f3ff53065c
commit 9c33663af9ad115f90c076a1828129a3fbadea98 upstream. This patch adds code to check HCI_UART_PROTO_READY flag before accessing hci_uart->proto. It fixes the race condition in hci_uart_tty_ioctl() between HCIUARTSETPROTO and HCIUARTGETPROTO. This issue bug found by Yu Hao and Weiteng Chen: BUG: general protection fault in hci_uart_tty_ioctl [1] The information of C reproducer can also reference the link [2] Reported-by: Yu Hao <yhao016@ucr.edu> Closes: https://lore.kernel.org/all/CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g@mail.gmail.com/ [1] Reported-by: Weiteng Chen <wchen130@ucr.edu> Closes: https://lore.kernel.org/lkml/CA+UBctDPEvHdkHMwD340=n02rh+jNRJNNQ5LBZNA+Wm4Keh2ow@mail.gmail.com/T/ [2] Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|---|---|---|
| .. | ||
| ath3k.c | ||
| bcm43xx.c | ||
| bcm203x.c | ||
| bfusb.c | ||
| bluecard_cs.c | ||
| bpa10x.c | ||
| bt3c_cs.c | ||
| btbcm.c | ||
| btbcm.h | ||
| btintel.c | ||
| btintel.h | ||
| btmrvl_debugfs.c | ||
| btmrvl_drv.h | ||
| btmrvl_main.c | ||
| btmrvl_sdio.c | ||
| btmrvl_sdio.h | ||
| btmtksdio.c | ||
| btmtkuart.c | ||
| btpower.c | ||
| btqca.c | ||
| btqca.h | ||
| btqcomsmd.c | ||
| btrsi.c | ||
| btrtl.c | ||
| btrtl.h | ||
| btsdio.c | ||
| btusb.c | ||
| btwilink.c | ||
| dtl1_cs.c | ||
| h4_recv.h | ||
| hci_ag6xx.c | ||
| hci_ath.c | ||
| hci_bcm.c | ||
| hci_bcsp.c | ||
| hci_h4.c | ||
| hci_h5.c | ||
| hci_intel.c | ||
| hci_ldisc.c | ||
| hci_ll.c | ||
| hci_mrvl.c | ||
| hci_nokia.c | ||
| hci_qca.c | ||
| hci_serdev.c | ||
| hci_uart.h | ||
| hci_vhci.c | ||
| Kconfig | ||
| Makefile | ||