redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/net
History
Alain Michaud 9acd96f14a Bluetooth: fix kernel oops in store_pending_adv_report 
[ Upstream commit a2ec905d1e ]

Fix kernel oops observed when an ext adv data is larger than 31 bytes.

This can be reproduced by setting up an advertiser with advertisement
larger than 31 bytes.  The issue is not sensitive to the advertisement
content.  In particular, this was reproduced with an advertisement of
229 bytes filled with 'A'.  See stack trace below.

This is fixed by not catching ext_adv as legacy adv are only cached to
be able to concatenate a scanable adv with its scan response before
sending it up through mgmt.

With ext_adv, this is no longer necessary.

  general protection fault: 0000 [#1] SMP PTI
  CPU: 6 PID: 205 Comm: kworker/u17:0 Not tainted 5.4.0-37-generic #41-Ubuntu
  Hardware name: Dell Inc. XPS 15 7590/0CF6RR, BIOS 1.7.0 05/11/2020
  Workqueue: hci0 hci_rx_work [bluetooth]
  RIP: 0010:hci_bdaddr_list_lookup+0x1e/0x40 [bluetooth]
  Code: ff ff e9 26 ff ff ff 0f 1f 44 00 00 0f 1f 44 00 00 55 48 8b 07 48 89 e5 48 39 c7 75 0a eb 24 48 8b 00 48 39 f8 74 1c 44 8b 06 <44> 39 40 10 75 ef 44 0f b7 4e 04 66 44 39 48 14 75 e3 38 50 16 75
  RSP: 0018:ffffbc6a40493c70 EFLAGS: 00010286
  RAX: 4141414141414141 RBX: 000000000000001b RCX: 0000000000000000
  RDX: 0000000000000000 RSI: ffff9903e76c100f RDI: ffff9904289d4b28
  RBP: ffffbc6a40493c70 R08: 0000000093570362 R09: 0000000000000000
  R10: 0000000000000000 R11: ffff9904344eae38 R12: ffff9904289d4000
  R13: 0000000000000000 R14: 00000000ffffffa3 R15: ffff9903e76c100f
  FS: 0000000000000000(0000) GS:ffff990434580000(0000) knlGS:0000000000000000
  CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 00007feed125a000 CR3: 00000001b860a003 CR4: 00000000003606e0
  Call Trace:
    process_adv_report+0x12e/0x560 [bluetooth]
    hci_le_meta_evt+0x7b2/0xba0 [bluetooth]
    hci_event_packet+0x1c29/0x2a90 [bluetooth]
    hci_rx_work+0x19b/0x360 [bluetooth]
    process_one_work+0x1eb/0x3b0
    worker_thread+0x4d/0x400
    kthread+0x104/0x140

