linux_dsm_epyc7002/net
Pavel Skripkin 9f919f6ca1 Bluetooth: add timeout sanity check to hci_inquiry
[ Upstream commit f41a4b2b5eb7872109723dab8ae1603bdd9d9ec1 ]

Syzbot hit "task hung" bug in hci_req_sync(). The problem was in
unreasonable huge inquiry timeout passed from userspace.
Fix it by adding sanity check for timeout value to hci_inquiry().

Since hci_inquiry() is the only user of hci_req_sync() with user
controlled timeout value, it makes sense to check timeout value in
hci_inquiry() and don't touch hci_req_sync().

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Reported-and-tested-by: syzbot+be2baed593ea56c6a84c@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-07-05 19:12:05 +02:00
..
6lowpan 6lowpan: iphc: Fix an off-by-one check of array index 2024-07-05 19:11:18 +02:00
9p net: 9p: advance iov on empty read 2021-04-07 15:00:08 +02:00
802 net/802/garp: fix memleak in garp_request_join() 2021-07-31 08:16:11 +02:00
8021q net: vlan: avoid leaks on register_vlan_dev() failures 2021-01-17 14:16:55 +01:00
appletalk appletalk: Fix skb allocation size in loopback case 2021-04-07 15:00:08 +02:00
atm net: atm: fix update of position index in lec_seq_next 2020-10-31 12:26:30 -07:00
ax25 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-07-25 17:49:04 -07:00
batman-adv batman-adv: Avoid WARN_ON timing related checks 2021-06-23 14:42:41 +02:00
bluetooth Bluetooth: add timeout sanity check to hci_inquiry 2024-07-05 19:12:05 +02:00
bpf bpf: Fix NULL pointer dereference in bpf_get_local_storage() helper 2024-07-05 18:56:10 +02:00
bpfilter bpfilter: Specify the log level for the kmsg message 2021-07-14 16:56:29 +02:00
bridge net: bridge: fix memleak in br_add_if() 2024-07-05 18:54:25 +02:00
caif net: fix uninit-value in caif_seqpkt_sendmsg 2021-07-28 14:35:38 +02:00
can can: j1939: j1939_session_deactivate(): clarify lifetime of session object 2024-07-05 18:06:34 +02:00
ceph init: add dsm gpl source 2024-07-05 18:00:04 +02:00
core devlink: Clear whole devlink_flash_notify struct 2024-07-05 19:11:56 +02:00
dcb net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands 2021-01-23 16:04:01 +01:00
dccp dccp: add do-while-0 stubs for dccp_pr_debug macros 2024-07-05 18:55:45 +02:00
decnet net: decnet: Fix sleeping inside in af_decnet 2021-07-28 14:35:38 +02:00
dns_resolver docs: networking: convert dns_resolver.txt to ReST 2020-04-28 14:39:46 -07:00
dsa net: dsa: properly check for the bridge_leave methods in dsa_switch_bridge_leave() 2021-07-25 14:36:20 +02:00
ethernet init: add dsm gpl source 2024-07-05 18:00:04 +02:00
ethtool net: ethtool: clear heap allocations for ethtool function 2021-06-30 08:47:20 -04:00
hsr net: hsr: fix mac_len checks 2021-06-03 09:00:50 +02:00
ieee802154 net: Fix memory leak in ieee802154_raw_deliver 2024-07-05 18:54:24 +02:00
ife
ipv4 tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos 2024-07-05 19:11:19 +02:00
ipv6 init: add dsm gpl source 2024-07-05 18:00:04 +02:00
iucv net/af_iucv: remove WARN_ONCE on malformed RX packets 2021-03-07 12:34:05 +01:00
kcm net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
key init: add dsm gpl source 2024-07-05 18:00:04 +02:00
l2tp net: l2tp: reduce log level of messages in receive path, add counter instead 2021-03-17 17:06:11 +01:00
l3mdev net: Fix some comments 2020-08-27 07:55:59 -07:00
lapb net: lapb: Copy the skb before sending a packet 2021-02-10 09:29:14 +01:00
