diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index b31192d473d0..bbc86b7dce07 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -5519,8 +5519,12 @@ static void mgmt_remove_adv_monitor_complete(struct hci_dev *hdev,
{
struct mgmt_rp_remove_adv_monitor rp;
struct mgmt_pending_cmd *cmd = data;
- struct mgmt_cp_remove_adv_monitor *cp = cmd->param;
+ struct mgmt_cp_remove_adv_monitor *cp;
+
+ if (cmd != pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev))
+ return -ECANCELED;
+ cp = cmd->param;
hci_dev_lock(hdev);
rp.monitor_handle = cp->monitor_handle;
@@ -5540,8 +5544,14 @@ static void mgmt_remove_adv_monitor_complete(struct hci_dev *hdev,
static int mgmt_remove_adv_monitor_sync(struct hci_dev *hdev, void *data)
{
struct mgmt_pending_cmd *cmd = data;
- struct mgmt_cp_remove_adv_monitor *cp = cmd->param;
- u16 handle = __le16_to_cpu(cp->monitor_handle);
+ struct mgmt_cp_remove_adv_monitor *cp;
+ u16 handle;
+
+ if (cmd != pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev))
+ return -ECANCELED;
+
+ cp = cmd->param;
+ handle = __le16_to_cpu(cp->monitor_handle);
if (!handle)
return hci_remove_all_adv_monitor(hdev);
--
2.34.1Hi Pei,
Please note that if you want syzbot to test your patch, you need to
explicitly tell it about that:
https://github.com/google/syzkaller/blob/master/docs/syzbot.md#testing-patches
--
Aleksandr
On Thu, Dec 5, 2024 at 9:44 AM Pei Xiao <xiaopei01@kylinos.cn> wrote:
>
> diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
> index b31192d473d0..bbc86b7dce07 100644
> --- a/net/bluetooth/mgmt.c
> +++ b/net/bluetooth/mgmt.c
> @@ -5519,8 +5519,12 @@ static void mgmt_remove_adv_monitor_complete(struct hci_dev *hdev,
> {
> struct mgmt_rp_remove_adv_monitor rp;
> struct mgmt_pending_cmd *cmd = data;
> - struct mgmt_cp_remove_adv_monitor *cp = cmd->param;
> + struct mgmt_cp_remove_adv_monitor *cp;
> +
> + if (cmd != pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev))
> + return -ECANCELED;
>
> + cp = cmd->param;
> hci_dev_lock(hdev);
>
> rp.monitor_handle = cp->monitor_handle;
> @@ -5540,8 +5544,14 @@ static void mgmt_remove_adv_monitor_complete(struct hci_dev *hdev,
> static int mgmt_remove_adv_monitor_sync(struct hci_dev *hdev, void *data)
> {
> struct mgmt_pending_cmd *cmd = data;
> - struct mgmt_cp_remove_adv_monitor *cp = cmd->param;
> - u16 handle = __le16_to_cpu(cp->monitor_handle);
> + struct mgmt_cp_remove_adv_monitor *cp;
> + u16 handle;
> +
> + if (cmd != pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev))
> + return -ECANCELED;
> +
> + cp = cmd->param;
> + handle = __le16_to_cpu(cp->monitor_handle);
>
> if (!handle)
> return hci_remove_all_adv_monitor(hdev);
> --
> 2.34.1
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/syzkaller-bugs/f7ea7d2ea6efebf66a6c5a27409ac76e404c7241.1733387703.git.xiaopei01%40kylinos.cn.
在 2024/12/5 16:50, Aleksandr Nogikh 写道: > Hi Pei, > > Please note that if you want syzbot to test your patch, you need to > explicitly tell it about that: > > https://github.com/google/syzkaller/blob/master/docs/syzbot.md#testing-patches > Thank you for your help!
© 2016 - 2025 Red Hat, Inc.