redonkable/remarkable-linux
redonkable/remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/net/bluetooth
History
Kuba Pawlak 2c501cdd68 Bluetooth: Fix crash on fast disconnect of SCO 
Fix a crash that may happen when a connection is closed before it was fully
established. Mapping conn->hcon was released by shutdown function, but it
is still referenced in (not yet finished) connection established handling
function.

[ 4635.254073] BUG: unable to handle kernel NULL pointer dereference at 00000013
[ 4635.262058] IP: [<c11659f0>] memcmp+0xe/0x25
[ 4635.266835] *pdpt = 0000000024190001 *pde = 0000000000000000
[ 4635.273261] Oops: 0000 [#1] PREEMPT SMP
[ 4635.277652] Modules linked in: evdev ecb vfat fat libcomposite usb2380 isofs zlib_inflate rfcomm(O) udc_core bnep(O) btusb(O) btbcm(O) btintel(O) bluetooth(O) cdc_acm arc4 uinput hid_mule
[ 4635.321761] Pid: 363, comm: kworker/u:2H Tainted: G           O 3.8.0-119.1-plk-adaptation-byt-ivi-brd #1
[ 4635.332642] EIP: 0060:[<c11659f0>] EFLAGS: 00010206 CPU: 0
[ 4635.338767] EIP is at memcmp+0xe/0x25
[ 4635.342852] EAX: e4720678 EBX: 00000000 ECX: 00000006 EDX: 00000013
[ 4635.349849] ESI: 00000000 EDI: fb85366c EBP: e40c7dc0 ESP: e40c7db4
[ 4635.356846]  DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[ 4635.362873] CR0: 8005003b CR2: 00000013 CR3: 24191000 CR4: 001007f0
[ 4635.369869] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 4635.376865] DR6: ffff0ff0 DR7: 00000400
[ 4635.381143] Process kworker/u:2H (pid: 363, ti=e40c6000 task=e40c5510 task.ti=e40c6000)
[ 4635.390080] Stack:
[ 4635.392319]  e4720400 00000000 fb85366c e40c7df4 fb842285 e40c7de2 fb853200 00000013
[ 4635.401003]  e3f101c4 e4720678 e3f101c0 e403be0a e40c7dfc e416a000 e403be0a fb85366c
[ 4635.409692]  e40c7e1c fb820186 020f6c00 e47c49ac e47c4008 00000000 e416a000 e47c402c
[ 4635.418380] Call Trace:
[ 4635.421153]  [<fb842285>] sco_connect_cfm+0xff/0x236 [bluetooth]
[ 4635.427893]  [<fb820186>] hci_sync_conn_complete_evt.clone.101+0x227/0x268 [bluetooth]
[ 4635.436758]  [<fb82370f>] hci_event_packet+0x1caa/0x21d3 [bluetooth]
[ 4635.443859]  [<c106231f>] ? trace_hardirqs_on+0xb/0xd
[ 4635.449502]  [<c1375b8a>] ? _raw_spin_unlock_irqrestore+0x42/0x59
[ 4635.456340]  [<fb814b67>] hci_rx_work+0xb9/0x350 [bluetooth]
[ 4635.462663]  [<c1039f1e>] ? process_one_work+0x17b/0x2e6
[ 4635.468596]  [<c1039f77>] process_one_work+0x1d4/0x2e6
[ 4635.474333]  [<c1039f1e>] ? process_one_work+0x17b/0x2e6
[ 4635.480294]  [<fb814aae>] ? hci_cmd_work+0xda/0xda [bluetooth]
[ 4635.486810]  [<c103a3fa>] worker_thread+0x171/0x20f
[ 4635.492257]  [<c10456c5>] ? complete+0x34/0x3e
[ 4635.497219]  [<c103ea06>] kthread+0x90/0x95
[ 4635.501888]  [<c103a289>] ? manage_workers+0x1df/0x1df
[ 4635.507628]  [<c1376537>] ret_from_kernel_thread+0x1b/0x28
[ 4635.513755]  [<c103e976>] ? __init_kthread_worker+0x42/0x42
[ 4635.519975] Code: 74 0d 3c 79 74 04 3c 59 75 0c c6 02 01 eb 03 c6 02 00 31 c0 eb 05 b8 ea ff ff ff 5d c3 55 89 e5 57 56 53 31 db eb 0e 0f b6 34 18 <0f> b6 3c 1a 43 29 fe 75 07 49 85 c9 7f
[ 4635.541264] EIP: [<c11659f0>] memcmp+0xe/0x25 SS:ESP 0068:e40c7db4
[ 4635.548166] CR2: 0000000000000013
[ 4635.552177] ---[ end trace e05ce9b8ce6182f6 ]---

Signed-off-by: Kuba Pawlak <kubax.t.pawlak@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2015-10-27 06:00:07 +01:00
..
