mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-09 01:59:41 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/bluetooth
History
Matias Karhumaa 09b6c08061 Bluetooth: Fix debugfs NULL pointer dereference 
[ Upstream commit 30d65e0804 ]

Fix crash caused by NULL pointer dereference when debugfs functions
le_max_key_read, le_max_key_size_write, le_min_key_size_read or
le_min_key_size_write and Bluetooth adapter was powered off.

Fix is to move max_key_size and min_key_size from smp_dev to hci_dev.
At the same time they were renamed to le_max_key_size and
le_min_key_size.

BUG: unable to handle kernel NULL pointer dereference at 00000000000002e8
PGD 0 P4D 0
Oops: 0000 [#24] SMP PTI
CPU: 2 PID: 6255 Comm: cat Tainted: G      D    OE     4.18.9-200.fc28.x86_64 #1
Hardware name: LENOVO 4286CTO/4286CTO, BIOS 8DET76WW (1.46 ) 06/21/2018
RIP: 0010:le_max_key_size_read+0x45/0xb0 [bluetooth]
Code: 00 00 00 48 83 ec 10 65 48 8b 04 25 28 00 00 00 48 89 44 24 08 31 c0 48 8b 87 c8 00 00 00 48 8d 7c 24 04 48 8b 80 48 0a 00 00 <48> 8b 80 e8 02 00 00 0f b6 48 52 e8 fb b6 b3 ed be 04 00 00 00 48
RSP: 0018:ffffab23c3ff3df0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 00007f0b4ca2e000 RCX: ffffab23c3ff3f08
RDX: ffffffffc0ddb033 RSI: 0000000000000004 RDI: ffffab23c3ff3df4
RBP: 0000000000020000 R08: 0000000000000000 R09: 0000000000000000
R10: ffffab23c3ff3ed8 R11: 0000000000000000 R12: ffffab23c3ff3f08
R13: 00007f0b4ca2e000 R14: 0000000000020000 R15: ffffab23c3ff3f08
FS:  00007f0b4ca0f540(0000) GS:ffff91bd5e280000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000000002e8 CR3: 00000000629fa006 CR4: 00000000000606e0
Call Trace:
 full_proxy_read+0x53/0x80
 __vfs_read+0x36/0x180
 vfs_read+0x8a/0x140
 ksys_read+0x4f/0xb0
 do_syscall_64+0x5b/0x160
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Signed-off-by: Matias Karhumaa <matias.karhumaa@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-04-20 09:16:01 +02:00
..
bnep net: remove sock_no_poll 2018-05-26 09:16:44 +02:00
cmtp Merge branch 'work.aio-1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-06-04 13:57:43 -07:00
hidp Bluetooth: hidp: buffer overflow in hidp_process_report 2018-08-01 09:12:35 +02:00
rfcomm Bluetooth: Fix locking in bt_accept_enqueue() for BH context 2019-03-10 07:17:21 +01:00
6lowpan.c 6lowpan: fix set not used warning 2017-07-25 12:31:37 -07:00
a2mp.c Bluetooth: Use bt_dev_err and bt_dev_info when possible 2017-10-30 12:25:45 +02:00
a2mp.h Bluetooth: Add BT_HS config option 2015-07-30 13:31:59 +02:00
af_bluetooth.c Bluetooth: Fix locking in bt_accept_enqueue() for BH context 2019-03-10 07:17:21 +01:00
amp.c Bluetooth: Use bt_dev_err and bt_dev_info when possible 2017-10-30 12:25:45 +02:00
amp.h Bluetooth: Add BT_HS config option 2015-07-30 13:31:59 +02:00
ecdh_helper.c Bluetooth: let the crypto subsystem generate the ecc privkey 2017-10-06 20:35:47 +02:00
ecdh_helper.h Bluetooth: let the crypto subsystem generate the ecc privkey 2017-10-06 20:35:47 +02:00
hci_conn.c Bluetooth: Implement Set ADV set random address 2018-07-30 13:44:53 +02:00
hci_core.c Bluetooth: Fix debugfs NULL pointer dereference 2019-04-20 09:16:01 +02:00
hci_debugfs.c Bluetooth: Store Resolv list size 2018-07-06 12:40:08 +02:00
hci_debugfs.h Bluetooth: Provide option to enable/disable debugfs information 2015-02-15 18:54:13 +02:00
hci_event.c Bluetooth: Fix unnecessary error message for HCI request completion 2019-01-26 09:32:44 +01:00
hci_request.c Bluetooth: Implement secondary advertising on different PHYs 2018-07-30 13:44:53 +02:00
hci_request.h Bluetooth: Implement Set ADV set random address 2018-07-30 13:44:53 +02:00
hci_sock.c Bluetooth: Fix decrementing reference count twice in releasing socket 2019-03-27 14:14:42 +09:00
hci_sysfs.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
Kconfig Revert "Bluetooth: Add option for disabling legacy ioctl interfaces" 2017-09-28 13:20:32 -07:00
l2cap_core.c Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer 2019-04-03 06:26:14 +02:00
l2cap_sock.c Bluetooth: Fix locking in bt_accept_enqueue() for BH context 2019-03-10 07:17:21 +01:00
leds.c leds: triggers: let struct led_trigger::activate() return an error code 2018-07-05 23:21:10 +02:00
leds.h Bluetooth: Add combined LED trigger for controller power 2016-09-19 20:19:34 +02:00
lib.c Bluetooth: make baswap src const 2017-09-01 22:49:47 +02:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mgmt.c Bluetooth: SMP: fix crash in unpairing 2018-09-26 12:39:32 +03:00
mgmt_util.c networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
mgmt_util.h Bluetooth: Add generic mgmt helper API 2015-03-17 18:03:08 +01:00
sco.c Bluetooth: Fix locking in bt_accept_enqueue() for BH context 2019-03-10 07:17:21 +01:00
selftest.c Bluetooth: Fix compiler warning with selftest duration calculation 2017-10-06 21:49:13 +03:00
selftest.h Bluetooth: Add support for self testing framework 2014-12-30 08:53:55 +02:00
smp.c Bluetooth: Fix debugfs NULL pointer dereference 2019-04-20 09:16:01 +02:00
smp.h Bluetooth: SMP: fix crash in unpairing 2018-09-26 12:39:32 +03:00