Patch "Bluetooth: SMP: Fix crash when receiving new connection when debug is enabled" has been added to the 5.10-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Wed, 03 Jan 2024 12:27:55 +0100

This is a note to let you know that I've just added the patch titled

    Bluetooth: SMP: Fix crash when receiving new connection when debug is enabled

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     bluetooth-smp-fix-crash-when-receiving-new-connection-when-debug-is-enabled.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 995fca15b73ff8f92888cc2d5d95f17ffdac74ba Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
Date: Mon, 14 Jun 2021 10:46:44 -0700
Subject: Bluetooth: SMP: Fix crash when receiving new connection when debug is enabled

From: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>

commit 995fca15b73ff8f92888cc2d5d95f17ffdac74ba upstream.

When receiving a new connection pchan->conn won't be initialized so the
code cannot use bt_dev_dbg as the pointer to hci_dev won't be
accessible.

Fixes: 2e1614f7d61e4 ("Bluetooth: SMP: Convert BT_ERR/BT_DBG to bt_dev_err/bt_dev_dbg")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
Signed-off-by: Marcel Holtmann <marcel@xxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 net/bluetooth/smp.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -3239,7 +3239,7 @@ static inline struct l2cap_chan *smp_new
 {
 	struct l2cap_chan *chan;
 
-	bt_dev_dbg(pchan->conn->hcon->hdev, "pchan %p", pchan);
+	BT_DBG("pchan %p", pchan);
 
 	chan = l2cap_chan_create();
 	if (!chan)
@@ -3260,7 +3260,7 @@ static inline struct l2cap_chan *smp_new
 	 */
 	atomic_set(&chan->nesting, L2CAP_NESTING_SMP);
 
-	bt_dev_dbg(pchan->conn->hcon->hdev, "created chan %p", chan);
+	BT_DBG("created chan %p", chan);
 
 	return chan;
 }
@@ -3364,7 +3364,7 @@ static void smp_del_chan(struct l2cap_ch
 {
 	struct smp_dev *smp;
 
-	bt_dev_dbg(chan->conn->hcon->hdev, "chan %p", chan);
+	BT_DBG("chan %p", chan);
 
 	smp = chan->data;
 	if (smp) {


Patches currently in stable-queue which might be from luiz.von.dentz@xxxxxxxxx are

queue-5.10/bluetooth-hci_event-fix-not-checking-if-hci_op_inquiry-has-been-sent.patch
queue-5.10/bluetooth-l2cap-send-reject-on-command-corrupted-request.patch
queue-5.10/bluetooth-smp-convert-bt_err-bt_dbg-to-bt_dev_err-bt.patch
queue-5.10/bluetooth-smp-fix-crash-when-receiving-new-connection-when-debug-is-enabled.patch
queue-5.10/bluetooth-mgmt-smp-fix-address-type-when-using-smp-o.patch
queue-5.10/bluetooth-af_bluetooth-fix-use-after-free-in-bt_sock.patch







