Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4019503imu; Sat, 19 Jan 2019 00:20:46 -0800 (PST) X-Google-Smtp-Source: ALg8bN67QqCaIl7tomGAzlwkJCah8yp6b+Fq1RJsNZvioJv/pMU4PLQF45Fj3CzBj7uhtRKWI5hd X-Received: by 2002:aa7:810c:: with SMTP id b12mr22381374pfi.44.1547886046442; Sat, 19 Jan 2019 00:20:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547886046; cv=none; d=google.com; s=arc-20160816; b=HOJQ9GQI8ob9/SvNlsrT0QK+ByKjUPnRB+pfbJuqiDFhfcHBBfbLFG5Nu2DTeGggV3 n1/IV9HJLGb/SOPT4by6pApX/0aBXKHFpl+wpifuaMMKl54AR/YiQVjEZ4kFd/GJBMJA 9N2Jg5jy2tA6nmURq6k1uqxAmbFQTmBPTGWD7Ko9Xcc8u/zRhlw4YANpDcGkLROGHGYf z7hZoChdgQmPt53dQO/GL/ta5iRUw63ytC82vaUr6YXhilu9h3YestsRjWhr4mu41m4z biRlCb9iy/fxIxUZJApNt0JAETsaHDA4bGWrUa6hibVarPN43f8FzSKZ4HGAeOsANB64 b/cg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=1EcKwu0GULlC0nUFpv4OivQZC0RXDycgG3OU8afRkfQ=; b=O0nZMnN4cuZ+14OvebBZW6ta+pV+4ednzrUj/6cHhMhKa//UASg9E5VVViQ9+/+pr8 Yrk6NUtH3TpanTvIhSEA6ysIPj6gr36LcrDHiEH5tMu0Hm3X50RUIErpgtxzx7yX0D/2 Sih67/coICLpeaqPelGxMYDgIf9dtsxAgy7teyUVAT1jz8pa+T9dvDpH05WgIbJp6duc ZoIMl6+Lfyw/+6Rzfv0OKD91QyrEvF3pZvZYbPgDVvBsTU12VlTixhYXm+ymRT0RZae4 yBsaS1nFmeNJZsnYKXilEJQefn84wm/Rv+u9cEPt0Dbnh3l0lagC/F2i+gfgeXvPRFxT Bnsw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=UQ4YNOd4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d8si5146049pgh.505.2019.01.19.00.20.30; Sat, 19 Jan 2019 00:20:46 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=UQ4YNOd4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727663AbfASITZ (ORCPT + 99 others); Sat, 19 Jan 2019 03:19:25 -0500 Received: from mail-pl1-f195.google.com ([209.85.214.195]:42530 "EHLO mail-pl1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725910AbfASITY (ORCPT ); Sat, 19 Jan 2019 03:19:24 -0500 Received: by mail-pl1-f195.google.com with SMTP id y1so7377431plp.9; Sat, 19 Jan 2019 00:19:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=1EcKwu0GULlC0nUFpv4OivQZC0RXDycgG3OU8afRkfQ=; b=UQ4YNOd4MeTNchhYMFv4RmhnbNMhJ0yWIsQUl+7y3m6YN8YYQDkgWx9BJnuBCh6Qcg jpWn6auLM3jBy1lM4WHvImLdGRoLJDqqlkR+XJXxVDetLswG2WUHkKnqhfmQxaxGhj7Q /FBTzRsGV+u2c0ZzmS35nwcFX3qc/07PDJRLDKC/oBBynD9KhnQxRNCw4ZexttkjQ8nu g01kKkQN5XQd1k6M03amDZrdZQIhmc2IerhQzfyeDm5PoP5InDJga8cJfAwCMEMOKVqV v3BSj4i264w+Ck0sMLTwZc6jBgw9wFtHeC4cFv1ZVEp2ki9EdFMXuF7I0i3l8A+ABrPN LsAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=1EcKwu0GULlC0nUFpv4OivQZC0RXDycgG3OU8afRkfQ=; b=YTSnRHg4OA9i/lhwvovJAwoSJeidg8ee4EDWRvmqjLHN6QFO9cxukIB1i3iaXgQp+g RDKjXKmpYsjmXs5FI3G9ZnUQSS+09rbRHkJysC7NCwfaaGovuwPXa6cjc0dw/ksv5CdY h+vBxD2W7Iy97HJPz3zj+I7zAiRL7Mo57WdhmSdjyMT308wmn1gk8gJedjNIeHrmMdJ2 RPSGFTG+xhCDm752ZP2FmF5HNmNC406xIx3VEWph9WgR7Dod14gGGkrefHPGv2HhFseA nKEmH7lBT69hd+hExjMxPdxRO8sLtMWmEnQBm7fw+9bJIbMUTZ+lF9w+5h5nOWr1Duoq js1Q== X-Gm-Message-State: AJcUukcnFt+vKlDCAsI4YX3f/9xP6Tx0jMJS/nUduLas2MadF4IQWFGz yS/4Zj55Nt33gcKh8392Pdk= X-Received: by 2002:a17:902:8a95:: with SMTP id p21mr22592166plo.183.1547885963812; Sat, 19 Jan 2019 00:19:23 -0800 (PST) Received: from myunghoj-Precision-5530 (cpe-76-176-3-80.san.res.rr.com. [76.176.3.80]) by smtp.gmail.com with ESMTPSA id w10sm8253029pgi.81.2019.01.19.00.19.22 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 19 Jan 2019 00:19:23 -0800 (PST) Date: Sat, 19 Jan 2019 00:19:20 -0800 From: Myungho Jung To: Marcel Holtmann Cc: Johan Hedberg , linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] Bluetooth: hci_uart: Add a local variable to store the result of h4_recv_buf() Message-ID: <20190119081919.GA10681@myunghoj-Precision-5530> References: <20190111065514.GA26542@myunghoj-Precision-5530> <09FCB21A-2184-4CDB-8BF0-75C403DF39F9@holtmann.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <09FCB21A-2184-4CDB-8BF0-75C403DF39F9@holtmann.org> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jan 18, 2019 at 10:19:41AM +0100, Marcel Holtmann wrote: > Hi Myungho, > > > In h4_recv(), if h4_recv_buf() returns error and h4_recv() is > > asynchronously called again before setting rx_skb to NULL, ERR_PTR will > > be dereferenced in h4_recv_buf(). Check return value in a local variable > > before writing to rx_skb. > > > > Reported-by: syzbot+017a32f149406df32703@syzkaller.appspotmail.com > > Signed-off-by: Myungho Jung > > --- > > drivers/bluetooth/hci_h4.c | 11 +++++++---- > > 1 file changed, 7 insertions(+), 4 deletions(-) > > patch has been applied to bluetooth-next tree. > > Can you actually fix all callers of h4_recv_buf since they all suffer from the same issue. > > Regards > > Marcel > Hi Marcel, Sure, let me check other callers and fix them if applicable. Thanks, Myungho