April 2025 - Linux-stable-mirror

[PATCH] nilfs2: Add pointer check for nilfs_direct_propagate()

by Wentao Liang

In nilfs_direct_propagate(), the printer get from nilfs_direct_get_ptr() need to be checked to ensure it is not an invalid pointer. A proper implementation can be found in nilfs_direct_delete(). Add a value check and return -ENOENT when it is an invalid pointer. Fixes: 10ff885ba6f5 ("nilfs2: get rid of nilfs_direct uses") Cc: stable(a)vger.kernel.org # v2.6+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- fs/nilfs2/direct.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/nilfs2/direct.c b/fs/nilfs2/direct.c index 893ab36824cc..ff1c9fe72bec 100644 --- a/fs/nilfs2/direct.c +++ b/fs/nilfs2/direct.c @@ -273,6 +273,9 @@ static int nilfs_direct_propagate(struct nilfs_bmap *bmap, dat = nilfs_bmap_get_dat(bmap); key = nilfs_bmap_data_get_key(bmap, bh); ptr = nilfs_direct_get_ptr(bmap, key); + if (ptr == NILFS_BMAP_INVALID_PTR) + return -ENOENT; + if (!buffer_nilfs_volatile(bh)) { oldreq.pr_entry_nr = ptr; newreq.pr_entry_nr = ptr; -- 2.42.0.windows.2

1 hour, 8 minutes

2
1
0 0

[PATCH] sctp: check transport existence before processing a send primitive

by Ricardo Cañuelo Navarro

sctp_sendmsg() re-uses associations and transports when possible by doing a lookup based on the socket endpoint and the message destination address, and then sctp_sendmsg_to_asoc() sets the selected transport in all the message chunks to be sent. There's a possible race condition if another thread triggers the removal of that selected transport, for instance, by explicitly unbinding an address with setsockopt(SCTP_SOCKOPT_BINDX_REM), after the chunks have been set up and before the message is sent. This causes the access to the transport data in sctp_outq_select_transport(), when the association outqueue is flushed, to do a use-after-free read. This patch addresses this scenario by checking if the transport still exists right after the chunks to be sent are set up to use it and before proceeding to sending them. If the transport was freed since it was found, the send is aborted. The reason to add the check here is that once the transport is assigned to the chunks, deleting that transport is safe, since it will also set chunk->transport to NULL in the affected chunks. This scenario is correctly handled already, see Fixes below. The bug was found by a private syzbot instance (see the error report [1] and the C reproducer that triggers it [2]). Link: https://people.igalia.com/rcn/kernel_logs/20250402__KASAN_slab-use-after-fr… [1] Link: https://people.igalia.com/rcn/kernel_logs/20250402__KASAN_slab-use-after-fr… [2] Cc: stable(a)vger.kernel.org Fixes: df132eff4638 ("sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer") Signed-off-by: Ricardo Cañuelo Navarro <rcn(a)igalia.com> --- net/sctp/socket.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/net/sctp/socket.c b/net/sctp/socket.c index 36ee34f483d703ffcfe5ca9e6cc554fba24c75ef..9c5ff44fa73cae6a6a04790800cc33dfa08a8da9 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -1787,17 +1787,24 @@ static int sctp_sendmsg_check_sflags(struct sctp_association *asoc, return 1; } +static union sctp_addr *sctp_sendmsg_get_daddr(struct sock *sk, + const struct msghdr *msg, + struct sctp_cmsgs *cmsgs); + static int sctp_sendmsg_to_asoc(struct sctp_association *asoc, struct msghdr *msg, size_t msg_len, struct sctp_transport *transport, struct sctp_sndrcvinfo *sinfo) { + struct sctp_transport *aux_transport = NULL; struct sock *sk = asoc->base.sk; + struct sctp_endpoint *ep = sctp_sk(sk)->ep; struct sctp_sock *sp = sctp_sk(sk); struct net *net = sock_net(sk); struct sctp_datamsg *datamsg; bool wait_connect = false; struct sctp_chunk *chunk; + union sctp_addr *daddr; long timeo; int err; @@ -1869,6 +1876,15 @@ static int sctp_sendmsg_to_asoc(struct sctp_association *asoc, sctp_set_owner_w(chunk); chunk->transport = transport; } + /* Fail if transport was deleted after lookup in sctp_sendmsg() */ + daddr = sctp_sendmsg_get_daddr(sk, msg, NULL); + if (daddr) { + sctp_endpoint_lookup_assoc(ep, daddr, &aux_transport); + if (!aux_transport || aux_transport != transport) { + sctp_datamsg_free(datamsg); + goto err; + } + } err = sctp_primitive_SEND(net, asoc, datamsg); if (err) { --- base-commit: 38fec10eb60d687e30c8c6b5420d86e8149f7557 change-id: 20250402-kasan_slab-use-after-free_read_in_sctp_outq_select_transport-46c9c30bcb7d

