On Fri, Jun 28, 2013 at 05:00:30PM +0400, Johan Hedberg wrote: > Hi Luis, > > On Fri, Jun 28, 2013, Luis Henriques wrote: > > > --- a/net/bluetooth/l2cap_core.c > > > +++ b/net/bluetooth/l2cap_core.c > > > @@ -3399,7 +3399,7 @@ static inline int l2cap_move_channel_con > > > struct l2cap_move_chan_cfm_rsp *rsp = data; > > > u16 icid; > > > > > > - if (cmd_len != sizeof(*rsp)) > > > + if (cmd_len < sizeof(*rsp)) > > > return -EPROTO; > > > > > > icid = le16_to_cpu(rsp->icid); > > > > > > > I have doubts about the correctness of this backport: the original > > commit modifies function l2cap_information_rsp(), while this backport > > changes l2cap_move_channel_confirm_rsp(). > > > > Looking at mainline code, l2cap_move_channel_confirm_rsp() does not > > contain the change you're introducing. Maybe I'm misreading the code > > and missing something. > > > > Besides, the commit text claims it is fixing an issue introduced by > > cb3b3152b2f5939d67005cff841a1ca748b19888, which is actually not > > present in the 3.4 kernel. > > Looks incorrect to me too. The commit that this depends on > (cb3b3152b2f5939d67005cff841a1ca748b19888) did also have the Cc: stable > tag, but it never made it to the 3.4 branch. Thanks for both of you checking this out, I've now dropped it from the 3.4-stable tree. greg k-h -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html