Bluetooth: HCI: Fix definition of hci_rp_delete_stored_link_key

num_keys is actually 2 octects not 1:

BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 4, Part E
page 1989:

  Num_Keys_Deleted:
  Size: 2 octets
  0xXXXX	Number of Link Keys Deleted

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h
index 923534da9c0f418770f4133d748a47108e6f3ad3..0d2a9216869b38bca7de278f45ba24d3cabce738 100644 (file)
--- a/include/net/bluetooth/hci.h
+++ b/include/net/bluetooth/hci.h
@@ -1058,7 +1058,7 @@ struct hci_cp_delete_stored_link_key {
 } __packed;
 struct hci_rp_delete_stored_link_key {
        __u8     status;
-       __u8     num_keys;
+       __le16   num_keys;
 } __packed;
 
 #define HCI_MAX_NAME_LENGTH            248

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index bda7b3ad93fada8fca3cdb9df3fbaa22baf344fa..394d676c9baa9f09f06aba3bd5bef6e7e259ffcf 100644 (file)
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -272,7 +272,7 @@ static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
                return;
 
        if (rp->num_keys <= hdev->stored_num_keys)
-               hdev->stored_num_keys -= rp->num_keys;
+               hdev->stored_num_keys -= le16_to_cpu(rp->num_keys);
        else
                hdev->stored_num_keys = 0;
 }