This is a note to let you know that I've just added the patch titled
Bluetooth: Fix having bogus entries in mgmt_read_index_list reply
to the 3.6-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
bluetooth-fix-having-bogus-entries-in-mgmt_read_index_list-reply.patch
and it can be found in the queue-3.6 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From 476e44cb19f1fbf2d5883dddcc0ce31b33b45915 Mon Sep 17 00:00:00 2001
From: Johan Hedberg <[email protected]>
Date: Fri, 19 Oct 2012 20:10:46 +0300
Subject: Bluetooth: Fix having bogus entries in mgmt_read_index_list reply
From: Johan Hedberg <[email protected]>
commit 476e44cb19f1fbf2d5883dddcc0ce31b33b45915 upstream.
The mgmt_read_index_list uses one loop to calculate the max needed size
of its response with the help of an upper-bound of the controller count.
The second loop is more strict as it checks for HCI_SETUP (which might
have gotten set after the first loop) and could result in some indexes
being skipped. Because of this the function needs to readjust the event
length and index count after filling in the response array.
Signed-off-by: Johan Hedberg <[email protected]>
Acked-by: Marcel Holtmann <[email protected]>
Signed-off-by: Gustavo Padovan <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/bluetooth/mgmt.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -321,7 +321,7 @@ static int read_index_list(struct sock *
struct hci_dev *d;
size_t rp_len;
u16 count;
- int i, err;
+ int err;
BT_DBG("sock %p", sk);
@@ -339,17 +339,18 @@ static int read_index_list(struct sock *
return -ENOMEM;
}
- rp->num_controllers = cpu_to_le16(count);
-
- i = 0;
+ count = 0;
list_for_each_entry(d, &hci_dev_list, list) {
if (test_bit(HCI_SETUP, &d->dev_flags))
continue;
- rp->index[i++] = cpu_to_le16(d->id);
+ rp->index[count++] = cpu_to_le16(d->id);
BT_DBG("Added hci%u", d->id);
}
+ rp->num_controllers = cpu_to_le16(count);
+ rp_len = sizeof(*rp) + (2 * count);
+
read_unlock(&hci_dev_list_lock);
err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
Patches currently in stable-queue which might be from [email protected]
are
queue-3.6/bluetooth-fix-having-bogus-entries-in-mgmt_read_index_list-reply.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
