Received: by 2002:a5d:9c59:0:0:0:0:0 with SMTP id 25csp2556538iof; Wed, 8 Jun 2022 07:25:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxWfBaTae0CpNddrHIITjSHMgxhUO+IuqDTUfX6pbGNmMRWfjWt0MBN24lHVtOPutVpFg4s X-Received: by 2002:a17:902:c7ca:b0:14f:1636:c8a8 with SMTP id r10-20020a170902c7ca00b0014f1636c8a8mr34158948pla.130.1654698341106; Wed, 08 Jun 2022 07:25:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1654698341; cv=none; d=google.com; s=arc-20160816; b=C2Q3AkRTasYv92n+fc05DjvilrtUTNUGsBhAobNxrGv+lIWEilI+uSIVrTFBORN9py 3LugXUTSJRWO2v3UHrNm+Llu6i9zaZ2zSNMSTMEKr4T7FI9rNiR8WmPH7dX62VyOBKWm oIVUPhX0KAgDKa822SvPdpQiM8/LOhkzCSjuRR+6ni7bwAz7+JvK1C4WHQ2Mk94RPoKQ fnp7oKuVpRit/e9ezhdIv2n/UFxQbJT85fqQDdDJSz97aIdupqT1RahOdi4QqfKh4AyQ bbTuFDkG8v47QCSGdXiG0AI5fNY8N+v+4Ytdpu5prSpBPehG85O0gS/3l2kNDf6IPLkB b/Cg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=lhR71lYlMOWGUbje0Kfp32EFD+XqvSWm4uv8uB0i5Hc=; b=w0sJvtlGrTwIpJsOvsUsAfveVUeAd2lCGDTzIZwQxuKsA5nlzAf7ibJoNzCGwCHM8R w8ruX809PvfHViFCVRYmN2C+V+aaM9ARqnwbSngyUyTaOZVK3dy4ZcV+6jnQCIK+wXcf KfSvqTEcs1QbjWspry+/h0A4Tipwl7jY4nPH1gfxHL4qtry34K1gP94B0jED2cLn7yBs 2szQhxkyu4ufClmHh0x/t3icCkc6e5Rvu8u0asLmPQU1a5IiTVNJSEneuU6Xml694SmM N2Mpo1ufqQtOf0XSnOtlPEJdTH6ERddSpbzk2+4vqBs2oasQjFcD7LSdlqfjLq4PyYJJ 9OUg== ARC-Authentication-Results: i=1; mx.google.com; spf=softfail (google.com: domain of transitioning linux-bluetooth-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id z128-20020a626586000000b004fac4daa16esi5629553pfb.342.2022.06.08.07.25.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Jun 2022 07:25:41 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-bluetooth-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning linux-bluetooth-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 91F2A2AD5FE; Wed, 8 Jun 2022 06:58:47 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240823AbiFHN6o (ORCPT + 99 others); Wed, 8 Jun 2022 09:58:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40238 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240835AbiFHN6l (ORCPT ); Wed, 8 Jun 2022 09:58:41 -0400 X-Greylist: delayed 403 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Wed, 08 Jun 2022 06:58:38 PDT Received: from giacobini.uberspace.de (giacobini.uberspace.de [185.26.156.129]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1557E10F1FD for ; Wed, 8 Jun 2022 06:58:35 -0700 (PDT) Received: (qmail 27567 invoked by uid 990); 8 Jun 2022 13:51:52 -0000 Authentication-Results: giacobini.uberspace.de; auth=pass (plain) From: Soenke Huster To: Marcel Holtmann , Johan Hedberg , Luiz Augusto von Dentz , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: Soenke Huster , linux-bluetooth@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] Bluetooth: RFCOMM: Use skb_trim to trim checksum Date: Wed, 8 Jun 2022 15:51:06 +0200 Message-Id: <20220608135105.146452-1-soenke.huster@eknoes.de> X-Mailer: git-send-email 2.36.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Rspamd-Bar: / X-Rspamd-Report: BAYES_HAM(-2.970374) R_MISSING_CHARSET(0.5) MIME_GOOD(-0.1) MID_CONTAINS_FROM(1) SUSPICIOUS_RECIPS(1.5) X-Rspamd-Score: -0.070374 Received: from unknown (HELO unkown) (::1) by giacobini.uberspace.de (Haraka/2.8.28) with ESMTPSA; Wed, 08 Jun 2022 15:51:52 +0200 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER, RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Use the skb helper instead of direct manipulation. This fixes the following page fault, when connecting my Android phone: BUG: unable to handle page fault for address: ffffed1021de29ff #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page RIP: 0010:rfcomm_run+0x831/0x4040 (net/bluetooth/rfcomm/core.c:1751) Signed-off-by: Soenke Huster --- net/bluetooth/rfcomm/core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c index 7324764384b6..7360e905d045 100644 --- a/net/bluetooth/rfcomm/core.c +++ b/net/bluetooth/rfcomm/core.c @@ -1747,8 +1747,8 @@ static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s, type = __get_type(hdr->ctrl); /* Trim FCS */ - skb->len--; skb->tail--; - fcs = *(u8 *)skb_tail_pointer(skb); + skb_trim(skb, skb->len - 1); + fcs = *(skb->data + skb->len); if (__check_fcs(skb->data, type, fcs)) { BT_ERR("bad checksum in packet"); -- 2.36.1