Hi all, Today's linux-next merge of the bluetooth tree got a conflict in: drivers/bluetooth/btmtk.c between commit: 634a4408c0615 ("Bluetooth: btmtk: validate WMT event SKB length before struct access") from the origin tree and commits: 041e88fb0c086 ("Bluetooth: btmtk: validate WMT event SKB length before struct access") 162b1adeb057d ("Bluetooth: btmtk: accept too short WMT FUNC_CTRL events") from the bluetooth tree. I fixed it up (see below) and can carry the fix as necessary. This is now fixed as far as linux-next is concerned, but any non trivial conflicts should be mentioned to your upstream maintainer when your tree is submitted for merging. You may also want to consider cooperating with the maintainer of the conflicting tree to minimise any particularly complex conflicts. diff --combined drivers/bluetooth/btmtk.c index f70c1b0f89903,68a32d11e5ec9..0000000000000 --- a/drivers/bluetooth/btmtk.c +++ b/drivers/bluetooth/btmtk.c @@@ -719,8 -719,8 +719,8 @@@ static int btmtk_usb_hci_wmt_sync(struc case BTMTK_WMT_FUNC_CTRL: if (!skb_pull_data(data->evt_skb, sizeof(wmt_evt_funcc->status))) { - err = -EINVAL; - goto err_free_skb; + status = BTMTK_WMT_ON_UNDONE; + break; } wmt_evt_funcc = (struct btmtk_hci_wmt_evt_funcc *)wmt_evt; @@@ -1545,6 -1545,29 +1545,29 @@@ int btmtk_usb_shutdown(struct hci_dev * return 0; } EXPORT_SYMBOL_GPL(btmtk_usb_shutdown); + + int btmtk_recv_event(struct hci_dev *hdev, struct sk_buff *skb) + { + struct hci_event_hdr *hdr = (void *)skb->data; + struct hci_ev_cmd_complete *ec; + + if (hdr->evt == HCI_EV_CMD_COMPLETE && + skb->len >= HCI_EVENT_HDR_SIZE + sizeof(*ec)) { + u16 opcode; + + ec = (void *)(skb->data + HCI_EVENT_HDR_SIZE); + opcode = __le16_to_cpu(ec->opcode); + + /* Filter vendor opcode */ + if (opcode == 0xfc5d) { + kfree_skb(skb); + return 0; + } + } + + return hci_recv_frame(hdev, skb); + } + EXPORT_SYMBOL_GPL(btmtk_recv_event); #endif MODULE_AUTHOR("Sean Wang ");