iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Howard Chung b1810febda Bluetooth: Fix crash in mgmt_add_adv_patterns_monitor_complete 
If hci_add_adv_monitor is a pending command(e.g. forward to
msft_add_monitor_pattern), it is possible that
mgmt_add_adv_patterns_monitor_complete gets called before
cmd->user_data gets set, which will cause a crash when we
try to get the moniter handle through cmd->user_data in
mgmt_add_adv_patterns_monitor_complete.

This moves the cmd->user_data assignment earlier than
hci_add_adv_monitor.

RIP: 0010:mgmt_add_adv_patterns_monitor_complete+0x82/0x187 [bluetooth]
Code: 1e bf 03 00 00 00 be 52 00 00 00 4c 89 ea e8 9e
e4 02 00 49 89 c6 48 85 c0 0f 84 06 01 00 00 48 89 5d b8 4c 89 fb 4d 8b
7e 30 <41> 0f b7 47 18 66 89 45 c0 45 84 e4 75 5a 4d 8b 56 28 48 8d 4d
c8
RSP: 0018:ffffae81807dbcb8 EFLAGS: 00010286
RAX: ffff91c4bdf723c0 RBX: 0000000000000000 RCX: ffff91c4e5da5b80
RDX: ffff91c405680000 RSI: 0000000000000052 RDI: ffff91c49d654c00
RBP: ffffae81807dbd00 R08: ffff91c49fb157e0 R09: ffff91c49fb157e0
R10: 000000000002a4f0 R11: ffffffffc0819cfd R12: 0000000000000000
R13: ffff91c405680000 R14: ffff91c4bdf723c0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff91c4ea300000(0000)
knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000018 CR3: 0000000133612002 CR4:
00000000003606e0
Call Trace:
 ? msft_le_monitor_advertisement_cb+0x111/0x141
[bluetooth]
 hci_event_packet+0x425e/0x631c [bluetooth]
 ? printk+0x59/0x73
 ? __switch_to_asm+0x41/0x70
 ?
msft_le_set_advertisement_filter_enable_cb+0xa6/0xa6 [bluetooth]
 ? bt_dbg+0xb4/0xbb [bluetooth]
 ? __switch_to_asm+0x41/0x70
 hci_rx_work+0x101/0x319 [bluetooth]
 process_one_work+0x257/0x506
 worker_thread+0x10d/0x284
 kthread+0x14c/0x154
 ? process_one_work+0x506/0x506
 ? kthread_blkcg+0x2c/0x2c
 ret_from_fork+0x1f/0x40