2 hours, 13 minutes

1
0
0 0

[PATCH net] gve: handle overflow when reporting TX consumed descriptors

by Harshitha Ramamurthy

From: Joshua Washington <joshwash(a)google.com> When the tx tail is less than the head (in cases of wraparound), the TX consumed descriptor statistic in DQ will be reported as UINT32_MAX - head + tail, which is incorrect. Mask the difference of head and tail according to the ring size when reporting the statistic. Cc: stable(a)vger.kernel.org Fixes: 2c9198356d56 ("gve: Add consumed counts to ethtool stats") Signed-off-by: Joshua Washington <joshwash(a)google.com> Signed-off-by: Harshitha Ramamurthy <hramamurthy(a)google.com> --- drivers/net/ethernet/google/gve/gve_ethtool.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/google/gve/gve_ethtool.c b/drivers/net/ethernet/google/gve/gve_ethtool.c index 31a21ccf4863..4dea1fdce748 100644 --- a/drivers/net/ethernet/google/gve/gve_ethtool.c +++ b/drivers/net/ethernet/google/gve/gve_ethtool.c @@ -392,7 +392,9 @@ gve_get_ethtool_stats(struct net_device *netdev, */ data[i++] = 0; data[i++] = 0; - data[i++] = tx->dqo_tx.tail - tx->dqo_tx.head; + data[i++] = + (tx->dqo_tx.tail - tx->dqo_tx.head) & + tx->mask; } do { start = -- 2.49.0.472.ge94155a9ec-goog

2 hours, 19 minutes

3
2
0 0

[PATCH 5.10.y] smb: client: fix use-after-free bug in cifs_debug_data_proc_show()

by Xiangyu Chen

From: Paulo Alcantara <pc(a)manguebit.com> commit d328c09ee9f15ee5a26431f5aad7c9239fa85e62 upstream. Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @ses. This fixes the following GPF when reading from /proc/fs/cifs/DebugData while mounting and umounting [ 816.251274] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI ... [ 816.260138] Call Trace: [ 816.260329] <TASK> [ 816.260499] ? die_addr+0x36/0x90 [ 816.260762] ? exc_general_protection+0x1b3/0x410 [ 816.261126] ? asm_exc_general_protection+0x26/0x30 [ 816.261502] ? cifs_debug_tcon+0xbd/0x240 [cifs] [ 816.261878] ? cifs_debug_tcon+0xab/0x240 [cifs] [ 816.262249] cifs_debug_data_proc_show+0x516/0xdb0 [cifs] [ 816.262689] ? seq_read_iter+0x379/0x470 [ 816.262995] seq_read_iter+0x118/0x470 [ 816.263291] proc_reg_read_iter+0x53/0x90 [ 816.263596] ? srso_alias_return_thunk+0x5/0x7f [ 816.263945] vfs_read+0x201/0x350 [ 816.264211] ksys_read+0x75/0x100 [ 816.264472] do_syscall_64+0x3f/0x90 [ 816.264750] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 816.265135] RIP: 0033:0x7fd5e669d381 Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (SUSE) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> [ This patch removed lock/unlock operation due to ses_lock is not present in v5.10 and not ported yet. ses->status is protected by a global lock, cifs_tcp_ses_lock, in v5.10. ] Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test. --- fs/cifs/cifs_debug.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c index 53588d7517b4..5ec4788341c2 100644 --- a/fs/cifs/cifs_debug.c +++ b/fs/cifs/cifs_debug.c @@ -356,6 +356,8 @@ static int cifs_debug_data_proc_show(struct seq_file *m, void *v) list_for_each(tmp2, &server->smb_ses_list) { ses = list_entry(tmp2, struct cifs_ses, smb_ses_list); + if (ses->status == CifsExiting) + continue; if ((ses->serverDomain == NULL) || (ses->serverOS == NULL) || (ses->serverNOS == NULL)) { -- 2.43.0

