Google Git
Sign in
linux/linux/kernel/git/bluetooth/bluetooth-next/850685a031e1429131e7111b82a86e86b46164dd
commit
850685a031e1429131e7111b82a86e86b46164dd
[log]
author
Samuel Moelius <sam.moelius@trailofbits.com>
Mon Jun 08 23:58:23 2026 +0000
committer
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Wed Jun 10 11:25:59 2026 -0400
tree
7d4256b88b120495b87f65883ac207fc67002bde
parent
801f756504d1bbddb25fbc810fcf326b1184c381 [diff]
Bluetooth: vhci: validate devcoredump state before side effects

The VHCI force_devcoredump debugfs hook accepts a small test record from
userspace. It validates the requested terminal state only after
registering, initializing and appending a Bluetooth devcoredump.

As a result, an invalid state returns -EINVAL but still leaves queued
devcoredump work behind. With a non-zero timeout field, the rejected
write can still emit a devcoredump after the timeout expires.

Reject unsupported states before allocating the skb or changing the HCI
devcoredump state machine.

Fixes: ab4e4380d4e1 ("Bluetooth: Add vhci devcoredump support")
Assisted-by: Codex:gpt-5.5-cyber-preview
Signed-off-by: Samuel Moelius <sam.moelius@trailofbits.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
1 file changed
tree: 7d4256b88b120495b87f65883ac207fc67002bde
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. io_uring/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. rust/
  18. samples/
  19. scripts/
  20. security/
  21. sound/
  22. tools/
  23. usr/
  24. virt/
  25. .clang-format
  26. .clippy.toml
  27. .cocciconfig
  28. .editorconfig
  29. .get_maintainer.ignore
  30. .gitattributes
  31. .gitignore
  32. .mailmap
  33. .pylintrc
  34. .rustfmt.toml
  35. COPYING
  36. CREDITS
  37. Kbuild
  38. Kconfig
  39. MAINTAINERS
  40. Makefile
  41. README