This is a note to let you know that I've just added the patch titled
Bluetooth: Fix HCI H5 corrupted ack value
to the 3.16-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
bluetooth-fix-hci-h5-corrupted-ack-value.patch
and it can be found in the queue-3.16 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 4807b51895dce8aa650ebebc51fa4a795ed6b8b8 Mon Sep 17 00:00:00 2001
From: Loic Poulain <loic.poulain@xxxxxxxxx>
Date: Fri, 8 Aug 2014 19:07:16 +0200
Subject: Bluetooth: Fix HCI H5 corrupted ack value
From: Loic Poulain <loic.poulain@xxxxxxxxx>
commit 4807b51895dce8aa650ebebc51fa4a795ed6b8b8 upstream.
In this expression: seq = (seq - 1) % 8
seq (u8) is implicitly converted to an int in the arithmetic operation.
So if seq value is 0, operation is ((0 - 1) % 8) => (-1 % 8) => -1.
The new seq value is 0xff which is an invalid ACK value, we expect 0x07.
It leads to frequent dropped ACK and retransmission.
Fix this by using '&' binary operator instead of '%'.
Signed-off-by: Loic Poulain <loic.poulain@xxxxxxxxx>
Signed-off-by: Marcel Holtmann <marcel@xxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/bluetooth/hci_h5.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/bluetooth/hci_h5.c
+++ b/drivers/bluetooth/hci_h5.c
@@ -237,7 +237,7 @@ static void h5_pkt_cull(struct h5 *h5)
break;
to_remove--;
- seq = (seq - 1) % 8;
+ seq = (seq - 1) & 0x07;
}
if (seq != h5->rx_ack)
Patches currently in stable-queue which might be from loic.poulain@xxxxxxxxx are
queue-3.16/bluetooth-fix-hci-h5-corrupted-ack-value.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html