Fixes: c215e9397b ("Bluetooth: Process extended ADV report event")
Reported-by: Andy Nguyen <theflow@google.com>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: Balakrishna Godavarthi <bgodavar@codeaurora.org>
Signed-off-by: Alain Michaud <alainm@chromium.org>
Tested-by: Sonny Sasaka <sonnysasaka@chromium.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2020-08-05 09:59:49 +02:00
..
6lowpan 6lowpan: no need to check return value of debugfs_create functions 2019-07-06 12:50:01 +02:00
9p 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work 2020-08-05 09:59:42 +02:00
802 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
8021q vlan: vlan_changelink() should propagate errors 2020-01-12 12:21:50 +01:00
appletalk appletalk: enforce CAP_NET_RAW for raw sockets 2019-09-24 16:37:18 +02:00
atm net: atm: Reduce the severity of logging in unlink_clip_vcc 2019-11-18 17:08:20 -08:00
ax25 AX.25: Prevent integer overflows in connect and sendmsg 2020-07-31 18:39:31 +02:00
batman-adv batman-adv: Revert "disable ethtool link speed detection when auto negotiation off" 2020-06-22 09:30:56 +02:00
bluetooth Bluetooth: fix kernel oops in store_pending_adv_report 2020-08-05 09:59:49 +02:00
bpf bpf/flow_dissector: support flags in BPF_PROG_TEST_RUN 2019-07-25 18:00:41 -07:00
bpfilter net/bpfilter: remove superfluous testing message 2020-04-21 09:04:53 +02:00
bridge bridge: mcast: Fix MLD2 Report IPv6 payload length check 2020-07-22 09:32:46 +02:00
caif net: use skb_queue_empty_lockless() in poll() handlers 2019-10-28 13:33:41 -07:00
can can: j1939: j1939_sk_bind(): take priv after lock is held 2019-12-31 16:45:56 +01:00
ceph libceph: don't omit recovery_deletes in target_copy() 2020-07-22 09:33:17 +02:00
core udp: Copy has_conns in reuseport_grow(). 2020-07-31 18:39:31 +02:00
dcb treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 201 2019-05-30 11:29:52 -07:00
dccp dccp: Fix possible memleak in dccp_init and dccp_fini 2020-06-17 16:40:32 +02:00
decnet net: add bool confirm_neigh parameter for dst_ops.update_pmtu 2020-01-04 19:18:58 +01:00
dns_resolver KEYS: Don't write out to userspace while holding key semaphore 2020-04-23 10:36:45 +02:00
dsa net: dsa: declare lockless TX feature for slave ports 2020-06-03 08:21:38 +02:00
ethernet net: add annotations on hh->hh_len lockless accesses 2020-01-09 10:20:06 +01:00
hsr hsr: check protocol version in hsr_newlink() 2020-04-21 09:04:44 +02:00
ieee802154 nl802154: add missing attribute validation for dev_type 2020-03-18 07:17:44 +01:00
ife net: Fix Kconfig indentation 2019-09-26 08:56:17 +02:00
ipv4 udp: Improve load balancing for SO_REUSEPORT. 2020-07-31 18:39:31 +02:00
ipv6 udp: Improve load balancing for SO_REUSEPORT. 2020-07-31 18:39:31 +02:00
iucv net/af_iucv: mark expected switch fall-throughs 2019-07-29 10:26:14 -07:00
kcm kcm: disable preemption in kcm_parse_func_strparser() 2019-09-27 10:27:14 +02:00
key xfrm: policy: match with both mark and mask on user interfaces 2020-08-05 09:59:44 +02:00
l2tp l2tp: remove skb_dst_set() from l2tp_xmit_skb() 2020-07-22 09:32:47 +02:00
l3mdev ipv6: convert major tx path to use RT6_LOOKUP_F_DST_NOREF 2019-06-23 13:24:17 -07:00
lapb Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-17 20:20:36 -07:00
llc llc: make sure applications use ARPHRD_ETHER 2020-07-22 09:32:47 +02:00
mac80211 mac80211: mesh: Free pending skb when destroying a mpath 2020-08-05 09:59:48 +02:00
mac802154 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
mpls net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup 2019-12-18 16:08:42 +01:00
ncsi net/ncsi: Disable global multicast filter 2019-09-19 18:04:40 -07:00
netfilter ipvs: fix the connection sync failed in some cases 2020-07-29 10:18:34 +02:00
netlabel netlabel: cope with NULL catmap 2020-05-20 08:20:08 +02:00
netlink genetlink: remove genl_bind 2020-07-22 09:32:46 +02:00
netrom net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node 2020-04-29 16:33:08 +02:00
nfc nfc: add missing attribute validation for vendor subcommand 2020-03-18 07:17:46 +01:00
nsh treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
openvswitch openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len 2020-06-30 15:36:45 -04:00
packet net/packet: tpacket_rcv: avoid a producer race condition 2020-04-01 11:01:35 +02:00
phonet net: use skb_queue_empty_lockless() in poll() handlers 2019-10-28 13:33:41 -07:00
psample net: psample: fix skb_over_panic 2019-12-04 22:30:54 +01:00
qrtr qrtr: orphan socket in qrtr_release() 2020-07-31 18:39:30 +02:00
rds rds: Prevent kernel-infoleak in rds_notify_queue_get() 2020-08-05 09:59:44 +02:00
rfkill rfkill: Fix incorrect check to avoid NULL pointer dereference 2020-01-12 12:21:33 +01:00
rose net: core: add generic lockdep keys 2019-10-24 14:53:48 -07:00
rxrpc rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA 2020-07-31 18:39:31 +02:00
sched sched: consistently handle layer3 header accesses in the presence of VLANs 2020-07-22 09:32:48 +02:00
sctp sctp: shrink stream outq when fails to do addstream reconf 2020-07-31 18:39:31 +02:00
smc net/smc: cancel event worker during device removal 2020-03-18 07:17:59 +01:00
strparser Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-22 08:59:24 -04:00
sunrpc sunrpc: check that domain table is empty at module unload. 2020-08-05 09:59:41 +02:00
switchdev treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
tipc tipc: block BH before using dst_cache 2020-06-03 08:21:03 +02:00
tls bpf: Fix running sk_skb program types with ktls 2020-06-22 09:31:12 +02:00
unix af_unix: add compat_ioctl support 2020-01-17 19:48:52 +01:00
vmw_vsock vsock/virtio: annotate 'the_virtio_vsock' RCU pointer 2020-07-29 10:18:31 +02:00
wimax wimax: no need to check return value of debugfs_create functions 2019-08-10 15:25:47 -07:00
wireless nl80211: don't return err unconditionally in nl80211_start_ap() 2020-07-16 08:16:37 +02:00
x25 net/x25: Fix null-ptr-deref in x25_disconnect 2020-08-05 09:59:44 +02:00
xdp xdp: Fix xsk_generic_xmit errno 2020-06-24 17:50:44 +02:00
xfrm xfrm: policy: match with both mark and mask on user interfaces 2020-08-05 09:59:44 +02:00
Kconfig net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build 2020-04-01 11:02:18 +02:00
Makefile net: split out functions related to registering inflight socket files 2019-02-28 08:24:23 -07:00
compat.c uio: make import_iovec()/compat_import_iovec() return bytes on success 2019-05-31 15:30:03 -06:00
socket.c compat_ioctl: handle SIOCOUTQNSD 2020-01-17 19:48:52 +01:00
sysctl_net.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00