UbiquitousOS
/
anolis-cloud-kernel
mirror of https://gitee.com/anolis/cloud-kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
anolis-cloud-kernel/drivers/bluetooth
History
Lee, Chun-Yi 39cb90de2b Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO 
ANBZ: #6392

commit 9c33663af9 upstream.

This patch adds code to check HCI_UART_PROTO_READY flag before
accessing hci_uart->proto. It fixes the race condition in
hci_uart_tty_ioctl() between HCIUARTSETPROTO and HCIUARTGETPROTO.
This issue bug found by Yu Hao and Weiteng Chen:

BUG: general protection fault in hci_uart_tty_ioctl [1]

The information of C reproducer can also reference the link [2]

Reported-by: Yu Hao <yhao016@ucr.edu>
Closes: https://lore.kernel.org/all/CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g@mail.gmail.com/ [1]
Reported-by: Weiteng Chen <wchen130@ucr.edu>
Closes: https://lore.kernel.org/lkml/CA+UBctDPEvHdkHMwD340=n02rh+jNRJNNQ5LBZNA+Wm4Keh2ow@mail.gmail.com/T/ [2]
Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

Fixes: CVE-2023-31083
Signed-off-by: Xiao Long <xiaolong@openanolis.org>
Signed-off-by: Qinyun Tan <qinyuntan@linux.alibaba.com>
Reviewed-by: Xunlei Pang <xlpang@linux.alibaba.com>
Link: https://gitee.com/anolis/cloud-kernel/pulls/2365
 		2024-01-10 07:24:46 +00:00
..
Kconfig Bluetooth: Make BT_HCIUART_RTL configuration option depend on ACPI 2018-08-21 16:36:12 +02:00
Makefile Bluetooth: mediatek: Add protocol support for MediaTek serial devices 2018-08-07 21:33:25 +02:00
ath3k.c Bluetooth: ath3k: fix checkpatch warning 2018-02-07 09:46:09 +01:00
bcm203x.c Bluetooth: mark expected switch fall-throughs 2017-10-14 09:25:51 +02:00
bfusb.c bluetooth: bfusb: Replace GFP_ATOMIC with GFP_KERNEL in bfusb_send_frame() 2018-07-23 18:05:00 +02:00
bluecard_cs.c bluetooth: bluecard_cs: Replace GFP_ATOMIC with GFP_KERNEL in bluecard_hci_set_baud_rate() 2018-07-23 18:05:00 +02:00
bpa10x.c bluetooth: bpa10x: Replace GFP_ATOMIC with GFP_KERNEL in bpa10x_send_frame() 2018-07-23 18:05:00 +02:00
bt3c_cs.c Bluetooth: Use bt_dev_err and bt_dev_info when possible 2017-10-30 12:25:45 +02:00
btbcm.c Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth 2018-11-13 11:08:25 -08:00
btbcm.h Bluetooth: btbcm: Allow using btbcm_initialize() for reinit 2018-05-18 06:37:51 +02:00
btintel.c Bluetooth: btintel: Create common function for firmware download 2018-01-25 09:28:40 +01:00
btintel.h Bluetooth: btintel: Create common function for firmware download 2018-01-25 09:28:40 +01:00
btmrvl_debugfs.c Bluetooth: btmrvl: Re-use kstrtol_from_user() 2018-05-30 08:16:05 +02:00
btmrvl_drv.h Bluetooth: btmrvl: support sysfs initiated firmware coredump 2018-05-29 15:59:50 +02:00
btmrvl_main.c Bluetooth: btmrvl: support sysfs initiated firmware coredump 2018-05-29 15:59:50 +02:00
btmrvl_sdio.c bluetooth: btmrvl_sdio: Replace GFP_ATOMIC with GFP_KERNEL in btmrvl_sdio_card_to_host() 2018-07-23 18:05:00 +02:00
btmrvl_sdio.h btmrvl: add platform specific wakeup interrupt support 2016-05-02 19:26:15 +02:00
btmtkuart.c Bluetooth: mediatek: fix up an error path to restore bdev->tx_state 2019-05-08 07:21:52 +02:00
btqca.c Bluetooth: btqca: Add a short delay before downloading the NVM 2019-09-10 10:33:43 +01:00
btqca.h Bluetooth: hci_qca: Add support for Qualcomm Bluetooth chip wcn3990 2018-08-03 14:44:07 +02:00
btqcomsmd.c Bluetooth: btqcomsmd: Fix rx/tx stats 2018-05-18 06:37:50 +02:00
btrsi.c Bluetooth: btrsi: fix bt tx timeout issue 2019-11-20 18:47:42 +01:00
btrtl.c Bluetooth: btrtl: HCI reset on close for Realtek BT chip 2019-10-01 08:26:11 +02:00
btrtl.h Bluetooth: btrtl: HCI reset on close for Realtek BT chip 2019-10-01 08:26:11 +02:00
btsdio.c Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work 2023-07-04 03:19:31 +00:00
btusb.c Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices 2019-10-01 08:26:12 +02:00
btwilink.c Bluetooth: Style fix - align block comments 2017-07-22 08:39:39 +02:00
dtl1_cs.c networking: add and use skb_put_u8() 2017-06-16 11:48:40 -04:00
h4_recv.h Bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() 2019-03-27 14:14:41 +09:00
hci_ag6xx.c Bluetooth: hci_uart: Add diag and address support for Intel/AG6xx 2016-02-29 19:25:22 +02:00
hci_ath.c Bluetooth: hci_uart: check for missing tty operations 2019-08-04 09:30:55 +02:00
hci_bcm.c Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading 2019-12-05 09:20:39 +01:00
hci_bcsp.c Bluetooth: Fix invalid-free in bcsp_close() 2019-12-01 09:17:35 +01:00
hci_h4.c Bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() 2019-03-27 14:14:41 +09:00
hci_h5.c Bluetooth: Introduce BT_HCIUART_RTL configuration option 2018-08-09 20:48:10 +03:00
hci_intel.c Bluetooth: hci_uart: check for missing tty operations 2019-08-04 09:30:55 +02:00
hci_ldisc.c Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO 2024-01-10 07:24:46 +00:00
hci_ll.c Bluetooth: hci_serdev: Move serdev_device_close/open into common hci_serdev code 2018-05-30 08:47:42 +02:00
hci_mrvl.c Bluetooth: hci_uart: check for missing tty operations 2019-08-04 09:30:55 +02:00
hci_nokia.c bluetooth: hci_nokia: Don't include linux/unaligned/le_struct.h directly. 2018-06-17 08:38:55 +09:00
hci_qca.c Bluetooth: hci_uart: check for missing tty operations 2019-08-04 09:30:55 +02:00
hci_serdev.c Bluetooth: hci_serdev: clear HCI_UART_PROTO_READY to avoid closing proto races 2019-11-20 18:47:42 +01:00
hci_uart.h Bluetooth: hci_uart: check for missing tty operations 2019-08-04 09:30:55 +02:00
hci_vhci.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00