* [PATCH] Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO
@ 2023-07-14 16:08 Lee, Chun-Yi
2023-07-14 16:16 ` bluez.test.bot
2023-07-14 16:17 ` [PATCH] " joeyli
0 siblings, 2 replies; 6+ messages in thread
From: Lee, Chun-Yi @ 2023-07-14 16:08 UTC (permalink / raw)
To: Marcel Holtmann, Johan Hedberg
Cc: David S . Miller, linux-kernel, linux-bluetooth, Lee, Chun-Yi
This patch adds code to check HCI_UART_PROTO_READY flag before
accessing hci_uart->proto. It fixs the race condition in
hci_uart_tty_ioctl() between HCIUARTSETPROTO and HCIUARTGETPROTO.
This issue bug found by Yu Hao and Weiteng Chen:
BUG: general protection fault in hci_uart_tty_ioctl [1]
The information of C reproducer can also reference the link [2]
Reported-by: Yu Hao <yhao016@ucr.edu>
Closes: https://lore.kernel.org/all/CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g@mail.gmail.com/ [1]
Reported-by: Weiteng Chen <wchen130@ucr.edu>
Closes: https://lore.kernel.org/lkml/CA+UBctDPEvHdkHMwD340=n02rh+jNRJNNQ5LBZNA+Wm4Keh2ow@mail.gmail.com/T/ [2]
Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
---
drivers/bluetooth/hci_ldisc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c
index efdda2c3fce8..a76eb98c0047 100644
--- a/drivers/bluetooth/hci_ldisc.c
+++ b/drivers/bluetooth/hci_ldisc.c
@@ -770,7 +770,8 @@ static int hci_uart_tty_ioctl(struct tty_struct *tty, unsigned int cmd,
break;
case HCIUARTGETPROTO:
- if (test_bit(HCI_UART_PROTO_SET, &hu->flags))
+ if (test_bit(HCI_UART_PROTO_SET, &hu->flags) &&
+ test_bit(HCI_UART_PROTO_READY, &hu->flags))
err = hu->proto->id;
else
err = -EUNATCH;
--
2.35.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* RE: Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO
2023-07-14 16:08 [PATCH] Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Lee, Chun-Yi
@ 2023-07-14 16:16 ` bluez.test.bot
2023-07-14 16:17 ` [PATCH] " joeyli
1 sibling, 0 replies; 6+ messages in thread
From: bluez.test.bot @ 2023-07-14 16:16 UTC (permalink / raw)
To: linux-bluetooth, joeyli.kernel
[-- Attachment #1: Type: text/plain, Size: 560 bytes --]
This is an automated email and please do not reply to this email.
Dear Submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
While preparing the CI tests, the patches you submitted couldn't be applied to the current HEAD of the repository.
----- Output -----
error: patch failed: drivers/bluetooth/hci_ldisc.c:770
error: drivers/bluetooth/hci_ldisc.c: patch does not apply
hint: Use 'git am --show-current-patch' to see the failed patch
Please resolve the issue and submit the patches again.
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO
2023-07-14 16:08 [PATCH] Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Lee, Chun-Yi
2023-07-14 16:16 ` bluez.test.bot
@ 2023-07-14 16:17 ` joeyli
1 sibling, 0 replies; 6+ messages in thread
From: joeyli @ 2023-07-14 16:17 UTC (permalink / raw)
To: Luiz Augusto von Dentz
Cc: Marcel Holtmann, Johan Hedberg, David S . Miller, linux-kernel,
linux-bluetooth, jlee
Hi Luiz Augusto von Dentz and all experts
Sorry for I send out a duplicate patch again. Just ignore this
duplicate patch, please.
Thanks!
Joey Lee
On Sat, Jul 15, 2023 at 12:08:54AM +0800, Lee, Chun-Yi wrote:
> This patch adds code to check HCI_UART_PROTO_READY flag before
> accessing hci_uart->proto. It fixs the race condition in
> hci_uart_tty_ioctl() between HCIUARTSETPROTO and HCIUARTGETPROTO.
> This issue bug found by Yu Hao and Weiteng Chen:
>
> BUG: general protection fault in hci_uart_tty_ioctl [1]
>
> The information of C reproducer can also reference the link [2]
>
> Reported-by: Yu Hao <yhao016@ucr.edu>
> Closes: https://lore.kernel.org/all/CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g@mail.gmail.com/ [1]
> Reported-by: Weiteng Chen <wchen130@ucr.edu>
> Closes: https://lore.kernel.org/lkml/CA+UBctDPEvHdkHMwD340=n02rh+jNRJNNQ5LBZNA+Wm4Keh2ow@mail.gmail.com/T/ [2]
> Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
> ---
> drivers/bluetooth/hci_ldisc.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c
> index efdda2c3fce8..a76eb98c0047 100644
> --- a/drivers/bluetooth/hci_ldisc.c
> +++ b/drivers/bluetooth/hci_ldisc.c
> @@ -770,7 +770,8 @@ static int hci_uart_tty_ioctl(struct tty_struct *tty, unsigned int cmd,
> break;
>
> case HCIUARTGETPROTO:
> - if (test_bit(HCI_UART_PROTO_SET, &hu->flags))
> + if (test_bit(HCI_UART_PROTO_SET, &hu->flags) &&
> + test_bit(HCI_UART_PROTO_READY, &hu->flags))
> err = hu->proto->id;
> else
> err = -EUNATCH;
> --
> 2.35.3
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO
2023-07-10 15:17 Lee, Chun-Yi
@ 2023-07-12 21:20 ` patchwork-bot+bluetooth
0 siblings, 0 replies; 6+ messages in thread
From: patchwork-bot+bluetooth @ 2023-07-12 21:20 UTC (permalink / raw)
To: Lee, Chun-Yi
Cc: marcel, johan.hedberg, linux-bluetooth, linux-kernel, yhao016, jlee
Hello:
This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:
On Mon, 10 Jul 2023 23:17:23 +0800 you wrote:
> This patch adds code to check HCI_UART_PROTO_READY flag before
> accessing hci_uart->proto. It fixs the race condition in
> hci_uart_tty_ioctl() between HCIUARTSETPROTO and HCIUARTGETPROTO.
