linux

korg/linux

mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-23 20:24:12 +08:00

History

Neeraj Sanjay Kale c68bbf5e33 Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() This adds a check before freeing the rx->skb in flush and close functions to handle the kernel crash seen while removing driver after FW download fails or before FW download completes. dmesg log: [ 54.634586] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080 [ 54.643398] Mem abort info: [ 54.646204] ESR = 0x0000000096000004 [ 54.649964] EC = 0x25: DABT (current EL), IL = 32 bits [ 54.655286] SET = 0, FnV = 0 [ 54.658348] EA = 0, S1PTW = 0 [ 54.661498] FSC = 0x04: level 0 translation fault [ 54.666391] Data abort info: [ 54.669273] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 54.674768] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 54.674771] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 54.674775] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000048860000 [ 54.674780] [0000000000000080] pgd=0000000000000000, p4d=0000000000000000 [ 54.703880] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 54.710152] Modules linked in: btnxpuart(-) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_micfil snd_soc_fsl_spdif snd_soc_fsl_sai snd_soc_fsl_utils imx_pcm_dma gpio_ir_recv rc_core sch_fq_codel fuse [ 54.744357] CPU: 3 PID: 72 Comm: kworker/u9:0 Not tainted 6.6.3-otbr-g128004619037 #2 [ 54.744364] Hardware name: FSL i.MX8MM EVK board (DT) [ 54.744368] Workqueue: hci0 hci_power_on [ 54.757244] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 54.757249] pc : kfree_skb_reason+0x18/0xb0 [ 54.772299] lr : btnxpuart_flush+0x40/0x58 [btnxpuart] [ 54.782921] sp : ffff8000805ebca0 [ 54.782923] x29: ffff8000805ebca0 x28: ffffa5c6cf1869c0 x27: ffffa5c6cf186000 [ 54.782931] x26: ffff377b84852400 x25: ffff377b848523c0 x24: ffff377b845e7230 [ 54.782938] x23: ffffa5c6ce8dbe08 x22: ffffa5c6ceb65410 x21: 00000000ffffff92 [ 54.782945] x20: ffffa5c6ce8dbe98 x19: ffffffffffffffac x18: ffffffffffffffff [ 54.807651] x17: 0000000000000000 x16: ffffa5c6ce2824ec x15: ffff8001005eb857 [ 54.821917] x14: 0000000000000000 x13: ffffa5c6cf1a02e0 x12: 0000000000000642 [ 54.821924] x11: 0000000000000040 x10: ffffa5c6cf19d690 x9 : ffffa5c6cf19d688 [ 54.821931] x8 : ffff377b86000028 x7 : 0000000000000000 x6 : 0000000000000000 [ 54.821938] x5 : ffff377b86000000 x4 : 0000000000000000 x3 : 0000000000000000 [ 54.843331] x2 : 0000000000000000 x1 : 0000000000000002 x0 : ffffffffffffffac [ 54.857599] Call trace: [ 54.857601] kfree_skb_reason+0x18/0xb0 [ 54.863878] btnxpuart_flush+0x40/0x58 [btnxpuart] [ 54.863888] hci_dev_open_sync+0x3a8/0xa04 [ 54.872773] hci_power_on+0x54/0x2e4 [ 54.881832] process_one_work+0x138/0x260 [ 54.881842] worker_thread+0x32c/0x438 [ 54.881847] kthread+0x118/0x11c [ 54.881853] ret_from_fork+0x10/0x20 [ 54.896406] Code: a9be7bfd 910003fd f9000bf3 aa0003f3 (b940d400) [ 54.896410] ---[ end trace 0000000000000000 ]--- Signed-off-by: Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com> Tested-by: Guillaume Legoupil <guillaume.legoupil@nxp.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>		2024-07-14 21:33:25 -04:00
..
ath3k.c	Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl	2024-05-14 10:51:05 -04:00
bcm203x.c	Bluetooth: bcm203x: remove superfluous header files	2022-03-18 17:12:09 +01:00
bfusb.c	Bluetooth: bfusb: fix division by zero in send path	2021-10-25 15:04:46 +02:00
bluecard_cs.c	Bluetooth: Use fallthrough pseudo-keyword	2020-07-10 19:09:42 +02:00
bpa10x.c	Bluetooth: bpa10x: change return value	2019-09-04 16:11:46 +02:00
bt3c_cs.c	Bluetooth: bt3c_cs: Fix obsolete function	2018-09-27 12:57:39 +02:00
btbcm.c	Bluetooth: btbcm: Use devm_kstrdup()	2024-03-06 17:24:06 -05:00
btbcm.h	Bluetooth: hci_bcm: Add support for FW loading in autobaud mode	2022-07-21 17:04:38 -07:00
