diff options
author | Oleksandr Suvorov <oleksandr.suvorov@toradex.com> | 2020-04-06 14:40:16 +0300 |
---|---|---|
committer | Oleksandr Suvorov <oleksandr.suvorov@toradex.com> | 2020-04-06 14:41:48 +0300 |
commit | 96fda21809edc7094f0c4d3f46e3ac4d39f7c9f5 (patch) | |
tree | 8a2030d254100efe63a78709dca7f89db9105d0d /crypto/crypto_user.c | |
parent | 25c008952d3a61c9c402126d4ba7424ef8132f90 (diff) |
Bluetooth: Fix possible NULL pointer dereference
Backport of the upstreamed and not merged patch [1].
It fixes the crash like [2].
If we disconnect a device before completing the connection, connection
will no longer be available in connection list, thus conn will be NULL.
[1] https://www.spinics.net/lists/linux-bluetooth/msg70764.html
[2]
[ 4960.112410] Unable to handle kernel NULL pointer dereference at virtual address 0000001a
[ 4961.120795] Mem abort info:
[ 4961.128933] Exception class = DABT (current EL), IL = 32 bits
[ 4961.140189] SET = 0, FnV = 0
[ 4961.148719] EA = 0, S1PTW = 0
[ 4961.157065] Data abort info:
[ 4961.165047] ISV = 0, ISS = 0x00000004
[ 4961.173975] CM = 0, WnR = 0
[ 4961.181934] user pgtable: 4k pages, 48-bit VAs, pgd = ffff80084f467000
[ 4961.193579] [000000000000001a] *pgd=0000000000000000
[ 4961.201942] Internal error: Oops: 96000004 [#1] PREEMPT SMP
[ 4961.210271] Modules linked in: veth xt_nat xt_tcpudp ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack libcrc32c br_netfilter bridge stp overlay crc32_ce crct10dif_ce mwifiex_pcie mwifiex cdc_acm galcore(O)
[ 4961.255701] Process kworker/u13:0 (pid: 12632, stack limit = 0xffff00002e5e8000)
[ 4961.268662] CPU: 3 PID: 12632 Comm: kworker/u13:0 Tainted: G O 4.14.159-4.0.0-devel+git.fff496c2a1bd #1
[ 4961.284881] Hardware name: Toradex Apalis iMX8QM/QP on Apalis Evaluation Board (DT)
[ 4961.298330] Workqueue: hci0 hci_rx_work
[ 4961.307903] task: ffff80084faa8d80 task.stack: ffff00002e5e8000
[ 4961.319611] PC is at hci_connect_le_scan_cleanup+0x14/0x128
[ 4961.330986] LR is at create_le_conn_complete+0xec/0x108
Signed-off-by: Thomas Gagneret <tgagneret@xxxxxxxxxxx>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
Diffstat (limited to 'crypto/crypto_user.c')
0 files changed, 0 insertions, 0 deletions