Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3047591pxf;
        Sun, 21 Mar 2021 16:59:44 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwtbMmnxXDgqri5hVYHlcyHV+L0YH81nq9HBfjUahOPT6XCGWD0Qz3LiMtjUwtJ1Z9VOfbD
X-Received: by 2002:a17:906:4146:: with SMTP id l6mr16860520ejk.295.1616371184090;
        Sun, 21 Mar 2021 16:59:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1616371184; cv=none;
        d=google.com; s=arc-20160816;
        b=iTZrS2vNfzkBcBhDB7/yeyqts6Wg1H8cVb2+sZ6it49tvDp7WiXiz4DzxgUxpF3XOw
         ZsYe2vvw1YWjLLGfVCEWfJw0tiuxATbBmRbO+PRhwMQzxw5fBkVnSIWUZHBZzCd4KyKA
         cRTXGBNHkyLk/QcMktXFDc+7zM/LQJ1vRYnTB1oO/ZJ9tlySjFxof7aYkQK/QhLibg5G
         biE/K1+usapFpegillY8UWctS/NDL6C6ag8s1LYg4KyHiAnltPyNOMdVfhpkjmBoBgLr
         NitM1vnSSjDJA0BInFWTZU83YZ4lZOSf3qdmuBaAj+ewmiVGjyV7Sm7duqRPoL/mhe+H
         zpug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:cc:to:subject
         :message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=B74youK00+gi/xqfb9oTzK7xl7IAxaoNJNt8Y8fsLdA=;
        b=V/6Qtm3Zn2LGynSC9zAA4pR14UEpnvNwf+bre/LG5uB5v2p/GDvnvHVwMFa1eIF9Gz
         VlufQjxNj9fbhPphjUxW6TzbC3ZDb8t8iH1OkBIiIeK2to/NOZeXcCOZT67sCjovdRP8
         z0LAo0u9ovHTnXd1Nl9AjwJSUs4+WtUyYnS7xJUiEMvRfsjHFcC2bwJoPBdeac9KyqH7
         ECNms2u5A+SlbeTJ/wyyWWEndhS+xT4vm3T/OlWRs5Zp/BwE8xpQTsYaO9QO3t/VhsiB
         /QaKLF4uJfmi61nk5/7mopa3v1QFd6ij+mej0hCaH4jDXHcAPtj94jtvJ4wnTcEsYHM2
         k3mA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=Oo9j9TVY;
       spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-bluetooth-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id a9si9656208edr.332.2021.03.21.16.59.21;
        Sun, 21 Mar 2021 16:59:44 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=Oo9j9TVY;
       spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231182AbhCUXXf (ORCPT <rfc822;mafaneh@gmail.com> + 99 others);
        Sun, 21 Mar 2021 19:23:35 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52320 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230248AbhCUXXQ (ORCPT
        <rfc822;linux-bluetooth@vger.kernel.org>);
        Sun, 21 Mar 2021 19:23:16 -0400
Received: from mail-ot1-x331.google.com (mail-ot1-x331.google.com [IPv6:2607:f8b0:4864:20::331])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6E26BC061574;
        Sun, 21 Mar 2021 16:23:15 -0700 (PDT)
Received: by mail-ot1-x331.google.com with SMTP id f73-20020a9d03cf0000b02901b4d889bce0so14166736otf.12;
        Sun, 21 Mar 2021 16:23:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=B74youK00+gi/xqfb9oTzK7xl7IAxaoNJNt8Y8fsLdA=;
        b=Oo9j9TVYePGcOsh5RNcAkOrsfmfAXZeTZ+2cu/SkCOQt0g17TN9WI55JwKz/x5hP53
         JLnHSeoeRhJmeoECSq5eGWV5Pg5ZUMwGZ+D3byoJvLa/a+42uLOkeOjeK+ciPdhyaJm8
         pgAFSrF02ryJM+nMrd+gn8eZg5DEtPXKhopx7HdncZC387ZrREsB0u+lFpGGAPaoO9xk
         GSxNsTE/ZSf/MXs1eTXCZVg3dT/RoJgF/svkgXxMSiDdXF9GUEhyBkFv0tGjDUcArBeH
         EK2m/ySAyWNnoQCJnfCFb8Pigyc8G27ncec5HlBY6aCkQNz7tORkLLs2XFA0ieDacatk
         kcyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=B74youK00+gi/xqfb9oTzK7xl7IAxaoNJNt8Y8fsLdA=;
        b=YBB9BkQutX4QNphCulmrU88bhK4/TVaLfqxox0jJpSVKqAOqlAtg+E5trof/bOxbqR
         0+IMyM8J9tcFS8Ej/WnVDE8cff2u8WaG/oQ+Z0fa9PMnj7uGX3HFizFeujvhi5C6rFBp
         fWWru2yhdP5P1zbDWG6BR0jTdC6FLdMtJviDuDEUEq1ux48uWLXfRuQJh6xB+OFiuueA
         xJaw6H35+knOkhpwOT71bzIizJaRSA7cMcv+r71MY2F1xcSZy9fC52vLHuoRl/T89eHQ
         XCz87tW+8LlxvTKoqYdemnHBYsK/pOZ4rEWhV2cO8yKITmVvbtcGy4NElfQUNDb1GB4V
         x7iQ==
X-Gm-Message-State: AOAM533hORF3VLvIxsx+S4scVbqPvPBc157X7AD5Gb3KkcrJ5GNAbM72
        sqZQS9iZsRq+u9tjbQ+Jq/SbnSmr7dqbux5Cmgg=
X-Received: by 2002:a9d:6949:: with SMTP id p9mr9445538oto.252.1616368994696;
 Sun, 21 Mar 2021 16:23:14 -0700 (PDT)
MIME-Version: 1.0
References: <13aed72.61c7.17853a6a5cd.Coremail.linma@zju.edu.cn> <CABBYNZKwHEXK680Xz+W=2qXdkO2eEzTBu38Hc=5DaxggkaTSsg@mail.gmail.com>
In-Reply-To: <CABBYNZKwHEXK680Xz+W=2qXdkO2eEzTBu38Hc=5DaxggkaTSsg@mail.gmail.com>
From:   Emil Lenngren <emil.lenngren@gmail.com>
Date:   Mon, 22 Mar 2021 00:23:05 +0100
Message-ID: <CAO1O6sfdpWzULj_Yj1s_GTFiLaZFFjrrj_0RPAVe1hyk3uuSsg@mail.gmail.com>
Subject: Re: BUG: Out of bounds read in hci_le_ext_adv_report_evt()
To:     Luiz Augusto von Dentz <luiz.dentz@gmail.com>
Cc:     =?UTF-8?B?6ams6bqf?= <linma@zju.edu.cn>,
        Marcel Holtmann <marcel@holtmann.org>,
        Johan Hedberg <johan.hedberg@gmail.com>,
        David Miller <davem@davemloft.net>,
        Jakub Kicinski <kuba@kernel.org>,
        "linux-bluetooth@vger.kernel.org" <linux-bluetooth@vger.kernel.org>,
        "open list:NETWORKING [GENERAL]" <netdev@vger.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        yajin_zhou@zju.edu.cn, syzkaller@googlegroups.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

Hi,

Den m=C3=A5n 22 mars 2021 kl 00:01 skrev Luiz Augusto von Dentz
<luiz.dentz@gmail.com>:
> Or we do something like
> https://lore.kernel.org/linux-bluetooth/20201024002251.1389267-1-luiz.den=
tz@gmail.com/,
> that said the reason we didn't applied my patches was that the
> controller would be the one generating invalid data, but it seems you
> are reproducing with vhci controller which is only used for emulating
> a controller and requires root privileges so it is unlikely these
> conditions would happens with hardware itself, in the other hand as
> there seems to be more and more reports using vhci to emulate broken
> events it perhaps more productive to introduce proper checks for all
> events so we don't have to deal with more reports like this in the
> future.

Keep in mind that when using the H4 uart protocol without any error
correction (as H5 has), it is possible that random bit errors occur on
the wire. I wouldn't like my kernel to crash due to this. Bit errors
happen all the time on RPi 4 for example at the default baud rate if
you just do some heavy stress testing, or use an application that
transfers a lot of data over Bluetooth.

/Emil