2 hours, 41 minutes

1
0
0 0

[PATCH 5.15.y] smb: client: fix use-after-free bug in cifs_debug_data_proc_show()

by Xiangyu Chen

From: Paulo Alcantara <pc(a)manguebit.com> commit d328c09ee9f15ee5a26431f5aad7c9239fa85e62 upstream. Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @ses. This fixes the following GPF when reading from /proc/fs/cifs/DebugData while mounting and umounting [ 816.251274] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI ... [ 816.260138] Call Trace: [ 816.260329] <TASK> [ 816.260499] ? die_addr+0x36/0x90 [ 816.260762] ? exc_general_protection+0x1b3/0x410 [ 816.261126] ? asm_exc_general_protection+0x26/0x30 [ 816.261502] ? cifs_debug_tcon+0xbd/0x240 [cifs] [ 816.261878] ? cifs_debug_tcon+0xab/0x240 [cifs] [ 816.262249] cifs_debug_data_proc_show+0x516/0xdb0 [cifs] [ 816.262689] ? seq_read_iter+0x379/0x470 [ 816.262995] seq_read_iter+0x118/0x470 [ 816.263291] proc_reg_read_iter+0x53/0x90 [ 816.263596] ? srso_alias_return_thunk+0x5/0x7f [ 816.263945] vfs_read+0x201/0x350 [ 816.264211] ksys_read+0x75/0x100 [ 816.264472] do_syscall_64+0x3f/0x90 [ 816.264750] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 816.265135] RIP: 0033:0x7fd5e669d381 Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (SUSE) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> [ This patch removed lock/unlock operation due to ses_lock is not present in v5.15 and not ported yet. ses->status is protected by a global lock, cifs_tcp_ses_lock, in v5.15. ] Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified build test. --- fs/cifs/cifs_debug.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c index e7501533c2ec..c90f51c12fb0 100644 --- a/fs/cifs/cifs_debug.c +++ b/fs/cifs/cifs_debug.c @@ -380,6 +380,8 @@ static int cifs_debug_data_proc_show(struct seq_file *m, void *v) list_for_each(tmp2, &server->smb_ses_list) { ses = list_entry(tmp2, struct cifs_ses, smb_ses_list); + if (ses->status == CifsExiting) + continue; i++; if ((ses->serverDomain == NULL) || (ses->serverOS == NULL) || -- 2.43.0

2 hours, 41 minutes

1
0
0 0

[PATCH] irqchip/loongson-liointc: Support to set IRQ_TYPE_EDGE_BOTH

by Huacai Chen

Some peripheral subsystems request IRQ_TYPE_EDGE_BOTH interrupt type and report request failures on LIOINTC. To avoid such failures we support to set IRQ_TYPE_EDGE_BOTH type on LIOINTC, by setting LIOINTC_REG_INTC_EDGE to true and keep LIOINTC_REG_INTC_POL as is. Cc: stable(a)vger.kernel.org Signed-off-by: Yinbo Zhu <zhuyinbo(a)loongson.cn> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- drivers/irqchip/irq-loongson-liointc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/irqchip/irq-loongson-liointc.c b/drivers/irqchip/irq-loongson-liointc.c index 2b1bd4a96665..c0c8ef8d27cf 100644 --- a/drivers/irqchip/irq-loongson-liointc.c +++ b/drivers/irqchip/irq-loongson-liointc.c @@ -128,6 +128,10 @@ static int liointc_set_type(struct irq_data *data, unsigned int type) liointc_set_bit(gc, LIOINTC_REG_INTC_EDGE, mask, false); liointc_set_bit(gc, LIOINTC_REG_INTC_POL, mask, true); break; + case IRQ_TYPE_EDGE_BOTH: + liointc_set_bit(gc, LIOINTC_REG_INTC_EDGE, mask, true); + /* Requester need "both", keep LIOINTC_REG_INTC_POL as is */ + break; case IRQ_TYPE_EDGE_RISING: liointc_set_bit(gc, LIOINTC_REG_INTC_EDGE, mask, true); liointc_set_bit(gc, LIOINTC_REG_INTC_POL, mask, false); -- 2.47.1

3 hours, 14 minutes

1
0
0 0

[PATCH] rtlwifi: rtl892cu: Set limit for pwdb_all

by Wentao Liang

In _rtl92c_query_rxphystatus(), the return rtl_query_rxpwrpercentage() need to be checked. A proper implementation can be found in _rtl8723be_query_rxphystatus(). Add a value check and set the limit of pwdb_add as 100. Fixes: 666e8457fae4 ("rtlwifi: rtl8192cu: Add routine mac") Cc: stable(a)vger.kernel.org # v2.6+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/net/wireless/realtek/rtlwifi/rtl8192cu/mac.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/mac.c b/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/mac.c index a76f2dc8a977..e2145f284ec0 100644 --- a/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/mac.c +++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/mac.c @@ -641,6 +641,9 @@ static void _rtl92c_query_rxphystatus(struct ieee80211_hw *hw, } } pwdb_all = rtl_query_rxpwrpercentage(rx_pwr_all); + if (pwdb_all > 100) + pwdb_all = 100; + pstats->rx_pwdb_all = pwdb_all; pstats->recvsignalpower = rx_pwr_all; if (packet_match_bssid) { -- 2.42.0.windows.2

