system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-09-20 02:57:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/net
History
Alain Michaud a2ec905d1e Bluetooth: fix kernel oops in store_pending_adv_report 
Fix kernel oops observed when an ext adv data is larger than 31 bytes.

This can be reproduced by setting up an advertiser with advertisement
larger than 31 bytes.  The issue is not sensitive to the advertisement
content.  In particular, this was reproduced with an advertisement of
229 bytes filled with 'A'.  See stack trace below.

This is fixed by not catching ext_adv as legacy adv are only cached to
be able to concatenate a scanable adv with its scan response before
sending it up through mgmt.

With ext_adv, this is no longer necessary.

  general protection fault: 0000 [#1] SMP PTI
  CPU: 6 PID: 205 Comm: kworker/u17:0 Not tainted 5.4.0-37-generic #41-Ubuntu
  Hardware name: Dell Inc. XPS 15 7590/0CF6RR, BIOS 1.7.0 05/11/2020
  Workqueue: hci0 hci_rx_work [bluetooth]
  RIP: 0010:hci_bdaddr_list_lookup+0x1e/0x40 [bluetooth]
  Code: ff ff e9 26 ff ff ff 0f 1f 44 00 00 0f 1f 44 00 00 55 48 8b 07 48 89 e5 48 39 c7 75 0a eb 24 48 8b 00 48 39 f8 74 1c 44 8b 06 <44> 39 40 10 75 ef 44 0f b7 4e 04 66 44 39 48 14 75 e3 38 50 16 75
  RSP: 0018:ffffbc6a40493c70 EFLAGS: 00010286
  RAX: 4141414141414141 RBX: 000000000000001b RCX: 0000000000000000
  RDX: 0000000000000000 RSI: ffff9903e76c100f RDI: ffff9904289d4b28
  RBP: ffffbc6a40493c70 R08: 0000000093570362 R09: 0000000000000000
  R10: 0000000000000000 R11: ffff9904344eae38 R12: ffff9904289d4000
  R13: 0000000000000000 R14: 00000000ffffffa3 R15: ffff9903e76c100f
  FS: 0000000000000000(0000) GS:ffff990434580000(0000) knlGS:0000000000000000
  CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 00007feed125a000 CR3: 00000001b860a003 CR4: 00000000003606e0
  Call Trace:
    process_adv_report+0x12e/0x560 [bluetooth]
    hci_le_meta_evt+0x7b2/0xba0 [bluetooth]
    hci_event_packet+0x1c29/0x2a90 [bluetooth]
    hci_rx_work+0x19b/0x360 [bluetooth]
    process_one_work+0x1eb/0x3b0
    worker_thread+0x4d/0x400
    kthread+0x104/0x140

