20439 – a potential null pointer access in the btsdio_demove() function of Bluetooth driver

Bug 20439 - a potential null pointer access in the btsdio_demove() function of Bluetooth driver

Summary: a potential null pointer access in the btsdio_demove() function of Bluetooth ...

Status:	NEW

Alias:	None

Product:	ANCK 5.10 Dev
Classification:	ANCK
Component:	ARCH(unspecified) (show other bugs)	ARCH(unspecified)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Importance:	P3-Medium S3-normal
Target Milestone:	---
Assignee:	banye97
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2025-04-15 17:20 UTC by superankun
Modified:	2025-04-15 18:12 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description superankun 2025-04-15 17:20:11 UTC

发现cloud-kernel的devel-5.10分支提交补丁有潜在的空指针引用问题
补丁标题为 Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work

补丁内容如下：
 33 +++ b/drivers/bluetooth/btsdio.c
 34 @@ -352,6 +352,7 @@ static void btsdio_remove(struct sdio_func *func)
 35  
 36         BT_DBG("func %p", func);
 37                 
 38 +       cancel_work_sync(&data->work);
 39         if (!data)
 40                 return;


通过对比上游发现是合补丁错误。第38行应该放到40行之后

Comment 1 小龙 admin

2025-04-15 18:12:24 UTC

The PR Link: https://gitee.com/anolis/cloud-kernel/pulls/5080