Re: [PATCH 1/4] Bluetooth: L2CAP: CoC: Disconnect if received packet's SDU exceeds IMTU
From: Luiz Augusto von Dentz
Date: Wed Feb 25 2026 - 12:17:21 EST
Hi Christian,
On Wed, Feb 25, 2026 at 12:07 PM Christian Eggers <ceggers@xxxxxxx> wrote:
>
> Core 6.0, Vol 3, Part A, 3.4.3:
> "If the SDU length field value exceeds the receiver's MTU, the receiver
> shall disconnect the channel..."
>
> This fixes L2CAP/LE/CFC/BV-26-C (running together with 'l2test -r -P
> 0x0027 -V le_public -I 100').
>
> Signed-off-by: Christian Eggers <ceggers@xxxxxxx>
> ---
> net/bluetooth/l2cap_core.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
> index 2dcc5bb907b8..ddac5b9270bf 100644
> --- a/net/bluetooth/l2cap_core.c
> +++ b/net/bluetooth/l2cap_core.c
> @@ -6664,6 +6664,7 @@ static int l2cap_ecred_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
>
> if (chan->imtu < skb->len) {
> BT_ERR("Too big LE L2CAP PDU");
> + l2cap_send_disconn_req(chan, ECONNRESET);
> return -ENOBUFS;
> }
>
> @@ -6690,6 +6691,7 @@ static int l2cap_ecred_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
>
> if (sdu_len > chan->imtu) {
> BT_ERR("Too big LE L2CAP SDU length received");
> + l2cap_send_disconn_req(chan, ECONNRESET);
We might want to update the error to something like ...SDU %d > %d
disconnecting... so it more descriptive by informing what it received,
what the maximum expected value is, and that it will disconnect
because of the error.
> err = -EMSGSIZE;
> goto failed;
> }
> --
> 2.44.4
>
--
Luiz Augusto von Dentz