| Message ID | 20230714160854.20562-1-jlee@suse.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
| Series | Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO | expand |
| Context | Check | Description |
|---|---|---|
| tedd_an/pre-ci_am | fail | error: patch failed: drivers/bluetooth/hci_ldisc.c:770 error: drivers/bluetooth/hci_ldisc.c: patch does not apply hint: Use 'git am --show-current-patch' to see the failed patch |
This is an automated email and please do not reply to this email. Dear Submitter, Thank you for submitting the patches to the linux bluetooth mailing list. While preparing the CI tests, the patches you submitted couldn't be applied to the current HEAD of the repository. ----- Output ----- error: patch failed: drivers/bluetooth/hci_ldisc.c:770 error: drivers/bluetooth/hci_ldisc.c: patch does not apply hint: Use 'git am --show-current-patch' to see the failed patch Please resolve the issue and submit the patches again. --- Regards, Linux Bluetooth
Hi Luiz Augusto von Dentz and all experts Sorry for I send out a duplicate patch again. Just ignore this duplicate patch, please. Thanks! Joey Lee On Sat, Jul 15, 2023 at 12:08:54AM +0800, Lee, Chun-Yi wrote: > This patch adds code to check HCI_UART_PROTO_READY flag before > accessing hci_uart->proto. It fixs the race condition in > hci_uart_tty_ioctl() between HCIUARTSETPROTO and HCIUARTGETPROTO. > This issue bug found by Yu Hao and Weiteng Chen: > > BUG: general protection fault in hci_uart_tty_ioctl [1] > > The information of C reproducer can also reference the link [2] > > Reported-by: Yu Hao <yhao016@ucr.edu> > Closes: https://lore.kernel.org/all/CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g@mail.gmail.com/ [1] > Reported-by: Weiteng Chen <wchen130@ucr.edu> > Closes: https://lore.kernel.org/lkml/CA+UBctDPEvHdkHMwD340=n02rh+jNRJNNQ5LBZNA+Wm4Keh2ow@mail.gmail.com/T/ [2] > Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com> > --- > drivers/bluetooth/hci_ldisc.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c > index efdda2c3fce8..a76eb98c0047 100644 > --- a/drivers/bluetooth/hci_ldisc.c > +++ b/drivers/bluetooth/hci_ldisc.c > @@ -770,7 +770,8 @@ static int hci_uart_tty_ioctl(struct tty_struct *tty, unsigned int cmd, > break; > > case HCIUARTGETPROTO: > - if (test_bit(HCI_UART_PROTO_SET, &hu->flags)) > + if (test_bit(HCI_UART_PROTO_SET, &hu->flags) && > + test_bit(HCI_UART_PROTO_READY, &hu->flags)) > err = hu->proto->id; > else > err = -EUNATCH; > -- > 2.35.3
diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c index efdda2c3fce8..a76eb98c0047 100644 --- a/drivers/bluetooth/hci_ldisc.c +++ b/drivers/bluetooth/hci_ldisc.c @@ -770,7 +770,8 @@ static int hci_uart_tty_ioctl(struct tty_struct *tty, unsigned int cmd, break; case HCIUARTGETPROTO: - if (test_bit(HCI_UART_PROTO_SET, &hu->flags)) + if (test_bit(HCI_UART_PROTO_SET, &hu->flags) && + test_bit(HCI_UART_PROTO_READY, &hu->flags)) err = hu->proto->id; else err = -EUNATCH;
This patch adds code to check HCI_UART_PROTO_READY flag before accessing hci_uart->proto. It fixs the race condition in hci_uart_tty_ioctl() between HCIUARTSETPROTO and HCIUARTGETPROTO. This issue bug found by Yu Hao and Weiteng Chen: BUG: general protection fault in hci_uart_tty_ioctl [1] The information of C reproducer can also reference the link [2] Reported-by: Yu Hao <yhao016@ucr.edu> Closes: https://lore.kernel.org/all/CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g@mail.gmail.com/ [1] Reported-by: Weiteng Chen <wchen130@ucr.edu> Closes: https://lore.kernel.org/lkml/CA+UBctDPEvHdkHMwD340=n02rh+jNRJNNQ5LBZNA+Wm4Keh2ow@mail.gmail.com/T/ [2] Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com> --- drivers/bluetooth/hci_ldisc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)