Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth (9ca69b70) · Commits · e / devices / android_kernel_oneplus_sm8150

Johan Hedberg says: ==================== pull request: bluetooth 2016-02-20 Here's an important patch for 4.5 which fixes potential invalid pointer access when processing completed Bluetooth HCI commands. Please let me know if there are any issues pulling. Thanks. ==================== Signed-off-by:

David S. Miller <davem@davemloft.net>

net/bluetooth/hci_core.c

+4 −2

Original line number	Original line	Diff line number	Diff line
	@@ -4112,8 +4112,10 @@ void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status,
	break;		break;
	}		}

	*req_complete = bt_cb(skb)->hci.req_complete;		if (bt_cb(skb)->hci.req_flags & HCI_REQ_SKB)
	*req_complete_skb = bt_cb(skb)->hci.req_complete_skb;		*req_complete_skb = bt_cb(skb)->hci.req_complete_skb;
			else
			*req_complete = bt_cb(skb)->hci.req_complete;
	kfree_skb(skb);		kfree_skb(skb);
	}		}
	spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);		spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);