Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp588001rdg; Tue, 10 Oct 2023 22:15:34 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH2rihxRSglfTfVGRvOZEPAkranJX/+g/jMMMrpTLma/uT00DgI6TvWQY7OPDHdPu3qsmsN X-Received: by 2002:a25:cf10:0:b0:d9a:4870:7943 with SMTP id f16-20020a25cf10000000b00d9a48707943mr5576503ybg.28.1697001334505; Tue, 10 Oct 2023 22:15:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697001334; cv=none; d=google.com; s=arc-20160816; b=k0T1daoogArCzJHoMUJsKVEc3dzGoQ2uyBIf56wpw9Qcgn3S2rAS9XylqIYKwPZlY5 O3PuFYyzvHorcvt3C38ZqZCWw4jY+eVAFubZsceoF7P+Bla8FwYY5RQ740QOHAM2psuf pdL2Wdp+J7JkKlJ8N8DC56GLtttZcEeX1r0epjFcv3qE8gxcdm2SG5Zx9r5LQAHbPtuZ 8wxGpM7b/FzyeVPlT8kDtHI06IJSWR03pL8DbmuRH0y1QBEngpmH4SKsrDoR+DI1w33G oY4XQk18E+ZU3lPhvpW66Ky5icKBEFoiHKmG4U779b98Q6SGCkM9SjQKX2PSBDs9s8UO 2u1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=GHLxUJ0loRJ9r4GOSYvf9jItgsWbOtM0fRl1SM8P5Xc=; fh=oTxXRtGz+f5HLQykdve6KHvEZjJFm7Hdvw7MuDLrwWw=; b=fUgIrJsSQO6o7ZCqw4m4RPjwQVJBVSnjkPYEBQXGqC2UzYBTOMVP+REpMk8jrPVItA tDE74XVW9JRoe+LBVb22IWHsqcSYzOiNOxJYAlAOacsnOWzpMDP1r3HyOFxELSVkgSrk 6cbgocUmqKWRbMT99dhwacbYOvsC30/0NmYy19BFJfxB87YiiMsEwfSg1OjoyhLM1q00 A+ZKFEWySjfuetceDU9ApBvsCdzhaQd8cYb3NoU77s+YLYD9h+pvjlRiQnIyxsy1HyrQ zYC0Xd7AoH2EmtYy4MK2dWQhZj/FSBYrc53+yKP80W7zfVvO4waJhGFTQL0ntTzCs+hr eCLQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@126.com header.s=s110527 header.b=fopABb1Q; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=126.com Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id s20-20020a656454000000b00584e731e7fbsi13569950pgv.280.2023.10.10.22.15.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Oct 2023 22:15:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@126.com header.s=s110527 header.b=fopABb1Q; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=126.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id B871680279E9; Tue, 10 Oct 2023 22:15:13 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229534AbjJKFPM (ORCPT + 99 others); Wed, 11 Oct 2023 01:15:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59636 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229723AbjJKFPM (ORCPT ); Wed, 11 Oct 2023 01:15:12 -0400 Received: from m15.mail.126.com (m15.mail.126.com [45.254.50.224]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 197D994; Tue, 10 Oct 2023 22:15:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=126.com; s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=GHLxU J0loRJ9r4GOSYvf9jItgsWbOtM0fRl1SM8P5Xc=; b=fopABb1QbIDfE2q69USNZ dolsvhrO6qh3g34qtWLxJ6+iwjCbDKTaflpBLikA8Qesv6rMxlo6LrhTwad+KveZ gKPzHTf7hy7e3H8j3PgJczPnUa4COXfyewzfP+TVDPp//4lw3H1qQMeSEJUAUGbu lLRhhJFn4QK9HmDtnT3Kwc= Received: from king.lan (unknown [103.163.180.22]) by zwqz-smtp-mta-g0-0 (Coremail) with SMTP id _____wDnDyFKLyZlE7idBg--.360S2; Wed, 11 Oct 2023 13:14:51 +0800 (CST) From: wangyouwan@126.com To: marcel@holtmann.org Cc: linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, youwan Wang Subject: [PATCH] Bluetooth: btusb: Add date->evt_skb is NULL check Date: Wed, 11 Oct 2023 13:14:47 +0800 Message-Id: <20231011051447.92581-1-wangyouwan@126.