llc net: llc: fix skb_over_panic 2024-07-05 18:04:53 +02:00
mac80211 mac80211: Fix insufficient headroom issue for AMSDU 2024-07-05 19:11:56 +02:00
mac802154 net: mac802154: Fix general protection fault 2021-04-14 08:42:13 +02:00
mpls net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0 2021-03-17 17:06:11 +01:00
mptcp mptcp: fix warning in __skb_flow_dissect() when do syn cookie for subflow join 2021-07-28 14:35:34 +02:00
ncsi net/ncsi: Avoid channel_monitor hrtimer deadlock 2021-04-14 08:42:08 +02:00
netfilter netfilter: nftables: clone set element expression template 2024-07-05 19:07:11 +02:00
netlabel net: cipso: fix warnings in netlbl_cipsov4_add_std 2024-07-05 19:11:27 +02:00
netlink netlink: disable IRQs for netlink_lock_table() 2021-06-16 12:01:36 +02:00
netrom netrom: Decrease sock refcount when sock timers expire 2021-07-28 14:35:38 +02:00
nfc net/nfc/rawsock.c: fix a permission check bug 2021-06-16 12:01:35 +02:00
nsh treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
openvswitch ovs: clear skb->tstamp in forwarding path 2024-07-05 18:55:47 +02:00
packet init: add dsm gpl source 2024-07-05 18:00:04 +02:00
phonet treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
psample net: psample: Fix netlink skb length with tunnel info 2021-03-07 12:34:07 +01:00
qrtr net: qrtr: fix another OOB Read in qrtr_endpoint_post 2024-07-05 18:56:10 +02:00
rds net/rds: dma_map_sg is entitled to merge entries 2024-07-05 19:00:50 +02:00
rfkill rfkill: Fix use-after-free in rfkill_resume() 2020-11-12 09:18:06 +01:00
rose rose: Fix Null pointer dereference in rose_send_frame() 2020-11-20 10:04:58 -08:00
rxrpc rxrpc: Fix clearance of Tx/Rx ring when releasing a call 2021-02-17 11:02:28 +01:00
sched net/sched: ets: fix crash when flipping from 'strict' to 'quantum' 2024-07-05 18:59:37 +02:00
sctp sctp: move the active_key update after sh_keys is added 2024-07-05 18:52:08 +02:00
smc net/smc: fix wait on already cleared link 2024-07-05 18:54:23 +02:00
strparser
sunrpc init: add dsm gpl source 2024-07-05 18:00:04 +02:00
switchdev net: switchdev: don't set port_obj_info->handled true when -EOPNOTSUPP 2021-02-07 15:37:12 +01:00
tipc tipc: call tipc_wait_for_connect only when dlen is not 0 2024-07-05 19:00:51 +02:00
tls tls: prevent oversized sendfile() hangs by ignoring MSG_MORE 2021-07-14 16:56:24 +02:00
unix init: add dsm gpl source 2024-07-05 18:00:04 +02:00
vmw_vsock vsock/virtio: avoid potential deadlock when vsock device remove 2024-07-05 18:54:39 +02:00
wimax genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
wireless cfg80211: Fix possible memory leak in function cfg80211_bss_update 2024-07-05 18:03:16 +02:00
x25 net/x25: Return the correct errno code 2021-06-18 10:00:06 +02:00
xdp xsk: Fix broken Tx ring validation 2021-07-14 16:56:23 +02:00
xfrm net: xfrm: Fix end of loop tests for list_for_each_entry 2024-07-05 18:55:30 +02:00
compat.c net: Return the correct errno code 2021-06-18 10:00:06 +02:00
devres.c net: devres: rename the release callback of devm_register_netdev() 2020-06-30 15:57:34 -07:00
Kconfig init: add dsm gpl source 2024-07-05 18:00:04 +02:00
Makefile net: move devres helpers into a separate source file 2020-05-23 16:56:17 -07:00
socket.c net: don't unconditionally copy_from_user a struct ifreq for socket ioctls 2024-07-05 19:02:28 +02:00
sysctl_net.c