaining_len); @@ -768,14 +777,15 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap, pdu = llcp_add_header(pdu, dsap, ssap, LLCP_PDU_UI); - memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len); + if (likely(frag_len > 0)) + memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len); /* No need to check for the peer RW for UI frames */ skb_queue_tail(&local->tx_queue, pdu); remaining_len -= frag_len; msg_ptr += frag_len; - } + } while (remaining_len > 0); kfree(msg_data); |