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CM-TRANSID: _____wDnDyFKLyZlE7idBg--.360S2 X-Coremail-Antispam: 1Uf129KBjvJXoWxGr4kXFy7Cr47GFyUtF15XFb_yoW5AFW3pr 1rt3WDCF4kW3yUJr15XF18Aw4UXr42vFy5Jr9rZr45XFy3Ka1DJa4xJrWUKr1DGr4agw13 ta4kJw10gw1DGaUanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0zidb15UUUUU= X-Originating-IP: [103.163.180.22] X-CM-SenderInfo: 5zdqw5prxzt0a6rslhhfrp/1tbidxAGFVpD3-acQAAAsY X-Spam-Status: No, score=3.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_SBL_CSS, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Tue, 10 Oct 2023 22:15:14 -0700 (PDT) X-Spam-Level: ** From: youwan Wang fix crash because of null pointers [ 6104.969662] BUG: kernel NULL pointer dereference, address: 00000000000000c8 [ 6104.969667] #PF: supervisor read access in kernel mode [ 6104.969668] #PF: error_code(0x0000) - not-present page [ 6104.969670] PGD 0 P4D 0 [ 6104.969673] Oops: 0000 [#1] SMP NOPTI [ 6104.969684] RIP: 0010:btusb_mtk_hci_wmt_sync+0x144/0x220 [btusb] [ 6104.969688] RSP: 0018:ffffb8d681533d48 EFLAGS: 00010246 [ 6104.969689] RAX: 0000000000000000 RBX: ffff8ad560bb2000 RCX: 0000000000000006 [ 6104.969691] RDX: 0000000000000000 RSI: ffffb8d681533d08 RDI: 0000000000000000 [ 6104.969692] RBP: ffffb8d681533d70 R08: 0000000000000001 R09: 0000000000000001 [ 6104.969694] R10: 0000000000000001 R11: 00000000fa83b2da R12: ffff8ad461d1d7c0 [ 6104.969695] R13: 0000000000000000 R14: ffff8ad459618c18 R15: ffffb8d681533d90 [ 6104.969697] FS: 00007f5a1cab9d40(0000) GS:ffff8ad578200000(0000) knlGS:00000 [ 6104.969699] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6104.969700] CR2: 00000000000000c8 CR3: 000000018620c001 CR4: 0000000000760ef0 [ 6104.969701] PKRU: 55555554 [ 6104.969702] Call Trace: [ 6104.969708] btusb_mtk_shutdown+0x44/0x80 [btusb] [ 6104.969732] hci_dev_do_close+0x470/0x5c0 [bluetooth] [ 6104.969748] hci_rfkill_set_block+0x56/0xa0 [bluetooth] [ 6104.969753] rfkill_set_block+0x92/0x160 [ 6104.969755] rfkill_fop_write+0x136/0x1e0 [ 6104.969759] __vfs_write+0x18/0x40 [ 6104.969761] vfs_write+0xdf/0x1c0 [ 6104.969763] ksys_write+0xb1/0xe0 [ 6104.969765] __x64_sys_write+0x1a/0x20 [ 6104.969769] do_syscall_64+0x51/0x180 [ 6104.969771] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 6104.969773] RIP: 0033:0x7f5a21f18fef [ 6104.9] RSP: 002b:00007ffeefe39010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 6104.969780] RAX: ffffffffffffffda RBX: 000055c10a7560a0 RCX: 00007f5a21f18fef [ 6104.969781] RDX: 0000000000000008 RSI: 00007ffeefe39060 RDI: 0000000000000012 [ 6104.969782] RBP: 00007ffeefe39060 R08: 0000000000000000 R09: 0000000000000017 [ 6104.969784] R10: 00007ffeefe38d97 R11: 0000000000000293 R12: 0000000000000002 [ 6104.969785] R13: 00007ffeefe39220 R14: 00007ffeefe391a0 R15: 000055c10a72acf0 Signed-off-by: youwan Wang --- drivers/bluetooth/btusb.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 3fdad35e5e1d..d793dcd06687 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -2824,6 +2824,9 @@ static int btusb_mtk_hci_wmt_sync(struct hci_dev *hdev, goto err_free_wc; } + if (data->evt_skb == NULL) + goto err_free_wc; + /* Parse and handle the return WMT event */ wmt_evt = (struct btmtk_hci_wmt_evt *)data->evt_skb->data; if (wmt_evt->whdr.op != hdr->op) { -- 2.25.1