| Message ID | 20210902202756.25378-1-paskripkin@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | Bluetooth: hci: fix GPF in h5_recv | expand |
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=541369
---Test result---
Test Summary:
CheckPatch FAIL 0.57 seconds
GitLint PASS 0.13 seconds
BuildKernel PASS 700.49 seconds
TestRunner: Setup PASS 458.70 seconds
TestRunner: l2cap-tester PASS 3.45 seconds
TestRunner: bnep-tester PASS 2.22 seconds
TestRunner: mgmt-tester PASS 34.22 seconds
TestRunner: rfcomm-tester PASS 2.46 seconds
TestRunner: sco-tester PASS 2.37 seconds
TestRunner: smp-tester PASS 2.52 seconds
TestRunner: userchan-tester PASS 2.24 seconds
Details
##############################
Test: CheckPatch - FAIL - 0.57 seconds
Run checkpatch.pl script with rule in .checkpatch.conf
Bluetooth: hci: fix GPF in h5_recv
WARNING: Unknown commit id 'd9dd833cf6d2', maybe rebased or not pulled?
#12:
Fixes: d9dd833cf6d2 ("Bluetooth: hci_h5: Add runtime suspend")
WARNING: Possible unwrapped commit description (prefer a maximum 75 chars per line)
#13:
Reported-and-tested-by: syzbot+7d41312fe3f123a6f605@syzkaller.appspotmail.com
total: 0 errors, 2 warnings, 14 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
"[PATCH] Bluetooth: hci: fix GPF in h5_recv" has style problems, please review.
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
##############################
Test: GitLint - PASS - 0.13 seconds
Run gitlint with rule in .gitlint
##############################
Test: BuildKernel - PASS - 700.49 seconds
Build Kernel with minimal configuration supports Bluetooth
##############################
Test: TestRunner: Setup - PASS - 458.70 seconds
Setup environment for running Test Runner
##############################
Test: TestRunner: l2cap-tester - PASS - 3.45 seconds
Run test-runner with l2cap-tester
Total: 40, Passed: 40 (100.0%), Failed: 0, Not Run: 0
##############################
Test: TestRunner: bnep-tester - PASS - 2.22 seconds
Run test-runner with bnep-tester
Total: 1, Passed: 1 (100.0%), Failed: 0, Not Run: 0
##############################
Test: TestRunner: mgmt-tester - PASS - 34.22 seconds
Run test-runner with mgmt-tester
Total: 452, Passed: 452 (100.0%), Failed: 0, Not Run: 0
##############################
Test: TestRunner: rfcomm-tester - PASS - 2.46 seconds
Run test-runner with rfcomm-tester
Total: 9, Passed: 9 (100.0%), Failed: 0, Not Run: 0
##############################
Test: TestRunner: sco-tester - PASS - 2.37 seconds
Run test-runner with sco-tester
Total: 8, Passed: 8 (100.0%), Failed: 0, Not Run: 0
##############################
Test: TestRunner: smp-tester - PASS - 2.52 seconds
Run test-runner with smp-tester
Total: 8, Passed: 8 (100.0%), Failed: 0, Not Run: 0
##############################
Test: TestRunner: userchan-tester - PASS - 2.24 seconds
Run test-runner with userchan-tester
Total: 3, Passed: 3 (100.0%), Failed: 0, Not Run: 0
---
Regards,
Linux Bluetooth
Hi Pavel, > Syzbot hit general protection fault in h5_recv(). The problem was in > missing NULL check. > > hu->serdev can be NULL and we cannot blindly pass &serdev->dev > somewhere, since it can cause GPF. > > Fixes: d9dd833cf6d2 ("Bluetooth: hci_h5: Add runtime suspend") > Reported-and-tested-by: syzbot+7d41312fe3f123a6f605@syzkaller.appspotmail.com > Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> > --- > drivers/bluetooth/hci_h5.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) patch has been applied to bluetooth-next tree. Regards Marcel
diff --git a/drivers/bluetooth/hci_h5.c b/drivers/bluetooth/hci_h5.c index 0c0dedece59c..eb0099a21288 100644 --- a/drivers/bluetooth/hci_h5.c +++ b/drivers/bluetooth/hci_h5.c @@ -587,9 +587,11 @@ static int h5_recv(struct hci_uart *hu, const void *data, int count) count -= processed; } - pm_runtime_get(&hu->serdev->dev); - pm_runtime_mark_last_busy(&hu->serdev->dev); - pm_runtime_put_autosuspend(&hu->serdev->dev); + if (hu->serdev) { + pm_runtime_get(&hu->serdev->dev); + pm_runtime_mark_last_busy(&hu->serdev->dev); + pm_runtime_put_autosuspend(&hu->serdev->dev); + } return 0; }
Syzbot hit general protection fault in h5_recv(). The problem was in missing NULL check. hu->serdev can be NULL and we cannot blindly pass &serdev->dev somewhere, since it can cause GPF. Fixes: d9dd833cf6d2 ("Bluetooth: hci_h5: Add runtime suspend") Reported-and-tested-by: syzbot+7d41312fe3f123a6f605@syzkaller.appspotmail.com Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> --- drivers/bluetooth/hci_h5.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-)