On Fri, Aug 09, 2013 at 10:54:58AM +0300, Johan Hedberg wrote: > Hi Greg, > > On Thu, Aug 08, 2013, Greg Kroah-Hartman wrote: > > 3.10-stable review patch. If anyone has any objections, please let me know. > > > > ------------------ > > > > From: Jaganath Kanakkassery <jaganath.k@xxxxxxxxxxx> > > > > commit da9910ac4a816b4340944c78d94c02a35527db46 upstream. > > > > The length check is invalid since the length varies with type of > > info response. > > > > This was introduced by the commit cb3b3152b2f5939d67005cff841a1ca748b19888 > > > > Because of this, l2cap info rsp is not handled and command reject is sent. > > > > > ACL data: handle 11 flags 0x02 dlen 16 > > L2CAP(s): Info rsp: type 2 result 0 > > Extended feature mask 0x00b8 > > Enhanced Retransmission mode > > Streaming mode > > FCS Option > > Fixed Channels > > < ACL data: handle 11 flags 0x00 dlen 10 > > L2CAP(s): Command rej: reason 0 > > Command not understood > > > > Signed-off-by: Jaganath Kanakkassery <jaganath.k@xxxxxxxxxxx> > > Signed-off-by: Chan-Yeol Park <chanyeol.park@xxxxxxxxxxx> > > Acked-by: Johan Hedberg <johan.hedberg@xxxxxxxxx> > > Signed-off-by: Gustavo Padovan <gustavo.padovan@xxxxxxxxxxxxxxx> > > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > > > > --- > > net/bluetooth/l2cap_core.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > --- a/net/bluetooth/l2cap_core.c > > +++ b/net/bluetooth/l2cap_core.c > > @@ -4240,7 +4240,7 @@ static inline int l2cap_disconnect_rsp(s > > u16 dcid, scid; > > struct l2cap_chan *chan; > > > > - if (cmd_len != sizeof(*rsp)) > > + if (cmd_len < sizeof(*rsp)) > > return -EPROTO; > > > > scid = __le16_to_cpu(rsp->scid); > > This patch is already in 3.10 so there should be no need to try to > backport it (not to mention that this backport itself is incorrect in > that it modifies l2cap_disconnect_rsp whereas the original patch > modifies l2cap_information_rsp). > > For whatever reason this commit seems to exist twice in Linus' tree: once > before the v3.10 tag with id 3f6fa3d489e127ca5a5b298eabac3ff5dbe0e112 and > once after the v3.10 tag with id da9910ac4a816b4340944c78d94c02a35527db46 > (which is the upstream commit id referenced by your commit message). Thanks, this came into Linus's tree twice, I missed that. I've now dropped this from the 3.10-stable queue. greg k-h -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html