Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit f7556b61 authored by derfelot's avatar derfelot
Browse files

Revert "Bluetooth: fix kernel oops in store_pending_adv_report" 

This is now included in the 4.4.240 release.

This reverts commit d01cb2da.
parent 24c10980

net/bluetooth/hci_event.c

+6 −17
Original line number Diff line number Diff line
@@ -1133,9 +1133,6 @@ static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr, 
{

	struct discovery_state *d = &hdev->discovery;



	if (len > HCI_MAX_AD_LENGTH)

		return;



	bacpy(&d->last_adv_addr, bdaddr);

	d->last_adv_addr_type = bdaddr_type;

	d->last_adv_rssi = rssi;
@@ -4746,8 +4743,7 @@ static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev, 


static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,

			       u8 bdaddr_type, bdaddr_t *direct_addr,

			       u8 direct_addr_type, s8 rssi, u8 *data, u8 len,

			       bool ext_adv)

			       u8 direct_addr_type, s8 rssi, u8 *data, u8 len)

{

	struct discovery_state *d = &hdev->discovery;

	struct smp_irk *irk;
@@ -4756,11 +4752,6 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr, 
	u32 flags;

	u8 *ptr, real_len;



	if (!ext_adv && len > HCI_MAX_AD_LENGTH) {

		bt_dev_err_ratelimited(hdev, "legacy adv larger than 31 bytes");

		return;

	}



	/* Find the end of the data in case the report contains padded zero

	 * bytes at the end causing an invalid length value.

	 *
@@ -4821,7 +4812,7 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr, 
	 */

	conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type,

								direct_addr);

	if (!ext_adv && conn && type == LE_ADV_IND && len <= HCI_MAX_AD_LENGTH) {

	if (conn && type == LE_ADV_IND) {

		/* Store report for later inclusion by

		 * mgmt_device_connected

		 */
@@ -4875,7 +4866,7 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr, 
	 * event or send an immediate device found event if the data

	 * should not be stored for later.

	 */

	if (!ext_adv &&	!has_pending_adv_report(hdev)) {

	if (!has_pending_adv_report(hdev)) {

		/* If the report will trigger a SCAN_REQ store it for

		 * later merging.

		 */
@@ -4910,8 +4901,7 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr, 
		/* If the new report will trigger a SCAN_REQ store it for

		 * later merging.

		 */

		if (!ext_adv && (type == LE_ADV_IND ||

				 type == LE_ADV_SCAN_IND)) {

		if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {

			store_pending_adv_report(hdev, bdaddr, bdaddr_type,

						 rssi, flags, data, len);

			return;
@@ -4950,7 +4940,7 @@ static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb) 
		rssi = ev->data[ev->length];

		process_adv_report(hdev, ev->evt_type, &ev->bdaddr,

				   ev->bdaddr_type, NULL, 0, rssi,

				   ev->data, ev->length, false);

				   ev->data, ev->length);



		ptr += sizeof(*ev) + ev->length + 1;

	}
@@ -5147,8 +5137,7 @@ static void hci_le_direct_adv_report_evt(struct hci_dev *hdev, 


		process_adv_report(hdev, ev->evt_type, &ev->bdaddr,

				   ev->bdaddr_type, &ev->direct_addr,

				   ev->direct_addr_type, ev->rssi, NULL, 0,

				   false);

				   ev->direct_addr_type, ev->rssi, NULL, 0);



		ptr += sizeof(*ev);

	}