linux_dsm_epyc7002/net/bluetooth
Pavel Skripkin 9f919f6ca1 Bluetooth: add timeout sanity check to hci_inquiry
[ Upstream commit f41a4b2b5eb7872109723dab8ae1603bdd9d9ec1 ]

Syzbot hit "task hung" bug in hci_req_sync(). The problem was in
unreasonable huge inquiry timeout passed from userspace.
Fix it by adding sanity check for timeout value to hci_inquiry().

Since hci_inquiry() is the only user of hci_req_sync() with user
controlled timeout value, it makes sense to check timeout value in
hci_inquiry() and don't touch hci_req_sync().

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Reported-and-tested-by: syzbot+be2baed593ea56c6a84c@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-07-05 19:12:05 +02:00
..
bnep net: make ->{get,set}sockopt in proto_ops optional 2020-07-19 18:16:41 -07:00
cmtp Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow 2024-07-05 19:11:28 +02:00
hidp Bluetooth: hidp: use correct wait queue when removing ctrl_wait 2024-07-05 18:55:44 +02:00
rfcomm Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2020-07-31 15:11:52 -07:00
6lowpan.c Bluetooth: add a mutex lock to avoid UAF in do_enale_set 2020-06-23 14:30:07 +02:00
a2mp.c Bluetooth: drop HCI device reference before return 2021-03-04 11:37:25 +01:00
a2mp.h Bluetooth: Replace zero-length array with flexible-array member 2020-02-28 08:30:02 +01:00
af_bluetooth.c Bluetooth: Add support for BT_PKT_STATUS CMSG data for SCO connections 2020-06-12 15:08:49 +02:00
amp.c Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data 2021-03-07 12:34:10 +01:00
amp.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 284 2019-06-05 17:36:37 +02:00
ecdh_helper.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
ecdh_helper.h Fix misc new gcc warnings 2021-05-11 14:47:36 +02:00
hci_conn.c Bluetooth: avoid deadlock between hci_dev->lock and socket lock 2021-05-14 09:50:29 +02:00
hci_core.c Bluetooth: add timeout sanity check to hci_inquiry 2024-07-05 19:12:05 +02:00
hci_debugfs.c Bluetooth: debugfs option to unset MITM flag 2020-04-07 18:32:21 +02:00
hci_debugfs.h Bluetooth: Provide option to enable/disable debugfs information 2015-02-15 18:54:13 +02:00
hci_event.c Bluetooth: Fix alt settings for incoming SCO with transparent coding format 2021-07-19 09:44:54 +02:00
hci_request.c Bluetooth: Fix Set Extended (Scan Response) Data 2021-07-14 16:56:30 +02:00
hci_request.h Bluetooth: Enable/Disable address resolution during le create conn 2020-07-30 09:34:43 +02:00
hci_sock.c Bluetooth: defer cleanup of resources in hci_unregister_dev() 2024-07-05 18:52:09 +02:00
hci_sysfs.c Bluetooth: defer cleanup of resources in hci_unregister_dev() 2024-07-05 18:52:09 +02:00
Kconfig Bluetooth: Disable High Speed by default 2020-09-25 20:21:55 +02:00
l2cap_core.c Bluetooth: L2CAP: Fix invalid access on ECRED Connection response 2021-07-19 09:44:54 +02:00
l2cap_sock.c Bluetooth: check for zapped sk before connecting 2021-05-19 10:12:53 +02:00
leds.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
leds.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
lib.c Bluetooth: Introduce debug feature when dynamic debug is disabled 2020-05-11 12:16:27 +02:00
Makefile Bluetooth: implement read/set default system parameters mgmt 2020-06-12 21:41:07 +02:00
mgmt_config.c Bluetooth: Adding a configurable autoconnect timeout 2020-07-07 17:37:03 +02:00
mgmt_config.h Bluetooth: mgmt: Add commands for runtime configuration 2020-06-18 13:11:03 +03:00
mgmt_util.c networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
mgmt_util.h Bluetooth: Add generic mgmt helper API 2015-03-17 18:03:08 +01:00
mgmt.c Bluetooth: mgmt: Fix wrong opcode in the response for add_adv cmd 2024-07-05 19:11:27 +02:00
msft.c Bluetooth: Replace zero-length array with flexible-array member 2020-10-29 17:22:59 -05:00
msft.h Bluetooth: Add handler of MGMT_OP_READ_ADV_MONITOR_FEATURES 2020-06-18 13:11:21 +03:00
sco.c Bluetooth: fix repeated calls to sco_sock_kill 2024-07-05 19:11:46 +02:00
selftest.c Bluetooth: Remove CRYPTO_ALG_INTERNAL flag 2020-07-31 16:42:04 +03:00
selftest.h Bluetooth: Add support for self testing framework 2014-12-30 08:53:55 +02:00
smp.c Bluetooth: SMP: Fail if remote and local public keys are identical 2021-05-26 12:06:57 +02:00
smp.h Bluetooth: SMP: fix crash in unpairing 2018-09-26 12:39:32 +03:00