linux/drivers
Andrei Emeltchenko 9cb23dd4b6 Bluetooth: btmrvl: Fix skb buffer overflow
Add extra check to avoid skb buffer overflow. Fixes crash below:

 [  101.030427] ------------[ cut here ]------------
 [  101.030459] kernel BUG at net/core/skbuff.c:127!
 [  101.030486] invalid opcode: 0000 [#1] SMP
...
 [  101.030806] Pid: 2010, comm: btmrvl_main_ser Not tainted 3.5.0+ #80 Laptop
 [  101.030859] EIP: 0060:[<c14f2ba9>] EFLAGS: 00010282 CPU: 0
 [  101.030894] EIP is at skb_put+0x99/0xa0
 [  101.030919] EAX: 00000080 EBX: f129380b ECX: ef923540 EDX: 00000001
 [  101.030956] ESI: f00a4000 EDI: 00001003 EBP: ed4a5efc ESP: ed4a5ecc
 [  101.030992]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
 [  101.031024] CR0: 8005003b CR2: 08fca014 CR3: 30960000 CR4: 000407f0
 [  101.031062] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
 [  101.031100] DR6: ffff0ff0 DR7: 00000400
 [  101.031125] Process btmrvl_main_ser (pid: 2010, ti=ed4a4000 task=ef923540 task.ti=ed4a4000)
 [  101.031174] Stack:
 [  101.031188]  c18126f8 c1651938 f853f8d2 00001003 00001003 f1292800 f1292808 f129380b
 [  101.031250]  f1292940 f00a4000 eddb1280 efc0f9c0 ed4a5f44 f853f8d2 00000040 00000000
 [  101.031312]  ef923540 c15ee096 ef923540 eddb12d4 00000004 f00a4000 00000040 00000000
 [  101.031376] Call Trace:
 [  101.031396]  [<f853f8d2>] ? btmrvl_sdio_process_int_status+0x272/0x3d0 [btmrvl_sdio]
 [  101.031444]  [<f853f8d2>] btmrvl_sdio_process_int_status+0x272/0x3d0 [btmrvl_sdio]
 [  101.031488]  [<c15ee096>] ? _raw_spin_unlock_irqrestore+0x36/0x70
 [  101.031526]  [<f85a46e4>] btmrvl_service_main_thread+0x244/0x300 [btmrvl]
 [  101.031568]  [<f853fb50>] ? btmrvl_sdio_poll_card_status.isra.6.constprop.7+0x90/0x90 [btmrvl_sdio]
 [  101.031619]  [<c107eda0>] ? try_to_wake_up+0x270/0x270
 [  101.031648]  [<f85a44a0>] ? btmrvl_process_event+0x3b0/0x3b0 [btmrvl]
 [  101.031686]  [<c106d19d>] kthread+0x7d/0x90
 [  101.031713]  [<c106d120>] ? flush_kthread_work+0x150/0x150
 [  101.031745]  [<c15f5a82>] kernel_thread_helper+0x6/0x10
...
 [  101.032008] EIP: [<c14f2ba9>] skb_put+0x99/0xa0 SS:ESP 0068:ed4a5ecc
 [  101.056125] ---[ end trace a0bd01d1a9a796c8 ]---

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2012-09-28 12:57:18 -03:00
..
accessibility
acpi Merge branch 'linux-next' of git://cavan.codon.org.uk/platform-drivers-x86 2012-07-30 11:54:53 -07:00
amba Merge branch 'for-linus' of git://git.linaro.org/people/rmk/linux-arm 2012-07-27 15:14:26 -07:00
ata ata/pata_arasan: remove conditional compilation of clk code 2012-07-30 17:25:12 -07:00
atm
auxdisplay
base Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-08-01 10:26:23 -07:00
bcma bcma: handle BCM43227 2012-09-24 15:02:07 -04:00
block Merge branch 'for-3.6/drivers' of git://git.kernel.dk/linux-block 2012-08-01 09:06:47 -07:00
bluetooth Bluetooth: btmrvl: Fix skb buffer overflow 2012-09-28 12:57:18 -03:00
cdrom
char This patch series contains a major revamp of how we collect entropy 2012-07-31 19:07:42 -07:00
clk clk: validate pointer in __clk_disable() 2012-07-30 17:25:13 -07:00
clocksource arm-soc: new SoC support 2012-07-23 16:31:31 -07:00
connector
cpufreq ARM: arm-soc soc updates, take 2 2012-07-30 09:45:53 -07:00
cpuidle Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-07-26 14:28:55 -07:00
crypto This patch series contains a major revamp of how we collect entropy 2012-07-31 19:07:42 -07:00
dca
devfreq
dio
dma Merge branch 'dmaengine' of git://git.linaro.org/people/rmk/linux-arm 2012-08-01 16:41:07 -07:00
edac Merge branch 'devel' 2012-07-29 21:11:05 -03:00
eisa
extcon MFD bits for the 3.6 merge window. 2012-07-30 12:41:17 -07:00
firewire - Small fixes and optimizations. 2012-07-30 09:32:39 -07:00
firmware This patch series contains a major revamp of how we collect entropy 2012-07-31 19:07:42 -07:00
gpio MFD bits for the 3.6 merge window. 2012-07-30 12:41:17 -07:00
gpu Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2012-07-30 10:06:23 -07:00
hid Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2012-07-31 18:47:44 -07:00
hsi
hv This patch series contains a major revamp of how we collect entropy 2012-07-31 19:07:42 -07:00