3 hours, 36 minutes

2
1
0 0

[PATCH v4 1/1] usbnet:fix NPE during rx_complete

by Ying Lu

From: Ying Lu <luying1(a)xiaomi.com> Missing usbnet_going_away Check in Critical Path. The usb_submit_urb function lacks a usbnet_going_away validation, whereas __usbnet_queue_skb includes this check. This inconsistency creates a race condition where: A URB request may succeed, but the corresponding SKB data fails to be queued. Subsequent processes: (e.g., rx_complete → defer_bh → __skb_unlink(skb, list)) attempt to access skb->next, triggering a NULL pointer dereference (Kernel Panic). Fixes: 04e906839a05 ("usbnet: fix cyclical race on disconnect with work queue") Cc: stable(a)vger.kernel.org Signed-off-by: Ying Lu <luying1(a)xiaomi.com> --- drivers/net/usb/usbnet.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c index 44179f4e807f..5161bb5d824b 100644 --- a/drivers/net/usb/usbnet.c +++ b/drivers/net/usb/usbnet.c @@ -519,7 +519,8 @@ static int rx_submit (struct usbnet *dev, struct urb *urb, gfp_t flags) netif_device_present (dev->net) && test_bit(EVENT_DEV_OPEN, &dev->flags) && !test_bit (EVENT_RX_HALT, &dev->flags) && - !test_bit (EVENT_DEV_ASLEEP, &dev->flags)) { + !test_bit (EVENT_DEV_ASLEEP, &dev->flags) && + !usbnet_going_away(dev)) { switch (retval = usb_submit_urb (urb, GFP_ATOMIC)) { case -EPIPE: usbnet_defer_kevent (dev, EVENT_RX_HALT); @@ -540,8 +541,7 @@ static int rx_submit (struct usbnet *dev, struct urb *urb, gfp_t flags) tasklet_schedule (&dev->bh); break; case 0: - if (!usbnet_going_away(dev)) - __usbnet_queue_skb(&dev->rxq, skb, rx_start); + __usbnet_queue_skb(&dev->rxq, skb, rx_start); } } else { netif_dbg(dev, ifdown, dev->net, "rx: stopped\n"); -- 2.49.0

3 hours, 40 minutes

1
0
0 0

[PATCH 6.6.y 0/6] Backported patches to fix selftest tpdir2

by Kang Wenlin

From: Wenlin Kang <wenlin.kang(a)windriver.com> The selftest tpdir2 terminated with a 'Segmentation fault' during loading. root@localhost:~# cd linux-kenel/tools/testing/selftests/arm64/abi && make root@localhost:~/linux-kernel/tools/testing/selftests/arm64/abi# ./tpidr2 Segmentation fault The cause of this is the __arch_clear_user() failure. load_elf_binary() [fs/binfmt_elf.c] -> if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bes))) -> padzero() -> clear_user() [arch/arm64/include/asm/uaccess.h] -> __arch_clear_user() [arch/arm64/lib/clear_user.S] For more details, please see: https://lore.kernel.org/lkml/1d0342f3-0474-482b-b6db-81ca7820a462@t-8ch.de/… This issue has been fixed in the mainline. Here I have backported the relevant commits for the linux-6.6.y branch and attached them. With these patches, tpdir2 works as: root@localhost:~/linux-kernel/tools/testing/selftests/arm64/abi# ./tpidr2 TAP version 13 1..5 ok 0 skipped, TPIDR2 not supported ok 1 skipped, TPIDR2 not supported ok 2 skipped, TPIDR2 not supported ok 3 skipped, TPIDR2 not supported ok 4 skipped, TPIDR2 not supported This issue is resolved by the first patch. However, to ensure functional completeness, all related patches were backported according to the following link. https://lore.kernel.org/all/20230929031716.it.155-kees@kernel.org/#t Eric W. Biederman (1): binfmt_elf: Support segments with 0 filesz and misaligned starts Kees Cook (5): binfmt_elf: elf_bss no longer used by load_elf_binary() binfmt_elf: Use elf_load() for interpreter binfmt_elf: Use elf_load() for library binfmt_elf: Only report padzero() errors when PROT_WRITE mm: Remove unused vm_brk() fs/binfmt_elf.c | 215 ++++++++++++++++----------------------------- include/linux/mm.h | 3 +- mm/mmap.c | 6 -- mm/nommu.c | 5 -- 4 files changed, 76 insertions(+), 153 deletions(-) -- 2.43.0

