github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-06 05:27:07 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
65029aaedd
linux/net/bluetooth
History
Luiz Augusto von Dentz 7b674dce41 Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times 
[ Upstream commit 448a496f76 ]

device_add shall not be called multiple times as stated in its
documentation:

 'Do not call this routine or device_register() more than once for
 any device structure'

Syzkaller reports a bug as follows [1]:
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:33!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[...]
Call Trace:
 <TASK>
 __list_add include/linux/list.h:69 [inline]
 list_add_tail include/linux/list.h:102 [inline]
 kobj_kset_join lib/kobject.c:164 [inline]
 kobject_add_internal+0x18f/0x8f0 lib/kobject.c:214
 kobject_add_varg lib/kobject.c:358 [inline]
 kobject_add+0x150/0x1c0 lib/kobject.c:410
 device_add+0x368/0x1e90 drivers/base/core.c:3452
 hci_conn_add_sysfs+0x9b/0x1b0 net/bluetooth/hci_sysfs.c:53
 hci_le_cis_estabilished_evt+0x57c/0xae0 net/bluetooth/hci_event.c:6799
 hci_le_meta_evt+0x2b8/0x510 net/bluetooth/hci_event.c:7110
 hci_event_func net/bluetooth/hci_event.c:7440 [inline]
 hci_event_packet+0x63d/0xfd0 net/bluetooth/hci_event.c:7495
 hci_rx_work+0xae7/0x1230 net/bluetooth/hci_core.c:4007
 process_one_work+0x991/0x1610 kernel/workqueue.c:2289
 worker_thread+0x665/0x1080 kernel/workqueue.c:2436
 kthread+0x2e4/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>

Link: https://syzkaller.appspot.com/bug?id=da3246e2d33afdb92d66bc166a0934c5b146404a
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Tested-by: Hawkins Jiawei <yin31149@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-10-26 13:25:46 +02:00
..
bnep net: make ->{get,set}sockopt in proto_ops optional 2020-07-19 18:16:41 -07:00
cmtp Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails 2022-01-27 10:53:45 +01:00
hidp Bluetooth: hidp: use correct wait queue when removing ctrl_wait 2021-08-26 08:35:40 -04:00
rfcomm Bluetooth: Fix passing NULL to PTR_ERR 2022-07-29 17:19:26 +02:00
6lowpan.c Bluetooth: add a mutex lock to avoid UAF in do_enale_set 2020-06-23 14:30:07 +02:00
a2mp.c Bluetooth: drop HCI device reference before return 2021-03-04 11:37:25 +01:00
a2mp.h Bluetooth: Replace zero-length array with flexible-array member 2020-02-28 08:30:02 +01:00
af_bluetooth.c Bluetooth: Add support for BT_PKT_STATUS CMSG data for SCO connections 2020-06-12 15:08:49 +02:00
amp.c Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data 2021-03-07 12:34:10 +01:00
amp.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 284 2019-06-05 17:36:37 +02:00
ecdh_helper.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
ecdh_helper.h Fix misc new gcc warnings 2021-05-11 14:47:36 +02:00
hci_conn.c Bluetooth: use inclusive language in HCI role comments 2022-06-09 10:21:09 +02:00
hci_core.c Bluetooth: hci_core: Fix not handling link timeouts propertly 2022-10-26 13:25:22 +02:00
hci_debugfs.c Bluetooth: use inclusive language when filtering devices 2022-06-09 10:21:09 +02:00
hci_debugfs.h
hci_event.c Bluetooth: use hdev lock for accept_list and reject_list in conn req 2022-06-09 10:21:09 +02:00
hci_request.c Bluetooth: use inclusive language when filtering devices 2022-06-09 10:21:09 +02:00
hci_request.h Bluetooth: Enable/Disable address resolution during le create conn 2020-07-30 09:34:43 +02:00
hci_sock.c Bluetooth: use inclusive language when filtering devices 2022-06-09 10:21:09 +02:00
hci_sysfs.c Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times 2022-10-26 13:25:46 +02:00
Kconfig Bluetooth: Disable High Speed by default 2020-09-25 20:21:55 +02:00
l2cap_core.c Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() 2022-10-26 13:25:46 +02:00
l2cap_sock.c Bluetooth: L2CAP: uninitialized variables in l2cap_sock_setsockopt() 2022-01-27 10:54:02 +01:00
leds.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
leds.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
lib.c Bluetooth: Introduce debug feature when dynamic debug is disabled 2020-05-11 12:16:27 +02:00
Makefile Bluetooth: implement read/set default system parameters mgmt 2020-06-12 21:41:07 +02:00
mgmt_config.c Bluetooth: Interleave with allowlist scan 2022-06-09 10:21:08 +02:00
mgmt_config.h Bluetooth: mgmt: Add commands for runtime configuration 2020-06-18 13:11:03 +03:00
mgmt_util.c networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
mgmt_util.h
mgmt.c Bluetooth: use inclusive language when filtering devices 2022-06-09 10:21:09 +02:00
msft.c Bluetooth: Replace zero-length array with flexible-array member 2020-10-29 17:22:59 -05:00
msft.h Bluetooth: Add handler of MGMT_OP_READ_ADV_MONITOR_FEATURES 2020-06-18 13:11:21 +03:00
sco.c Bluetooth: SCO: Fix sco_send_frame returning skb->len 2022-07-29 17:19:26 +02:00
selftest.c Bluetooth: Remove CRYPTO_ALG_INTERNAL flag 2020-07-31 16:42:04 +03:00
selftest.h
smp.c Bluetooth: use inclusive language in HCI role comments 2022-06-09 10:21:09 +02:00
smp.h Bluetooth: SMP: fix crash in unpairing 2018-09-26 12:39:32 +03:00