From: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
commit 7967dc8f797f454d4f4acec15c7df0cdf4801617 upstream.
Since 61a939c68ee0 ("Bluetooth: Queue incoming ACL data until
BT_CONNECTED state is reached") there is no long the need to call
mgmt_device_connected as ACL data will be queued until BT_CONNECTED
state.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=219458
Link: https://github.com/bluez/bluez/issues/1014
Fixes: 333b4fd11e89 ("Bluetooth: L2CAP: Fix uaf in l2cap_connect")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/bluetooth/hci_core.c | 2 --
1 file changed, 2 deletions(-)
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -4964,8 +4964,6 @@ static void hci_acldata_packet(struct hc
hci_dev_lock(hdev);
conn = hci_conn_hash_lookup_handle(hdev, handle);
- if (conn && hci_dev_test_flag(hdev, HCI_MGMT))
- mgmt_device_connected(hdev, conn, NULL, 0);
hci_dev_unlock(hdev);
if (conn) {
Patches currently in stable-queue which might be from luiz.von.dentz@xxxxxxxxx are
queue-5.15/bluetooth-l2cap-fix-uaf-in-l2cap_connect.patch
queue-5.15/bluetooth-fix-type-of-len-in-rfcomm_sock_getsockopt-_old.patch
queue-5.15/bluetooth-hci_core-fix-not-checking-skb-length-on-hc.patch
queue-5.15/bluetooth-hci_core-fix-calling-mgmt_device_connected.patch
queue-5.15/bluetooth-fix-use-after-free-in-device_for_each_chil.patch