> This issue bug found by Yu Hao and Weiteng Chen:
>
> BUG: general protection fault in hci_uart_tty_ioctl [1]
>
> [...]
Here is the summary with links:
- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO
https://git.kernel.org/bluetooth/bluetooth-next/c/ff1b86784849
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH] Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO
@ 2023-07-10 15:17 Lee, Chun-Yi
2023-07-12 21:20 ` patchwork-bot+bluetooth
0 siblings, 1 reply; 6+ messages in thread
From: Lee, Chun-Yi @ 2023-07-10 15:17 UTC (permalink / raw)
To: Marcel Holtmann, Johan Hedberg
Cc: linux-bluetooth, linux-kernel, Yu Hao, Lee, Chun-Yi
This patch adds code to check HCI_UART_PROTO_READY flag before
accessing hci_uart->proto. It fixs the race condition in
hci_uart_tty_ioctl() between HCIUARTSETPROTO and HCIUARTGETPROTO.
This issue bug found by Yu Hao and Weiteng Chen:
BUG: general protection fault in hci_uart_tty_ioctl [1]
The information of C reproducer can also reference the link [2]
Reported-by: Yu Hao <yhao016@ucr.edu>
Closes: https://lore.kernel.org/all/CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g@mail.gmail.com/ [1]
Reported-by: Weiteng Chen <wchen130@ucr.edu>
Closes: https://lore.kernel.org/lkml/CA+UBctDPEvHdkHMwD340=n02rh+jNRJNNQ5LBZNA+Wm4Keh2ow@mail.gmail.com/T/ [2]
Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
---
drivers/bluetooth/hci_ldisc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c
index efdda2c3fce8..a76eb98c0047 100644
--- a/drivers/bluetooth/hci_ldisc.c
+++ b/drivers/bluetooth/hci_ldisc.c
@@ -770,7 +770,8 @@ static int hci_uart_tty_ioctl(struct tty_struct *tty, unsigned int cmd,
break;
case HCIUARTGETPROTO:
- if (test_bit(HCI_UART_PROTO_SET, &hu->flags))
+ if (test_bit(HCI_UART_PROTO_SET, &hu->flags) &&
+ test_bit(HCI_UART_PROTO_READY, &hu->flags))
err = hu->proto->id;
else
err = -EUNATCH;
--
2.35.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH] Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO
@ 2023-07-10 7:07 Lee, Chun-Yi
0 siblings, 0 replies; 6+ messages in thread
From: Lee, Chun-Yi @ 2023-07-10 7:07 UTC (permalink / raw)
To: Marcel Holtmann, Johan Hedberg
Cc: linux-bluetooth, linux-kernel, Yu Hao, Lee, Chun-Yi
This patch adds code to check HCI_UART_PROTO_READY flag before
accessing hci_uart->proto. It fixs the race condition in
hci_uart_tty_ioctl() between HCIUARTSETPROTO and HCIUARTGETPROTO.
This issue bug found by Yu Hao and Weiteng Chen:
BUG: general protection fault in hci_uart_tty_ioctl
https://lore.kernel.org/all/CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g@mail.gmail.com/
The information of C reproducer can also reference here:
https://lore.kernel.org/lkml/CA+UBctDPEvHdkHMwD340=n02rh+jNRJNNQ5LBZNA+Wm4Keh2ow@mail.gmail.com/T/
Reported-by: Weiteng Chen <wchen130@ucr.edu>
Reported-by: Yu Hao <yhao016@ucr.edu>
Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
---
drivers/bluetooth/hci_ldisc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c
index efdda2c3fce8..a76eb98c0047 100644
--- a/drivers/bluetooth/hci_ldisc.c
+++ b/drivers/bluetooth/hci_ldisc.c
@@ -770,7 +770,8 @@ static int hci_uart_tty_ioctl(struct tty_struct *tty, unsigned int cmd,
break;
case HCIUARTGETPROTO:
- if (test_bit(HCI_UART_PROTO_SET, &hu->flags))
+ if (test_bit(HCI_UART_PROTO_SET, &hu->flags) &&
+ test_bit(HCI_UART_PROTO_READY, &hu->flags))
err = hu->proto->id;
else
err = -EUNATCH;
--
2.35.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-07-14 16:17 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-14 16:08 [PATCH] Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Lee, Chun-Yi
2023-07-14 16:16 ` bluez.test.bot
2023-07-14 16:17 ` [PATCH] " joeyli
-- strict thread matches above, loose matches on Subject: below --
2023-07-10 15:17 Lee, Chun-Yi
2023-07-12 21:20 ` patchwork-bot+bluetooth
2023-07-10 7:07 Lee, Chun-Yi
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.