From c826e298a2d33436200b48ff4bb92d26415e2c4c Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 12 Dec 2024 14:47:00 +0100
Subject: [PATCH] 5.15-stable patches

added patches:
	bluetooth-hci_core-fix-calling-mgmt_device_connected.patch
---
 ...re-fix-calling-mgmt_device_connected.patch | 34 +++++++++++++++++++
 queue-5.15/series                             |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 queue-5.15/bluetooth-hci_core-fix-calling-mgmt_device_connected.patch

diff --git a/queue-5.15/bluetooth-hci_core-fix-calling-mgmt_device_connected.patch b/queue-5.15/bluetooth-hci_core-fix-calling-mgmt_device_connected.patch
new file mode 100644
index 00000000000..7d9d6defe54
--- /dev/null
+++ b/queue-5.15/bluetooth-hci_core-fix-calling-mgmt_device_connected.patch
@@ -0,0 +1,34 @@
+From 7967dc8f797f454d4f4acec15c7df0cdf4801617 Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Fri, 8 Nov 2024 11:19:54 -0500
+Subject: Bluetooth: hci_core: Fix calling mgmt_device_connected
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+commit 7967dc8f797f454d4f4acec15c7df0cdf4801617 upstream.
+
+Since 61a939c68ee0 ("Bluetooth: Queue incoming ACL data until
+BT_CONNECTED state is reached") there is no long the need to call
+mgmt_device_connected as ACL data will be queued until BT_CONNECTED
+state.
+
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=219458
+Link: https://github.com/bluez/bluez/issues/1014
+Fixes: 333b4fd11e89 ("Bluetooth: L2CAP: Fix uaf in l2cap_connect")
+Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/bluetooth/hci_core.c |    2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/net/bluetooth/hci_core.c
++++ b/net/bluetooth/hci_core.c
+@@ -4964,8 +4964,6 @@ static void hci_acldata_packet(struct hc
+ 
+ 	hci_dev_lock(hdev);
+ 	conn = hci_conn_hash_lookup_handle(hdev, handle);
+-	if (conn && hci_dev_test_flag(hdev, HCI_MGMT))
+-		mgmt_device_connected(hdev, conn, NULL, 0);
+ 	hci_dev_unlock(hdev);
+ 
+ 	if (conn) {
diff --git a/queue-5.15/series b/queue-5.15/series
index 290ef1e5218..7aa2ab64cbc 100644
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -563,3 +563,4 @@ drm-amdgpu-rework-resume-handling-for-display-v2.patch
 serial-amba-pl011-fix-build-regression.patch
 media-venus-vdec-fixed-possible-memory-leak-issue.patch
 net-smc-fix-af_ops-of-child-socket-pointing-to-released-memory.patch
+bluetooth-hci_core-fix-calling-mgmt_device_connected.patch
-- 
2.47.3