Fixes: c215e9397b ("Bluetooth: Process extended ADV report event")
Reported-by: Andy Nguyen <theflow@google.com>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: Balakrishna Godavarthi <bgodavar@codeaurora.org>
Signed-off-by: Alain Michaud <alainm@chromium.org>
Tested-by: Sonny Sasaka <sonnysasaka@chromium.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-07-30 13:54:04 -07:00
..
6lowpan treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
9p 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work 2020-07-19 14:58:47 +02:00
802
8021q net: get rid of lockdep_set_class_and_subclass() 2020-06-28 21:37:23 -07:00
appletalk
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-06-13 16:27:13 -07:00
ax25 AX.25: Prevent integer overflows in connect and sendmsg 2020-07-23 12:09:57 -07:00
batman-adv net: change addr_list_lock back to static key 2020-06-09 12:59:45 -07:00
bluetooth Bluetooth: fix kernel oops in store_pending_adv_report 2020-07-30 13:54:04 -07:00
bpf bpf: Add tests for PTR_TO_BTF_ID vs. null comparison 2020-06-30 22:21:29 +02:00
bpfilter bpfilter: switch to kernel_write 2020-07-08 08:27:56 +02:00
bridge bridge: mcast: Fix MLD2 Report IPv6 payload length check 2020-07-07 15:37:57 -07:00
caif treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
can treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
ceph libceph: don't omit used_replica in target_copy() 2020-06-16 16:02:08 +02:00
core dev: Defer free of skbs in flush_backlog 2020-07-24 19:59:22 -07:00
dcb treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
dccp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-06-13 16:27:13 -07:00
decnet treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
dns_resolver
dsa dsa: Allow forwarding of redirected IGMP traffic 2020-06-24 14:39:43 -07:00
ethernet net: move devres helpers into a separate source file 2020-05-23 16:56:17 -07:00
ethtool ethtool: fix genlmsg_put() failure handling in ethnl_default_dumpit() 2020-07-09 12:35:33 -07:00
hsr net: hsr: check for return value of skb_put_padto() 2020-07-20 18:02:28 -07:00
ieee802154 treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
ife
ipv4 tcp: allow at most one TLP probe per flight 2020-07-23 12:23:32 -07:00
ipv6 net: udp: Fix wrong clean up for IS_UDPLITE macro 2020-07-21 15:41:49 -07:00
iucv
kcm treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
key
l2tp l2tp: remove skb_dst_set() from l2tp_xmit_skb() 2020-07-08 15:24:33 -07:00
l3mdev treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
lapb treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
llc llc: make sure applications use ARPHRD_ETHER 2020-06-28 21:41:23 -07:00
mac80211 mac80211: allow rx of mesh eapol frames with default rx key 2020-06-25 12:55:45 +02:00
mac802154 treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
mpls treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
mptcp mptcp: fix DSS map generation on fin retransmission 2020-07-07 15:27:37 -07:00
ncsi treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
netfilter ipvs: fix the connection sync failed in some cases 2020-07-22 01:21:34 +02:00
netlabel treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
netlink genetlink: remove genl_bind 2020-07-01 15:49:11 -07:00
netrom net: change addr_list_lock back to static key 2020-06-09 12:59:45 -07:00
nfc nfc: nci: add missed destroy_workqueue in nci_register_device 2020-07-17 13:08:08 -07:00
nsh treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
openvswitch openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len 2020-06-24 14:34:58 -07:00
packet treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
phonet
psample net: psample: fix build error when CONFIG_INET is not enabled 2020-05-23 16:36:05 -07:00
qrtr qrtr: orphan socket in qrtr_release() 2020-07-24 17:29:52 -07:00
rds rds: If one path needs re-connection, check all and re-connect 2020-07-01 17:35:17 -07:00
rfkill
rose net: change addr_list_lock back to static key 2020-06-09 12:59:45 -07:00
rxrpc rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA 2020-07-20 17:47:10 -07:00
sched flow_offload: Move rhashtable inclusion to the source file 2020-07-24 15:17:22 -07:00
sctp sctp: shrink stream outq when fails to do addstream reconf 2020-07-22 18:00:12 -07:00
smc net/smc: fix dmb buffer shortage 2020-07-20 17:52:25 -07:00
strparser
sunrpc xprtrdma: fix incorrect header size calculations 2020-07-15 13:01:01 -04:00
switchdev treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
tipc tipc: allow to build NACK message in link timeout function 2020-07-20 20:11:22 -07:00
tls treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
unix treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
vmw_vsock vsock/virtio: annotate 'the_virtio_vsock' RCU pointer 2020-07-15 17:47:15 -07:00
wimax
wireless nl80211: fix memory leak when parsing NL80211_ATTR_HE_BSS_COLOR 2020-06-26 11:52:57 +02:00
x25 treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
xdp xsk: Use dma_need_sync instead of reimplenting it 2020-06-30 15:44:03 +02:00
xfrm net: xfrmi: implement header_ops->parse_protocol for AF_PACKET 2020-06-30 12:29:39 -07:00
compat.c switch cmsghdr_from_user_compat_to_kern() to copy_from_user() 2020-06-01 12:05:45 -07:00
devres.c net: devres: provide devm_register_netdev() 2020-05-23 16:56:17 -07:00
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Makefile net: move devres helpers into a separate source file 2020-05-23 16:56:17 -07:00
socket.c net: remove kernel_setsockopt 2020-05-29 13:10:39 -07:00
sysctl_net.c