bnep net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
cmtp Bluetooth: cmtp: Do not use list_for_each_safe when not needed 2015-07-30 13:50:35 +02:00
hidp Bluetooth: hidp: fix device disconnect on idle timeout 2015-10-21 00:49:23 +02:00
rfcomm Bluetooth: Fix potential NULL dereference in RFCOMM bind callback 2015-06-06 08:44:33 +02:00
6lowpan.c Bluetooth: 6lowpan: Use hci_conn_hash_lookup_le() when possible 2015-10-21 18:39:16 +02:00
a2mp.c Bluetooth: Move get info completed callback to a2mp.c 2015-07-30 13:37:22 +02:00
a2mp.h Bluetooth: Add BT_HS config option 2015-07-30 13:31:59 +02:00
af_bluetooth.c Bluetooth: Remove unneeded parenthesis around MSG_OOB 2015-10-26 08:20:51 +02:00
amp.c Bluetooth: Fix breakage in amp_write_rem_assoc_frag() 2015-08-10 20:41:34 +02:00
amp.h Bluetooth: Add BT_HS config option 2015-07-30 13:31:59 +02:00
ecc.c Bluetooth: Add ECC library for LE Secure Connections 2014-12-03 16:51:16 +01:00
ecc.h Bluetooth: Add ECC library for LE Secure Connections 2014-12-03 16:51:16 +01:00
hci_conn.c Bluetooth: Make hci_disconnect() behave correctly for all states 2015-10-22 11:37:22 +02:00
hci_core.c Bluetooth: Replace hci_notify with hci_sock_dev_event 2015-10-26 08:21:47 +02:00
hci_debugfs.c Bluetooth: Expose current Device ID information via debugfs 2015-04-02 08:40:35 +03:00
hci_debugfs.h Bluetooth: Provide option to enable/disable debugfs information 2015-02-15 18:54:13 +02:00
hci_event.c Bluetooth: Rename bt_cb()->req into bt_cb()->hci 2015-10-26 08:21:03 +02:00
hci_request.c Bluetooth: Rename bt_cb()->req into bt_cb()->hci 2015-10-26 08:21:03 +02:00
hci_request.h Bluetooth: Introduce hci_req helper to abort a connection 2015-10-22 11:37:22 +02:00
hci_sock.c Bluetooth: Rename bt_cb()->req into bt_cb()->hci 2015-10-26 08:21:03 +02:00
hci_sysfs.c Bluetooth: Convert to use ATTRIBUTE_GROUPS macro 2014-02-13 09:51:34 +02:00
Kconfig Bluetooth: Add BT_HS config option 2015-07-30 13:31:59 +02:00
l2cap_core.c Bluetooth: Enable new connection establishment procedure. 2015-08-10 21:36:13 +02:00
l2cap_sock.c Bluetooth: l2cap_disconnection_req priority over shutdown 2015-10-21 00:49:26 +02:00
lib.c Bluetooth: Add BT_WARN and bt_dev_warn logging macros 2015-09-24 16:25:44 +02:00
Makefile Bluetooth: Add BT_HS config option 2015-07-30 13:31:59 +02:00
mgmt.c Bluetooth: Take advantage of connection abort helpers 2015-10-22 11:37:22 +02:00
mgmt_util.c Bluetooth: Add generic mgmt helper API 2015-03-17 18:03:08 +01:00
mgmt_util.h Bluetooth: Add generic mgmt helper API 2015-03-17 18:03:08 +01:00
sco.c Bluetooth: Fix crash on fast disconnect of SCO 2015-10-27 06:00:07 +01:00
selftest.c Bluetooth: Export ECDH selftest result in debugfs 2015-04-02 08:47:38 +03:00
selftest.h Bluetooth: Add support for self testing framework 2014-12-30 08:53:55 +02:00
smp.c Bluetooth: Fix crash in SMP when unpairing 2015-10-22 09:02:03 +02:00
smp.h Bluetooth: Fix crash in SMP when unpairing 2015-10-22 09:02:03 +02:00