Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp1532097iog;
        Tue, 14 Jun 2022 07:55:16 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1ursU1AIl0wcxLoUU900riIii4sePXRP5wxeNmc5GOug5f1ATiYAZMAB1slX1oTFDZZ0TGm
X-Received: by 2002:a17:90a:6284:b0:1df:4595:57af with SMTP id d4-20020a17090a628400b001df459557afmr5000044pjj.188.1655218516550;
        Tue, 14 Jun 2022 07:55:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1655218516; cv=none;
        d=google.com; s=arc-20160816;
        b=E4Ji+Zu6VHUs7GOnkd/y2x4szEilpkRsc4SRoNF5SU4xiQN2+VmoeZTWXElxxe09A/
         qQc3clIRDduUT1UFrVs2kTIE53s0n5tUF9cJ0/xSrkURi6MbkxyFTaAWhzCc9D6/D/zd
         ISCDU5cEPY0XK/tUZk/uaRIlNbEw1EahSP+LRbpfkWjQplsee5fU+RrWZ52Ovwi+6swT
         wjNyY8hSU/mCosIFHOdxzTFT23FO+r4FZCRiLD7bvf/UysXGJL/ZekjZYwsUokGtwvMa
         DYKp23k3gNQBq23iFiM2af+3RO5tNMuVTCBgSFkk9H5V4d/RqCbC4UM6I2skl3Y8jNU6
         cr9A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=tyzAfpFP40QhcruORiT6nJY2vBim91Mc5sVwL164+P4=;
        b=bqb86g3voBp4zN6+BRRXSFnPm1anPRaVQywSxqXep6pIG0IX1tmv6nBNyKxMsquIF2
         n4doAiDvJUCgl5elHmzhEqbCoo7HBw97hc1QgtWIxR/Y2FqBgzLBH0NIYfVd/7FcCPZL
         Tw/ZKBItvBT88u9fMjzf+zVXL6vwut785n3Rq4OmC0wwvmVYVe6kBjz4AnUYMZpASm78
         hJy7GoNRclqOuzejMpsqFh9H7AJziEL3b4r3ViW7kTyDVnyw2iSOPuJQfPoWFoW7mtt4
         KGDbvJ/DRxI3T/AzGvjOwbQdihUgorim4Q2Z83GjTi8vDKZ1i2CKN55YM6Q9opNnKut9
         q5ZA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org
Return-Path: <linux-bluetooth-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id w14-20020a170902e88e00b0015881788556si13887723plg.530.2022.06.14.07.54.49;
        Tue, 14 Jun 2022 07:55:16 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230018AbiFNOxs (ORCPT <rfc822;sandmor1220@gmail.com>
        + 99 others); Tue, 14 Jun 2022 10:53:48 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50674 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1343895AbiFNOx2 (ORCPT
        <rfc822;linux-bluetooth@vger.kernel.org>);
        Tue, 14 Jun 2022 10:53:28 -0400
Received: from giacobini.uberspace.de (giacobini.uberspace.de [185.26.156.129])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2BF0D31DCC
        for <linux-bluetooth@vger.kernel.org>; Tue, 14 Jun 2022 07:53:26 -0700 (PDT)
Received: (qmail 16120 invoked by uid 990); 14 Jun 2022 14:53:24 -0000
Authentication-Results: giacobini.uberspace.de;
        auth=pass (plain)
From:   Soenke Huster <soenke.huster@eknoes.de>
To:     Marcel Holtmann <marcel@holtmann.org>,
        Johan Hedberg <johan.hedberg@gmail.com>,
        Luiz Augusto von Dentz <luiz.dentz@gmail.com>
Cc:     Soenke Huster <soenke.huster@eknoes.de>,
        linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH] Bluetooth: virtio_bt: Use skb_put to set length
Date:   Tue, 14 Jun 2022 16:52:54 +0200
Message-Id: <20220614145253.132230-1-soenke.huster@eknoes.de>
X-Mailer: git-send-email 2.36.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Rspamd-Bar: /
X-Rspamd-Report: BAYES_HAM(-2.923086) R_MISSING_CHARSET(0.5) MIME_GOOD(-0.1) MID_CONTAINS_FROM(1) SUSPICIOUS_RECIPS(1.5)
X-Rspamd-Score: -0.023086
Received: from unknown (HELO unkown) (::1)
        by giacobini.uberspace.de (Haraka/2.8.28) with ESMTPSA; Tue, 14 Jun 2022 16:53:24 +0200
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,
        MSGID_FROM_MTA_HEADER,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,
        T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

By using skb_put we ensure that skb->tail is set
correctly. Currently, skb->tail is always zero, which
leads to errors, such as the following page fault in
rfcomm_recv_frame:

    BUG: unable to handle page fault for address: ffffed1021de29ff
    #PF: supervisor read access in kernel mode
    #PF: error_code(0x0000) - not-present page
    RIP: 0010:rfcomm_run+0x831/0x4040 (net/bluetooth/rfcomm/core.c:1751)

Signed-off-by: Soenke Huster <soenke.huster@eknoes.de>
---
 drivers/bluetooth/virtio_bt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/bluetooth/virtio_bt.c b/drivers/bluetooth/virtio_bt.c
index 67c21263f9e0..fd281d439505 100644
--- a/drivers/bluetooth/virtio_bt.c
+++ b/drivers/bluetooth/virtio_bt.c
@@ -219,7 +219,7 @@ static void virtbt_rx_work(struct work_struct *work)
 	if (!skb)
 		return;
 
-	skb->len = len;
+	skb_put(skb, len);
 	virtbt_rx_handle(vbt, skb);
 
 	if (virtbt_add_inbuf(vbt) < 0)
-- 
2.36.1