Reviewed-by: Miao-chen Chou <mcchou@chromium.org>
Reviewed-by: Manish Mandlik <mmandlik@chromium.org>
Reviewed-by: Archie Pusaka <apusaka@chromium.org>
Signed-off-by: Howard Chung <howardchung@google.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2021-02-03 14:32:46 +01:00
..
6lowpan
9p
net: 9p: Fix kerneldoc warnings of missing parameters etc
2020-11-02 12:25:52 -08:00
802
8021q
net: vlan: Fixed signedness in vlan_group_prealloc_vid()
2020-09-28 00:51:39 -07:00
appletalk
net: appletalk: fix kerneldoc warnings
2020-10-30 11:48:17 -07:00
atm
atm: nicstar: Replace in_interrupt() usage
2020-11-18 16:43:55 -08:00
ax25
batman-adv
batman-adv: Drop unused soft-interface.h include in fragmentation.c
2020-12-04 08:41:16 +01:00
bluetooth
Bluetooth: Fix crash in mgmt_add_adv_patterns_monitor_complete
2021-02-03 14:32:46 +01:00
bpf
bpf: fix raw_tp test run in preempt kernel
2020-09-30 08:34:08 -07:00
bpfilter
Revert "bpfilter: Fix build error with CONFIG_BPFILTER_UMH"
2020-10-15 12:33:24 -07:00
bridge
net: bridge: Fix a warning when del bridge sysfs
2020-12-14 18:27:49 -08:00
caif
caif: Remove duplicate macro SRVL_CTRL_PKT_SIZE
2020-09-05 15:57:05 -07:00
can
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-12-11 22:29:38 -08:00
ceph
libceph: clear con->out_msg on Policy::stateful_server faults
2020-10-12 15:29:27 +02:00
core
Networking updates for 5.11
2020-12-15 13:22:29 -08:00
dcb
net: dcb: Fix kerneldoc warnings
2020-10-30 11:59:54 -07:00
dccp
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-11-27 18:25:27 -08:00
decnet
treewide: rename nla_strlcpy to nla_strscpy.
2020-11-16 08:08:54 -08:00
dns_resolver
dsa
net: dsa: print the MTU value that could not be set
2020-12-08 11:24:07 -08:00
ethernet
net: datagram: fix some kernel-doc markups
2020-11-17 14:15:03 -08:00
ethtool
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-12-11 22:29:38 -08:00
hsr
genetlink: move to smaller ops wherever possible
2020-10-02 19:11:11 -07:00
ieee802154
treewide: rename nla_strlcpy to nla_strscpy.
2020-11-16 08:08:54 -08:00
ife
ipv4
Networking updates for 5.11
2020-12-15 13:22:29 -08:00
ipv6
Networking updates for 5.11
2020-12-15 13:22:29 -08:00
iucv
net/af_iucv: use DECLARE_SOCKADDR to cast from sockaddr
2020-12-08 15:56:53 -08:00
kcm
key
l2tp
genetlink: move to smaller ops wherever possible
2020-10-02 19:11:11 -07:00
l3mdev
net: l3mdev: Fix kerneldoc warning
2020-10-30 11:43:42 -07:00
lapb
net/lapb: fix t1 timer handling for LAPB_STATE_0
2020-11-27 17:22:51 -08:00
llc
net: llc: Fix kerneldoc warnings
2020-10-30 11:34:09 -07:00
mac80211
A new set of wireless changes:
2020-12-12 10:07:56 -08:00
mac802154
net: mac802154: convert tasklets to use new tasklet_setup() API
2020-11-07 10:40:56 -08:00
mpls
mpls: drop skb's dst in mpls_forward()
2020-11-03 12:55:53 -08:00
mptcp
Networking updates for 5.11
2020-12-15 13:22:29 -08:00
ncsi
net/ncsi: Fix netlink registration
2020-11-12 17:00:13 -08:00
netfilter
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2020-12-14 15:43:21 -08:00
netlabel
Merge https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-11-19 19:08:46 -08:00
netlink
netlink: export policy in extended ACK
2020-10-09 20:22:32 -07:00
netrom
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
nfc
net: sched: fix spelling mistake in Kconfig "trys" -> "tries"
2020-12-08 16:01:56 -08:00
nsh
openvswitch
net: openvswitch: fix TTL decrement exception action execution
2020-12-14 17:18:25 -08:00
packet
net: fix proc_fs init handling in af_packet and tls
2020-12-14 19:39:30 -08:00
phonet
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
psample
genetlink: move to smaller ops wherever possible
2020-10-02 19:11:11 -07:00
qrtr
wireless-drivers-next patches for v5.11
2020-12-04 10:56:37 -08:00
rds
RDMA: Add rdma_connect_locked()
2020-10-28 09:14:49 -03:00
rfkill
rfkill: add a reason to the HW rfkill state
2020-12-11 12:47:17 +01:00
rose
rose: Fix Null pointer dereference in rose_send_frame()
2020-11-20 10:04:58 -08:00
rxrpc
net: rxrpc: convert comma to semicolon
2020-12-09 16:23:07 -08:00
sched
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-12-11 22:29:38 -08:00
sctp
sctp: Fix some typo
2020-11-23 17:44:11 -08:00
smc
net/smc: Add support for obtaining SMCR device list
2020-12-01 17:56:13 -08:00
strparser
sunrpc
net: datagram: fix some kernel-doc markups
2020-11-17 14:15:03 -08:00
switchdev
net: switchdev: Fixed kerneldoc warning
2020-09-23 17:46:31 -07:00
tipc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-12-11 22:29:38 -08:00
tls
net: fix proc_fs init handling in af_packet and tls
2020-12-14 19:39:30 -08:00
unix
networking changes for the 5.10 merge window
2020-10-15 18:42:13 -07:00
vmw_vsock
af_vsock: Assign the vsock transport considering the vsock address flags
2020-12-14 19:33:39 -08:00
wireless
A new set of wireless changes:
2020-12-12 10:07:56 -08:00
x25
net: x25: Remove unimplemented X.25-over-LLC code stubs
2020-12-12 17:15:33 -08:00
xdp
Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
2020-12-14 15:34:36 -08:00
xfrm
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next
2020-12-12 12:28:42 -08:00
compat.c
iov_iter: transparently handle compat iovecs in import_iovec
2020-10-03 00:02:13 -04:00
devres.c
Kconfig
wimax: move out to staging
2020-10-29 19:27:45 +01:00
Makefile
wimax: move out to staging
2020-10-29 19:27:45 +01:00
socket.c
net: Remove the err argument from sock_from_file
2020-12-04 22:32:40 +01:00
sysctl_net.c