| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AM9PR04MB8603471C0C4BF61CC3AA3BF5E7D5A@AM9PR04MB8603.eurprd04.prod.outlook.com>
Date: Wed, 18 Oct 2023 15:36:58 +0000
From: Neeraj sanjay kale <neeraj.sanjaykale@....com>
To: Marcel Ziswiler <marcel@...wiler.com>,
"linux-bluetooth@...r.kernel.org" <linux-bluetooth@...r.kernel.org>
CC: Sherry Sun <sherry.sun@....com>,
Johan Hedberg <johan.hedberg@...il.com>,
Luiz Augusto von Dentz <luiz.dentz@...il.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Marcel Holtmann <marcel@...tmann.org>,
Marcel Ziswiler <marcel.ziswiler@...adex.com>,
Amitkumar Karwar <amitkumar.karwar@....com>,
Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>
Subject: RE: [PATCH v1 1/2] Bluetooth: btnxpuart: Fix btnxpuart_close
Hi Marcel,
Thank you for your patch.
> From: Marcel Ziswiler <marcel@...wiler.com>
> Sent: Wednesday, October 18, 2023 8:26 PM
> To: linux-bluetooth@...r.kernel.org
> Cc: Sherry Sun <sherry.sun@....com>; Johan Hedberg
> <johan.hedberg@...il.com>; Luiz Augusto von Dentz
> <luiz.dentz@...il.com>; Neeraj sanjay kale <neeraj.sanjaykale@....com>;
> linux-kernel@...r.kernel.org; Marcel Holtmann <marcel@...tmann.org>;
> Marcel Ziswiler <marcel.ziswiler@...adex.com>; Amitkumar Karwar
> <amitkumar.karwar@....com>; Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>
> Subject: [PATCH v1 1/2] Bluetooth: btnxpuart: Fix btnxpuart_close
>
> From: Marcel Ziswiler <marcel.ziswiler@...adex.com>
>
> Unfortunately, btnxpuart_close() may trigger a BUG: scheduling while atomic.
> Fix this by properly purging the transmit queue and freeing the receive skb.
>
> Fixes: 689ca16e5232 ("Bluetooth: NXP: Add protocol support for NXP
> Bluetooth chipsets")
>
> Signed-off-by: Marcel Ziswiler <marcel.ziswiler@...adex.com>
> ---
>
> drivers/bluetooth/btnxpuart.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/bluetooth/btnxpuart.c b/drivers/bluetooth/btnxpuart.c
> index b7e66b7ac570..9cb7529eef09 100644
> --- a/drivers/bluetooth/btnxpuart.c
> +++ b/drivers/bluetooth/btnxpuart.c
> @@ -1234,6 +1234,9 @@ static int btnxpuart_close(struct hci_dev *hdev)
>
> ps_wakeup(nxpdev);
> serdev_device_close(nxpdev->serdev);
> + skb_queue_purge(&nxpdev->txq);
> + kfree_skb(nxpdev->rx_skb);
> + nxpdev->rx_skb = NULL;
> clear_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
> return 0;
> }
This is already done in btnxpuart_flush(), which is called by hci_dev_close_sync(), before it calls btnxpuart_close().
Is btnxpuart_flush() not called during your testing?
Thanks,
Neeraj
Powered by blists - more mailing lists