leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9cb23dd4b6
linux/drivers/bluetooth
History
Andrei Emeltchenko 9cb23dd4b6 Bluetooth: btmrvl: Fix skb buffer overflow 
Add extra check to avoid skb buffer overflow. Fixes crash below:

 [  101.030427] ------------[ cut here ]------------
 [  101.030459] kernel BUG at net/core/skbuff.c:127!
 [  101.030486] invalid opcode: 0000 [#1] SMP
...
 [  101.030806] Pid: 2010, comm: btmrvl_main_ser Not tainted 3.5.0+ #80 Laptop
 [  101.030859] EIP: 0060:[<c14f2ba9>] EFLAGS: 00010282 CPU: 0
 [  101.030894] EIP is at skb_put+0x99/0xa0
 [  101.030919] EAX: 00000080 EBX: f129380b ECX: ef923540 EDX: 00000001
 [  101.030956] ESI: f00a4000 EDI: 00001003 EBP: ed4a5efc ESP: ed4a5ecc
 [  101.030992]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
 [  101.031024] CR0: 8005003b CR2: 08fca014 CR3: 30960000 CR4: 000407f0
 [  101.031062] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
 [  101.031100] DR6: ffff0ff0 DR7: 00000400
 [  101.031125] Process btmrvl_main_ser (pid: 2010, ti=ed4a4000 task=ef923540 task.ti=ed4a4000)
 [  101.031174] Stack:
 [  101.031188]  c18126f8 c1651938 f853f8d2 00001003 00001003 f1292800 f1292808 f129380b
 [  101.031250]  f1292940 f00a4000 eddb1280 efc0f9c0 ed4a5f44 f853f8d2 00000040 00000000
 [  101.031312]  ef923540 c15ee096 ef923540 eddb12d4 00000004 f00a4000 00000040 00000000
 [  101.031376] Call Trace:
 [  101.031396]  [<f853f8d2>] ? btmrvl_sdio_process_int_status+0x272/0x3d0 [btmrvl_sdio]
 [  101.031444]  [<f853f8d2>] btmrvl_sdio_process_int_status+0x272/0x3d0 [btmrvl_sdio]
 [  101.031488]  [<c15ee096>] ? _raw_spin_unlock_irqrestore+0x36/0x70
 [  101.031526]  [<f85a46e4>] btmrvl_service_main_thread+0x244/0x300 [btmrvl]
 [  101.031568]  [<f853fb50>] ? btmrvl_sdio_poll_card_status.isra.6.constprop.7+0x90/0x90 [btmrvl_sdio]
 [  101.031619]  [<c107eda0>] ? try_to_wake_up+0x270/0x270
 [  101.031648]  [<f85a44a0>] ? btmrvl_process_event+0x3b0/0x3b0 [btmrvl]
 [  101.031686]  [<c106d19d>] kthread+0x7d/0x90
 [  101.031713]  [<c106d120>] ? flush_kthread_work+0x150/0x150
 [  101.031745]  [<c15f5a82>] kernel_thread_helper+0x6/0x10
...
 [  101.032008] EIP: [<c14f2ba9>] skb_put+0x99/0xa0 SS:ESP 0068:ed4a5ecc
 [  101.056125] ---[ end trace a0bd01d1a9a796c8 ]---

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2012-09-28 12:57:18 -03:00
..
ath3k.c Bluetooth: Add support for Sony Vaio T-Series 2012-08-15 01:09:35 -03:00
bcm203x.c Bluetooth: Use devm_kzalloc in bcm203x.c file. 2012-08-06 15:03:00 -03:00
bfusb.c Bluetooth: Use devm_kzalloc in bfusb.c file 2012-08-06 15:03:00 -03:00
bluecard_cs.c Bluetooth: bluecard_cs.c: removes unnecessary semicolon 2012-09-18 22:26:09 -03:00
bpa10x.c Bluetooth: Use devm_kzalloc in bpa10x.c file 2012-08-06 15:03:01 -03:00
bt3c_cs.c Bluetooth: Use devm_kzalloc in bt3c_cs.c file 2012-08-06 15:03:01 -03:00
btmrvl_debugfs.c simple_open: automatically convert to simple_open() 2012-04-05 15:25:50 -07:00
btmrvl_drv.h Bluetooth: btmrvl: Do not send vendor events to bluetooth stack 2012-06-19 00:19:11 -03:00
btmrvl_main.c Bluetooth: btmrvl: trivial style fixes 2012-07-09 09:45:10 -03:00
btmrvl_sdio.c Bluetooth: btmrvl: Fix skb buffer overflow 2012-09-28 12:57:18 -03:00
btmrvl_sdio.h Bluetooth: btmrvl: support Marvell Bluetooth device SD8787 2011-04-13 12:20:05 -03:00
btsdio.c Bluetooth: Use devm_kzalloc in btsdio.c file 2012-08-06 15:03:01 -03:00
btuart_cs.c Bluetooth: btuart_cs.c: removes unnecessary semicolon 2012-09-18 22:27:17 -03:00
btusb.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2012-09-24 14:39:16 -04:00
btwilink.c Bluetooth: Use module_platform_driver() in btwilink.c file 2012-09-08 16:53:47 -03:00
dtl1_cs.c Bluetooth: Use devm_kzalloc in dtl1_cs.c file 2012-08-06 15:03:02 -03:00
hci_ath.c Bluetooth: hci-uart-ath: Use GFP_ATOMIC in open() 2012-02-13 17:01:22 +02:00
hci_bcsp.c Bluetooth: Remove 'register' usage from the subsystem 2012-06-05 06:34:07 +03:00
hci_h4.c Bluetooth: Remove 'register' usage from the subsystem 2012-06-05 06:34:07 +03:00
hci_h5.c Bluetooth: Introduce a flags variable to Three-wire UART state 2012-07-17 14:49:24 -03:00
hci_ldisc.c Bluetooth: hci_ldisc.c: removes unnecessary semicolon 2012-09-18 22:26:22 -03:00
hci_ll.c Bluetooth: hci_ll.c: removes unnecessary semicolon 2012-09-18 22:26:33 -03:00
hci_uart.h Bluetooth: Add delayed init sequence support for UART controllers 2012-07-17 14:48:29 -03:00
hci_vhci.c Bluetooth: hci_vhci.c: removes unnecessary semicolon 2012-09-18 22:26:43 -03:00
Kconfig Bluetooth: Initial skeleton for Three-wire UART (H5) support 2012-07-17 14:33:20 -03:00
Makefile Bluetooth: Initial skeleton for Three-wire UART (H5) support 2012-07-17 14:33:20 -03:00