Re: [PATCH v3 0/2] Bluetooth: btusb: Fix QCA dump packet handling and improve SKB safety
From: Chia-Lin Kao (AceLan)
Date: Sun Feb 16 2025 - 19:41:15 EST
On Thu, Dec 05, 2024 at 03:17:25PM +0800, En-Wei Wu wrote:
> This patch series fixes a NULL pointer dereference in the QCA firmware dump
> handling and improves the safety of SKB buffer handling. The problem occurs
> when processing firmware crash dumps from WCN7851/WCN6855 Bluetooth
> controllers, where incorrect return value handling leads to premature SKB
> freeing and subsequent NULL pointer dereference.
A gentle ping.
Please help to review this patch series.
Thanks.
>
> The series is split into two parts:
> - Patch 1 fixes the NULL pointer dereference by correcting return value
> handling and splits dump packet detection into separate ACL and event
> functions
> - Patch 2 improves SKB safety by using proper buffer access methods and
> adding state restoration on error paths
>
> Changes in v3:
> - Use skb_pull_data() for safe packet header access
> - Split dump packet detection into separate ACL and event helpers
>
> Changes in v2:
> - Fixed typo in the title
> - Re-flowed commit message line to fit 72 characters
> - Added blank line before btusb_recv_acl_qca()
>
> En-Wei Wu (2):
> Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue()
> Bluetooth: btusb: Improve SKB safety in QCA dump packet handling
>
> drivers/bluetooth/btusb.c | 120 +++++++++++++++++++++++---------------
> 1 file changed, 74 insertions(+), 46 deletions(-)
>
> --
> 2.43.0
>