proxmox-mirrors/mirror_ubuntu-kernels
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_ubuntu-kernels.git synced 2026-01-08 13:58:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
b92483d54a
mirror_ubuntu-kernels/net/bluetooth
History
Peter Hurley b92483d54a Bluetooth: Fix unsafe RFCOMM device parenting 
Accessing the results of hci_conn_hash_lookup_ba() is unsafe without
holding the hci_dev_lock() during the lookup. For example:

CPU 0                             | CPU 1
hci_conn_hash_lookup_ba           | hci_conn_del
  rcu_read_lock                   |   hci_conn_hash_del
  list_for_each_entry_rcu         |     list_del_rcu
    if (.....)                    |       synchronize_rcu
      rcu_read_unlock             |
                                  |   hci_conn_del_sysfs
                                  |   hci_dev_put
                                  |   hci_conn_put
                                  |     put_device (last reference)
                                  |       bt_link_release
                                  |         kfree(conn)
      return p  << just freed     |

Even if a hci_conn reference were taken (via hci_conn_get), would
not guarantee the lifetime of the sysfs device, but only safe
access to the in-memory structure.

Ensure the hci_conn device stays valid while the rfcomm device
is reparented; rename rfcomm_get_device() to rfcomm_reparent_device()
and perform the reparenting within the function while holding the
hci_dev_lock.

Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Tested-By: Alexander Holler <holler@ahsoftware.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-14 13:39:31 -08:00
..
bnep net/*: Fix FSF address in file headers 2013-12-06 12:37:57 -05:00
cmtp Bluetooth: Access CMTP session addresses through L2CAP channel 2013-10-13 20:00:30 +03:00
hidp Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem 2013-11-04 14:51:28 -05:00
rfcomm Bluetooth: Fix unsafe RFCOMM device parenting 2014-02-14 13:39:31 -08:00
6lowpan.c Bluetooth: Fix 6loWPAN peer lookup 2014-01-07 11:32:15 -02:00
6lowpan.h Bluetooth: Enable 6LoWPAN support for BT LE devices 2013-12-11 12:57:55 -08:00
a2mp.c Bluetooth: Rename L2CAP_CHAN_CONN_FIX_A2MP to L2CAP_CHAN_FIXED 2014-02-13 09:51:37 +02:00
a2mp.h Bluetooth: Move a2mp.h header file into net/bluetooth/ 2013-10-11 00:10:05 +02:00
af_bluetooth.c Bluetooth: Increase minor version of core module 2013-12-07 21:29:43 +04:00
amp.c Bluetooth: Remove l2cap_conn->dst usage from AMP manager 2013-10-13 17:43:32 +03:00
amp.h Bluetooth: Move amp.h header file into net/bluetooth/ 2013-10-11 00:10:03 +02:00
hci_conn.c Bluetooth: Use connection parameters if any 2014-02-13 09:51:44 +02:00
hci_core.c Bluetooth: Introduce connection parameters list 2014-02-13 09:51:44 +02:00
hci_event.c Bluetooth: Track if link is using P-256 authenticated combination key 2014-02-13 09:51:44 +02:00
hci_sock.c Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth 2013-12-18 13:46:08 -05:00
hci_sysfs.c Bluetooth: Convert to use ATTRIBUTE_GROUPS macro 2014-02-13 09:51:34 +02:00
Kconfig net: move 6lowpan compression code to separate module 2014-01-15 15:36:38 -08:00
l2cap_core.c Bluetooth: Enable LE L2CAP CoC support by default 2014-02-14 13:39:12 -08:00
l2cap_sock.c Bluetooth: Enable LE L2CAP CoC support by default 2014-02-14 13:39:12 -08:00
lib.c bluetooth: Remove unneeded batostr function 2012-09-27 18:10:43 -03:00
Makefile Bluetooth: remove direct compilation of 6lowpan_iphc.c 2014-01-17 19:13:49 -08:00
mgmt.c Bluetooth: Add management command for Secure Connection Only Mode 2014-02-13 09:51:43 +02:00
sco.c net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
smp.c Bluetooth: Fix differentiating stored master vs slave LTK types 2014-02-13 09:51:41 +02:00
smp.h Bluetooth: Add smp_sufficient_security helper function 2013-12-05 07:05:33 -08:00