Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp1335116pxb;
        Thu, 21 Oct 2021 21:49:36 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzTAE2FXKb5Ym3DsdREPNs5KgtSw1oFey/ABpJ4LDfrYkBDTO9OTyUyvZrZ1VE0tMV3joYv
X-Received: by 2002:a17:90b:3e86:: with SMTP id rj6mr11775386pjb.78.1634878176717;
        Thu, 21 Oct 2021 21:49:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1634878176; cv=none;
        d=google.com; s=arc-20160816;
        b=R18RJytzA+9fP0d8/jYliGF6Ps6u3JVG/YUXHWJaQLUI7dCWZkyjTtoozOJl1v5ndo
         H2MzGekUcQ+7M6XtvIvJ/7Z8YPebHlblloZy9Tqfq40GFRRgQxfJJGM1YbzlJYwHpsvk
         3dK9rOhHNlWwG/lULBi9IyubWJlSi6fFuqPgLTmR9Y/ZhuwFDyRTOA0FgOlkBvdq63Xc
         sv3p2GCXWv3JA25Ko5Zs4QhL9TQA+H9c/8CD8MHuQ6qdx/ctcNlxyBonqNE+4eSkfdaX
         W7D8TmGXqcd8Lg04BRKU/EyX623SOKB1B0dfr9/mutV7SciGK0HIHOixNcF5Sq86vlq2
         WCZg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:to:references:message-id
         :content-transfer-encoding:cc:date:in-reply-to:from:subject
         :mime-version;
        bh=Vz+qsrsoUn1ON3HuVcXXce4n/qaPG/6y5JhpMKFfSzA=;
        b=nNeIduy3X4UWS2LZI3sFNFb8hMnSWGmVbP7ITlhh/k0Zg7HvxZ1YhtdLWOG480nwqz
         UlSEYXIy9zQLaSiw3OrOO6oHpdYmmxIMM8faC/7RiPZHJbGQGDyvUHWSyE4mwHVKqBQH
         Z6m+YUJyaGH/wZmj9RQpSLbBUsyVgKFnpNU65K0xHTwA2CTHYvhBFr4HZOgLuQi85t8M
         ix20waaQ2PWdP5rL1odeHZnlWSHq8a34AuOOtp10dGVt1C375AQ8FUqSW27kf2W6HQKA
         07i6foIYKl1iIAyhyVy9NMgbsqkFp8jPLLeIu5+TsFWjIKWq3svNhLjpHtrfCOZekwtg
         jcbg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org
Return-Path: <linux-bluetooth-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id 15si13862816pjt.0.2021.10.21.21.49.22;
        Thu, 21 Oct 2021 21:49:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231185AbhJVEvK (ORCPT <rfc822;linux.lists.archive@gmail.com>
        + 99 others); Fri, 22 Oct 2021 00:51:10 -0400
Received: from coyote.holtmann.net ([212.227.132.17]:50886 "EHLO
        mail.holtmann.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229957AbhJVEvG (ORCPT
        <rfc822;linux-bluetooth@vger.kernel.org>);
        Fri, 22 Oct 2021 00:51:06 -0400
Received: from smtpclient.apple (p54899aa7.dip0.t-ipconnect.de [84.137.154.167])
        by mail.holtmann.org (Postfix) with ESMTPSA id B8669CED3E;
        Fri, 22 Oct 2021 06:48:47 +0200 (CEST)
Content-Type: text/plain;
        charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Subject: Re: [PATCH] Bluetooth: cmtp: fix possible panic when
 cmtp_init_sockets() fails
From:   Marcel Holtmann <marcel@holtmann.org>
In-Reply-To: <20211022034417.766659-1-wanghai38@huawei.com>
Date:   Fri, 22 Oct 2021 06:48:47 +0200
Cc:     Karsten Keil <isdn@linux-pingi.de>,
        Johan Hedberg <johan.hedberg@gmail.com>,
        Luiz Augusto von Dentz <luiz.dentz@gmail.com>,
        "David S. Miller" <davem@davemloft.net>,
        Jakub Kicinski <kuba@kernel.org>,
        Thadeu Lima de Souza Cascardo <cascardo@canonical.com>,
        "open list:NETWORKING [GENERAL]" <netdev@vger.kernel.org>,
        linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org
Content-Transfer-Encoding: 7bit
Message-Id: <9D8B1F5B-8EFE-40CB-BC85-F6EC3483CC61@holtmann.org>
References: <20211022034417.766659-1-wanghai38@huawei.com>
To:     Wang Hai <wanghai38@huawei.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

Hi Wang,

> I got a kernel BUG report when doing fault injection test:
> 
> ------------[ cut here ]------------
> kernel BUG at lib/list_debug.c:45!
> ...
> RIP: 0010:__list_del_entry_valid.cold+0x12/0x4d
> ...
> Call Trace:
> proto_unregister+0x83/0x220
> cmtp_cleanup_sockets+0x37/0x40 [cmtp]
> cmtp_exit+0xe/0x1f [cmtp]
> do_syscall_64+0x35/0xb0
> entry_SYSCALL_64_after_hwframe+0x44/0xae
> 
> If cmtp_init_sockets() in cmtp_init() fails, cmtp_init() still returns
> success. This will cause a kernel bug when accessing uncreated ctmp
> related data when the module exits.
> 
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Reported-by: Hulk Robot <hulkci@huawei.com>
> Signed-off-by: Wang Hai <wanghai38@huawei.com>
> ---
> net/bluetooth/cmtp/core.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/net/bluetooth/cmtp/core.c b/net/bluetooth/cmtp/core.c
> index 0a2d78e811cf..ccf48f50afdf 100644
> --- a/net/bluetooth/cmtp/core.c
> +++ b/net/bluetooth/cmtp/core.c
> @@ -499,11 +499,13 @@ int cmtp_get_conninfo(struct cmtp_conninfo *ci)
> 
> static int __init cmtp_init(void)
> {
> +	int err;
> +
> 	BT_INFO("CMTP (CAPI Emulation) ver %s", VERSION);
> 
> -	cmtp_init_sockets();
> +	err = cmtp_init_sockets();
> 
> -	return 0;
> +	return err;
> }

just do return cmtp_init_sockets();

Regards

Marcel