On Thu, Dec 05, 2024 at 03:17:25PM +0800, En-Wei Wu wrote: > This patch series fixes a NULL pointer dereference in the QCA firmware dump > handling and improves the safety of SKB buffer handling. The problem occurs > when processing firmware crash dumps from WCN7851/WCN6855 Bluetooth > controllers, where incorrect return value handling leads to premature SKB > freeing and subsequent NULL pointer dereference. A gentle ping. Please help to review this patch series. Thanks. > > The series is split into two parts: > - Patch 1 fixes the NULL pointer dereference by correcting return value > handling and splits dump packet detection into separate ACL and event > functions > - Patch 2 improves SKB safety by using proper buffer access methods and > adding state restoration on error paths > > Changes in v3: > - Use skb_pull_data() for safe packet header access > - Split dump packet detection into separate ACL and event helpers > > Changes in v2: > - Fixed typo in the title > - Re-flowed commit message line to fit 72 characters > - Added blank line before btusb_recv_acl_qca() > > En-Wei Wu (2): > Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() > Bluetooth: btusb: Improve SKB safety in QCA dump packet handling > > drivers/bluetooth/btusb.c | 120 +++++++++++++++++++++++--------------- > 1 file changed, 74 insertions(+), 46 deletions(-) > > -- > 2.43.0 >