hwmon Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2012-07-30 10:10:26 -07:00
hwspinlock
i2c This patch series contains a major revamp of how we collect entropy 2012-07-31 19:07:42 -07:00
ide
idle Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-07-26 14:28:55 -07:00
ieee802154
iio
infiniband Merge branches 'cma', 'ipoib', 'ocrdma' and 'qib' into for-next 2012-07-30 07:47:27 -07:00
input This patch series contains a major revamp of how we collect entropy 2012-07-31 19:07:42 -07:00
iommu IOMMU Updates for Linux v3.6-rc1 2012-07-24 16:24:11 -07:00
isdn mISDN: Bugfix only few bytes are transfered on a connection 2012-07-29 23:18:30 -07:00
leds leds-lp8788: forgotten unlock at lp8788_led_work 2012-07-27 08:16:07 +08:00
lguest
macintosh
md Merge branch 'for-3.6/drivers' of git://git.kernel.dk/linux-block 2012-08-01 09:06:47 -07:00
media Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2012-07-31 18:47:44 -07:00
memory
memstick
message drivers/message/i2o/i2o_config.c: bound allocation 2012-07-30 17:25:17 -07:00
mfd This patch series contains a major revamp of how we collect entropy 2012-07-31 19:07:42 -07:00
misc Merge branch 'akpm' (Andrew's patch-bomb) 2012-07-30 17:25:34 -07:00
mmc Merge branch 'dmaengine' of git://git.linaro.org/people/rmk/linux-arm 2012-08-01 16:41:07 -07:00
mtd Merge branch 'dmaengine' of git://git.linaro.org/people/rmk/linux-arm 2012-08-01 16:41:07 -07:00
net ath5k: disable HW crypto in management frame 2012-09-24 15:02:08 -04:00
nfc
nubus
of Devicetree updates for 3.6 2012-07-24 14:07:22 -07:00
oprofile
parisc PCI changes for the 3.6 merge window: 2012-07-24 16:17:07 -07:00
parport
pci PCI changes for the 3.6 merge window: 2012-07-24 16:17:07 -07:00
pcmcia Merge branch 'for-linus' of git://git.linaro.org/people/rmk/linux-arm 2012-07-27 15:14:26 -07:00
pinctrl Pin control changes for v3.6: 2012-07-24 14:05:46 -07:00
platform Merge branch 'linux-next' of git://cavan.codon.org.uk/platform-drivers-x86 2012-07-30 11:54:53 -07:00
pnp
power This patch series contains a major revamp of how we collect entropy 2012-07-31 19:07:42 -07:00
pps pps: return PTR_ERR on error in device_create 2012-07-30 17:25:21 -07:00
ps3
ptp
pwm pwm: pwm-tiehrpwm: PWM driver support for EHRPWM 2012-07-26 07:45:20 +02:00
rapidio
regulator regulator: Fix an s5m8767 build failure 2012-07-31 00:51:09 +02:00
remoteproc A batch of remoteproc patches for 3.6: 2012-07-26 16:19:08 -07:00
rpmsg A batch of remoteproc patches for 3.6: 2012-07-26 16:19:08 -07:00
rtc Merge branch 'akpm' (Andrew's patch-bomb) 2012-07-31 19:25:39 -07:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-07-26 18:09:01 -07:00
sbus
scsi Merge branch 'for-3.6/core' of git://git.kernel.dk/linux-block 2012-08-01 09:02:41 -07:00
sfi
sh Merge branch 'common/pinctrl' into sh-latest 2012-07-20 16:42:59 +09:00
sn
spi Merge branch 'dmaengine' of git://git.linaro.org/people/rmk/linux-arm 2012-08-01 16:41:07 -07:00
ssb ssb: check for flash presentence 2012-08-10 15:27:02 -04:00
staging Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless 2012-09-07 15:07:55 -04:00
target Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-08-01 10:26:23 -07:00
tc
thermal The tag contains just a few battery-related changes for v3.6. It's is 2012-07-31 18:08:25 -07:00
tty This patch series contains a major revamp of how we collect entropy 2012-07-31 19:07:42 -07:00
uio
usb Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-08-01 10:26:23 -07:00
uwb
vfio vfio: Add PCI device driver 2012-07-31 08:16:24 -06:00
vhost vhost: make vhost work queue visible 2012-07-22 01:22:23 +03:00
video fbdev updates for 3.6 2012-08-01 10:45:12 -07:00
virt
virtio [SCSI] virtio-scsi: Add vdrv->scan for post VIRTIO_CONFIG_S_DRIVER_OK LUN scanning 2012-07-20 08:59:03 +01:00
vlynq
vme VME: Prevent D16 cycles being split into 8-bit blocks 2012-07-19 15:39:39 -07:00
w1 Driver core merge for 3.6-rc1 2012-07-26 11:25:33 -07:00
watchdog Merge branch 'for-linus' of git://git.linaro.org/people/rmk/linux-arm 2012-07-27 15:14:26 -07:00
xen PCI changes for the 3.6 merge window: 2012-07-24 16:17:07 -07:00
zorro
Kconfig vfio: VFIO core 2012-07-31 08:16:22 -06:00
Makefile vfio: VFIO core 2012-07-31 08:16:22 -06:00