[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f3ae861f-d030-47c6-9eec-5a197b875e0b@molgen.mpg.de>
Date: Sun, 16 Jun 2024 22:44:46 +0200
From: Paul Menzel <pmenzel@...gen.mpg.de>
To: Edward Adam Davis <eadavis@...com>
Cc: davem@...emloft.net, edumazet@...gle.com, johan.hedberg@...il.com,
kuba@...nel.org, linux-bluetooth@...r.kernel.org,
linux-kernel@...r.kernel.org, luiz.dentz@...il.com,
luiz.von.dentz@...el.com, marcel@...tmann.org, netdev@...r.kernel.org,
pabeni@...hat.com, syzkaller-bugs@...glegroups.com,
william.xuanziyang@...wei.com
Subject: Re: [PATCH] Bluetooth: handle value is too large should not be used
in BIG
Dear Edward,
Thank you for your patch. It’d be nice if you made the commit message
about the action, like:
Bluetooth: Ignore too large handle values in BIG
Am 16.06.24 um 15:21 schrieb Edward Adam Davis:
> hci_le_big_sync_established_evt is necessary to filter out cases where the
> handle value is belone to ida id range, otherwise ida will be erroneously
belone? Is it belonging?
> released in hci_conn_cleanup.
>
> Fixes: 181a42edddf5 ("Bluetooth: Make handle of hci_conn be unique")
> Reported-by: syzbot+b2545b087a01a7319474@...kaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=b2545b087a01a7319474
> Signed-off-by: Edward Adam Davis <eadavis@...com>
> ---
> net/bluetooth/hci_event.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
> index a487f9df8145..eb1d5a2c48ee 100644
> --- a/net/bluetooth/hci_event.c
> +++ b/net/bluetooth/hci_event.c
> @@ -6893,6 +6893,9 @@ static void hci_le_big_sync_established_evt(struct hci_dev *hdev, void *data,
>
> bis = hci_conn_hash_lookup_handle(hdev, handle);
> if (!bis) {
> + if (handle > HCI_CONN_HANDLE_MAX)
> + continue;
> +
Should some debug message be printed?
> bis = hci_conn_add(hdev, ISO_LINK, BDADDR_ANY,
> HCI_ROLE_SLAVE, handle);
> if (IS_ERR(bis))
Kind regards,
Paul
Powered by blists - more mailing lists