btintel_pcie.c	Bluetooth: btintel_pcie: Fix REVERSE_INULL issue reported by coverity	2024-06-28 14:30:25 -04:00
btintel_pcie.h	Bluetooth: btintel_pcie: Refactor and code cleanup	2024-05-14 10:58:30 -04:00
btintel.c	Bluetooth: btintel: Export few static functions	2024-05-14 10:54:55 -04:00
btintel.h	Bluetooth: btintel: Fix compiler warning for multi_v7_defconfig config	2024-05-14 10:56:16 -04:00
btmrvl_debugfs.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_390.RULE	2022-06-10 14:51:36 +02:00
btmrvl_drv.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_390.RULE	2022-06-10 14:51:36 +02:00
btmrvl_main.c	Bluetooth: HCI: Remove HCI_AMP support	2024-05-14 10:54:49 -04:00
btmrvl_sdio.c	Bluetooth: btmrvl_sdio: drop driver owner initialization	2024-04-04 11:09:12 +02:00
btmrvl_sdio.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_390.RULE	2022-06-10 14:51:36 +02:00
btmtk.c	Bluetooth: btusb: mediatek: Fix double free of skb in coredump	2024-04-24 16:26:16 -04:00
btmtk.h	Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922	2024-03-06 17:27:11 -05:00
btmtksdio.c	Bluetooth: btmtksdio: drop driver owner initialization	2024-04-04 11:09:12 +02:00
btmtkuart.c	treewide, serdev: change receive_buf() return type to size_t	2024-01-27 18:13:53 -08:00
btnxpuart.c	Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()	2024-07-14 21:33:25 -04:00
btqca.c	Bluetooth: qca: Fix error code in qca_read_fw_build_info()	2024-05-14 10:51:09 -04:00
btqca.h	Bluetooth: qca: clean up defines	2024-05-14 10:51:07 -04:00
btqcomsmd.c	Bluetooth: btqcomsmd: Convert to platform remove callback returning void	2024-05-14 10:51:03 -04:00
btrsi.c	Bluetooth: HCI: Remove HCI_AMP support	2024-05-14 10:54:49 -04:00
btrtl.c	Bluetooth: Populate hci_set_hw_info for Intel and Realtek	2024-05-14 10:51:05 -04:00
btrtl.h	Bluetooth: btrtl: Add Realtek devcoredump support	2023-08-11 11:35:14 -07:00
btsdio.c	Bluetooth: HCI: Remove HCI_AMP support	2024-05-14 10:54:49 -04:00
btusb.c	Bluetooth: HCI: Remove HCI_AMP support	2024-05-14 10:54:49 -04:00
dtl1_cs.c
h4_recv.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
hci_ag6xx.c	Bluetooth: hci_uart: Remove redundant assignment to fw_ptr	2021-06-26 07:52:41 +02:00
hci_ath.c	Bluetooth: hci_uart: check for missing tty operations	2019-07-31 13:17:33 -07:00
hci_bcm4377.c	Bluetooth: hci_bcm4377: Increase boot timeout	2024-07-14 21:33:25 -04:00
hci_bcm.c	Bluetooth: hci_bcm: Limit bcm43455 baudrate to 2000000	2024-05-14 10:51:05 -04:00
hci_bcsp.c	treewide: Convert del_timer() to timer_shutdown()	2022-12-25 13:38:09 -08:00
hci_h4.c	Bluetooth: hci_h4: Fix padding calculation error within h4_recv_buf()	2021-11-16 13:57:25 +01:00
hci_h5.c	Bluetooth: btrtl: fix out of bounds memory access	2024-03-06 17:26:21 -05:00
hci_intel.c	Bluetooth: hci_intel: Fix multiple issues reported by checkpatch.pl	2024-05-14 10:51:04 -04:00
hci_ldisc.c	Bluetooth: HCI: Remove HCI_AMP support	2024-05-14 10:54:49 -04:00
hci_ll.c	Bluetooth: hci_ll: drop of_match_ptr for ID table	2023-04-23 21:49:03 -07:00
hci_mrvl.c	Bluetooth: hci_mrvl: Add serdev support for 88W8997	2023-04-23 21:45:29 -07:00
hci_nokia.c	Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe()	2023-08-11 11:50:41 -07:00
hci_qca.c	Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot	2024-06-28 14:30:31 -04:00
hci_serdev.c	Bluetooth: HCI: Remove HCI_AMP support	2024-05-14 10:54:49 -04:00
hci_uart.h	Bluetooth: HCI: Remove HCI_AMP support	2024-05-14 10:54:49 -04:00
hci_vhci.c	Bluetooth: HCI: Remove HCI_AMP support	2024-05-14 10:54:49 -04:00
Kconfig	Bluetooth: btintel_pcie: Add support for PCIe transport	2024-05-14 10:54:56 -04:00
Makefile	Bluetooth: btintel_pcie: Add support for PCIe transport	2024-05-14 10:54:56 -04:00
virtio_bt.c	virtio: features, fixes, cleanups	2024-05-23 12:04:36 -07:00