| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <67a5720d.050a0220.2b1e6.0007.GAE@google.com>
Date: Thu, 06 Feb 2025 18:38:05 -0800
From: syzbot <syzbot+b9cff96f1ca33356d180@...kaller.appspotmail.com>
To: linux-kernel@...r.kernel.org
Subject: Re: [syzbot] Re: [syzbot] [bluetooth?] general protection fault in qca_close
For archival purposes, forwarding an incoming command email to
linux-kernel@...r.kernel.org.
***
Subject: Re: [syzbot] [bluetooth?] general protection fault in qca_close
Author: lizhi.xu@...driver.com
if hci register device lose than clear HCI_UART_PROTO_READY bit.
And move closer set bit HCI_UART_PROTO_READY to hci_register_dev, make the window smaller.
#syz test
diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c
index b955dc96b483..d5b97ff59330 100644
--- a/drivers/bluetooth/hci_ldisc.c
+++ b/drivers/bluetooth/hci_ldisc.c
@@ -683,8 +683,10 @@ static int hci_uart_register_dev(struct hci_uart *hu)
if (test_bit(HCI_UART_INIT_PENDING, &hu->hdev_flags))
return 0;
+ set_bit(HCI_UART_PROTO_READY, &hu->flags);
if (hci_register_dev(hdev) < 0) {
BT_ERR("Can't register HCI device");
+ clear_bit(HCI_UART_PROTO_READY, &hu->flags);
hu->proto->close(hu);
hu->hdev = NULL;
hci_free_dev(hdev);
@@ -707,8 +709,6 @@ static int hci_uart_set_proto(struct hci_uart *hu, int id)
hu->proto = p;
- set_bit(HCI_UART_PROTO_READY, &hu->flags);
-
err = hci_uart_register_dev(hu);
if (err) {
return err;
Powered by blists - more mailing lists