github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-27 00:22:00 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph

bluetooth pull request for net:

Browse Source 
- hci_uart: fix null-ptr-deref in hci_uart_write_work
  - MGMT: Fix memory leak in set_ssp_complete
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCgA3FiEE7E6oRXp8w05ovYr/9JCA4xAyCykFAmlybggZHGx1aXoudm9u
 LmRlbnR6QGludGVsLmNvbQAKCRD0kIDjEDILKaDtD/48V62AzHbX/WYYWlOruWcT
 fPXOnYc45+FTsUAPFd829obdlWfNuRFjRWLnoGnJOylIPdXOj8b8MmISaJo9/TXt
 ujaKz/22YsPZs+fO080cNnvv1hwYjj1T/D756XCuODK0O8ADmuGr6wJO3MFu7TDf
 x67IFryAAoIIs+npGDP3+ZntJ6KdX+i/X0eZ5bX4CSK3xho6xuz1115LSCI+5MsD
 pw5MyJm5MSPkP3w64ctjkHLpvo2rU6RnIQQrzIlr4TsRTA0O9Jiej+nSj6raA+wb
 4b3SMigVn2Yi+Nbgl+mZNyaq9ekLyHeIb8ptJlRRdf7RJVbyYLHw42w8kNM++Cjv
 r/2gQZlkLqsUX6E0bsyVAMh+CyZqiVTm92+sT7kARemsGCQ45101yLU8ShT+seaq
 CcXQhIDTRjJp9qXcsoLav5U/wKjdZX05PetaLTGOv1usXV+Ig8cK+MZ9R5j38dYz
 BdHG/CYdwDeg/uK+p08PFlDtEKunDEHa6sShA1bXsjGwFLXuizNvdOCrRSA8e7TM
 YNJC68SX9iIq/AZRPQasV8enSqQFfZ6Wc5bEpynN78WTPqFdMzrBCgrfYPwvJg/f
 C//lPTaizICihdJSHFSGPaZVeIxIDsTQh4ddOLaQxw9zAUPSQf6ClKr1n+7oob9J
 ohsBwHeKAmKYoeEGrXvKXQ==
 =996a
 -----END PGP SIGNATURE-----

Merge tag 'for-net-2026-01-22' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth

Luiz Augusto von Dentz says:

====================
bluetooth pull request for net:

 - hci_uart: fix null-ptr-deref in hci_uart_write_work
 - MGMT: Fix memory leak in set_ssp_complete

* tag 'for-net-2026-01-22' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth:
  Bluetooth: MGMT: Fix memory leak in set_ssp_complete
  Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work
====================

Link: https://patch.msgid.link/20260122200751.2950279-1-luiz.dentz@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
Jakub Kicinski 2026-01-23 10:47:02 -08:00
commit d48c896cb2
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
drivers/bluetooth/hci_ldisc.c
View File

@ -685,6 +685,8 @@ static int hci_uart_register_dev(struct hci_uart *hu)
return err;
}
set_bit(HCI_UART_PROTO_INIT, &hu->flags);
if (test_bit(HCI_UART_INIT_PENDING, &hu->hdev_flags))
return 0;
@ -712,8 +714,6 @@ static int hci_uart_set_proto(struct hci_uart *hu, int id)
hu->proto = p;
set_bit(HCI_UART_PROTO_INIT, &hu->flags);
err = hci_uart_register_dev(hu);
if (err) {
return err;

3
net/bluetooth/mgmt.c
View File

@ -1966,6 +1966,7 @@ static void set_ssp_complete(struct hci_dev *hdev, void *data, int err)
}
mgmt_cmd_status(cmd->sk, cmd->hdev->id, cmd->opcode, mgmt_err);
mgmt_pending_free(cmd);
return;
}
@ -1984,6 +1985,7 @@ static void set_ssp_complete(struct hci_dev *hdev, void *data, int err)
sock_put(match.sk);
hci_update_eir_sync(hdev);
mgmt_pending_free(cmd);
}
static int set_ssp_sync(struct hci_dev *hdev, void *data)
@ -6438,6 +6440,7 @@ static void set_advertising_complete(struct hci_dev *hdev, void *data, int err)
hci_dev_clear_flag(hdev, HCI_ADVERTISING);
settings_rsp(cmd, &match);
mgmt_pending_free(cmd);
new_settings(hdev, match.sk);