4 hours, 12 minutes

1
6
0 0

[PATCH] Bluetooth: Revert vendor-specific ISO classification for

by Sean Rhodes

From ccabbdd36dacc3e03ed819b4b050ebcc1978e311 Mon Sep 17 00:00:00 2001 From: Sean Rhodes <sean(a)starlabs.systems> Date: Wed, 2 Apr 2025 09:05:17 +0100 Subject: [PATCH] Bluetooth: Revert vendor-specific ISO classification for non-offload cards This reverts commit f25b7fd36cc3a850e006aed686f5bbecd200de1b. The commit introduces vendor-specific classification of ISO data, but breaks Bluetooth functionality on certain Intel cards that do not support audio offload, such as the 9462. Affected devices are unable to discover new Bluetooth peripherals, and previously paired devices fail to reconnect. This issue does not affect newer cards (e.g., AX201+) that support audio offload. A conditional check using AOLD() could be used in the future to reintroduce this behavior only on supported hardware. Cc: Ying Hsu <yinghsu(a)chromium.org> Cc: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Sean Rhodes <sean(a)starlabs.systems> --- drivers/bluetooth/btintel.c | 7 ++----- include/net/bluetooth/hci_core.h | 1 - net/bluetooth/hci_core.c | 16 ---------------- 3 files changed, 2 insertions(+), 22 deletions(-) diff --git a/drivers/bluetooth/btintel.c b/drivers/bluetooth/btintel.c index 48e2f400957b..2114fe8d527e 100644 --- a/drivers/bluetooth/btintel.c +++ b/drivers/bluetooth/btintel.c @@ -3588,15 +3588,12 @@ static int btintel_setup_combined(struct hci_dev *hdev) err = btintel_bootloader_setup(hdev, &ver); btintel_register_devcoredump_support(hdev); break; - case 0x18: /* GfP2 */ - case 0x1c: /* GaP */ - /* Re-classify packet type for controllers with LE audio */ - hdev->classify_pkt_type = btintel_classify_pkt_type; - fallthrough; case 0x17: + case 0x18: case 0x19: case 0x1b: case 0x1d: + case 0x1c: case 0x1e: case 0x1f: /* Display version information of TLV type */ diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h index 5115da34f881..d1a4436e4cc3 100644 --- a/include/net/bluetooth/hci_core.h +++ b/include/net/bluetooth/hci_core.h @@ -646,7 +646,6 @@ struct hci_dev { int (*get_codec_config_data)(struct hci_dev *hdev, __u8 type, struct bt_codec *codec, __u8 *vnd_len, __u8 **vnd_data); - u8 (*classify_pkt_type)(struct hci_dev *hdev, struct sk_buff *skb); }; #define HCI_PHY_HANDLE(handle) (handle & 0xff) diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index 5eb0600bbd03..5b7515703ad1 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c @@ -2868,31 +2868,15 @@ int hci_reset_dev(struct hci_dev *hdev) } EXPORT_SYMBOL(hci_reset_dev); -static u8 hci_dev_classify_pkt_type(struct hci_dev *hdev, struct sk_buff *skb) -{ - if (hdev->classify_pkt_type) - return hdev->classify_pkt_type(hdev, skb); - - return hci_skb_pkt_type(skb); -} - /* Receive frame from HCI drivers */ int hci_recv_frame(struct hci_dev *hdev, struct sk_buff *skb) { - u8 dev_pkt_type; - if (!hdev || (!test_bit(HCI_UP, &hdev->flags) && !test_bit(HCI_INIT, &hdev->flags))) { kfree_skb(skb); return -ENXIO; } - /* Check if the driver agree with packet type classification */ - dev_pkt_type = hci_dev_classify_pkt_type(hdev, skb); - if (hci_skb_pkt_type(skb) != dev_pkt_type) { - hci_skb_pkt_type(skb) = dev_pkt_type; - } - switch (hci_skb_pkt_type(skb)) { case HCI_EVENT_PKT: break; -- 2.45.2

4 hours, 16 minutes

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror April 2025