Commit 4db619e8 authored Jun 14, 2021 by Luiz Augusto von Dentz Committed by sanglipeng May 10, 2024

Bluetooth: SMP: Fix crash when receiving new connection when debug is enabled

stable inclusion
from stable-v5.10.206
commit 2a0a658ed6ef6bbddf700d1c2e1690e4e8054117
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I9O5W8

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2a0a658ed6ef6bbddf700d1c2e1690e4e8054117



--------------------------------

commit 995fca15 upstream.

When receiving a new connection pchan->conn won't be initialized so the
code cannot use bt_dev_dbg as the pointer to hci_dev won't be
accessible.

Fixes: 2e1614f7 ("Bluetooth: SMP: Convert BT_ERR/BT_DBG to bt_dev_err/bt_dev_dbg")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: sanglipeng <sanglipeng1@jd.com>

parent 927b2d0b

net/bluetooth/smp.c

+3 −3

Original line number	Diff line number	Diff line
		@@ -3239,7 +3239,7 @@ static inline struct l2cap_chan smp_new_conn_cb(struct l2cap_chan pchan)
		{
		struct l2cap_chan *chan;

		bt_dev_dbg(pchan->conn->hcon->hdev, "pchan %p", pchan);
		BT_DBG("pchan %p", pchan);

		chan = l2cap_chan_create();
		if (!chan)
		@@ -3260,7 +3260,7 @@ static inline struct l2cap_chan smp_new_conn_cb(struct l2cap_chan pchan)
		*/
		atomic_set(&chan->nesting, L2CAP_NESTING_SMP);

		bt_dev_dbg(pchan->conn->hcon->hdev, "created chan %p", chan);
		BT_DBG("created chan %p", chan);

		return chan;
		}
		@@ -3364,7 +3364,7 @@ static void smp_del_chan(struct l2cap_chan *chan)
		{
		struct smp_dev *smp;

		bt_dev_dbg(chan->conn->hcon->hdev, "chan %p", chan);
		BT_DBG("chan %p", chan);

		smp = chan->data;
		if (smp) {