brain-hackers_pepepper-mirror
/
linux-brain
mirror of https://github.com/brain-hackers/linux-brain.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux-brain/net/bluetooth
History
Myungho Jung bd140b0325 Bluetooth: Fix decrementing reference count twice in releasing socket 
commit e20a2e9c42 upstream.

When releasing socket, it is possible to enter hci_sock_release() and
hci_sock_dev_event(HCI_DEV_UNREG) at the same time in different thread.
The reference count of hdev should be decremented only once from one of
them but if storing hdev to local variable in hci_sock_release() before
detached from socket and setting to NULL in hci_sock_dev_event(),
hci_dev_put(hdev) is unexpectedly called twice. This is resolved by
referencing hdev from socket after bt_sock_unlink() in
hci_sock_release().

Reported-by: syzbot+fdc00003f4efff43bc5b@syzkaller.appspotmail.com
Signed-off-by: Myungho Jung <mhjungk@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2019-03-27 14:13:03 +09:00
..
bnep Bluetooth: bnep: fix possible might sleep error in bnep_session 2017-08-30 10:21:52 +02:00
cmtp Bluetooth: cmtp: fix possible might sleep error in cmtp_session 2017-08-30 10:21:52 +02:00
hidp Bluetooth: hidp: Fix handling of strncpy for hid->name information 2018-09-19 22:47:14 +02:00
rfcomm Bluetooth: Fix using the correct source address type 2016-11-22 22:50:46 +01:00
6lowpan.c Bluetooth: 6lowpan: fix delay work init in add_peer_chan() 2018-03-22 09:17:52 +01:00
Kconfig Bluetooth: add LED trigger for indicating HCI is powered up 2016-02-23 20:29:35 +01:00
Makefile Bluetooth: add LED trigger for indicating HCI is powered up 2016-02-23 20:29:35 +01:00
a2mp.c Bluetooth: Move get info completed callback to a2mp.c 2015-07-30 13:37:22 +02:00
a2mp.h Bluetooth: Add BT_HS config option 2015-07-30 13:31:59 +02:00
af_bluetooth.c Bluetooth: Avoid bt_accept_unlink() double unlinking 2018-03-22 09:17:52 +01:00
amp.c Bluetooth: Fix breakage in amp_write_rem_assoc_frag() 2015-08-10 20:41:34 +02:00
amp.h Bluetooth: Add BT_HS config option 2015-07-30 13:31:59 +02:00
ecc.c Bluetooth: Add ECC library for LE Secure Connections 2014-12-03 16:51:16 +01:00
ecc.h Bluetooth: Add ECC library for LE Secure Connections 2014-12-03 16:51:16 +01:00
hci_conn.c Bluetooth: Fix connection if directed advertising and privacy is used 2018-04-20 08:21:07 +02:00
hci_core.c Bluetooth: Send HCI Set Event Mask Page 2 command only when needed 2018-04-13 19:48:28 +02:00
hci_debugfs.c Bluetooth: Add debugfs fields for hardware and firmware info 2016-07-18 09:33:28 +03:00
hci_debugfs.h Bluetooth: Provide option to enable/disable debugfs information 2015-02-15 18:54:13 +02:00
hci_event.c Bluetooth: Fix unnecessary error message for HCI request completion 2019-02-12 19:44:56 +01:00
hci_request.c Bluetooth: Fix append max 11 bytes of name to scan rsp data 2016-10-19 18:42:37 +02:00
hci_request.h Bluetooth: Fix append max 11 bytes of name to scan rsp data 2016-10-19 18:42:37 +02:00
hci_sock.c Bluetooth: Fix decrementing reference count twice in releasing socket 2019-03-27 14:13:03 +09:00
hci_sysfs.c Bluetooth: Remove controller device attributes 2016-07-09 21:37:11 +03:00
l2cap_core.c Bluetooth: Fix connection if directed advertising and privacy is used 2018-04-20 08:21:07 +02:00
l2cap_sock.c Bluetooth: split sk_filter in l2cap_sock_recv_cb 2016-08-24 16:55:04 +02:00
leds.c Bluetooth: Add combined LED trigger for controller power 2016-09-19 20:19:34 +02:00
leds.h Bluetooth: Add combined LED trigger for controller power 2016-09-19 20:19:34 +02:00
lib.c Bluetooth: Add BT_WARN and bt_dev_warn logging macros 2015-09-24 16:25:44 +02:00
mgmt.c Bluetooth: SMP: fix crash in unpairing 2018-11-10 07:42:42 -08:00
mgmt_util.c Bluetooth: Add support for sending MGMT commands and events to monitor 2016-09-19 20:19:34 +02:00
mgmt_util.h Bluetooth: Add generic mgmt helper API 2015-03-17 18:03:08 +01:00
sco.c Bluetooth: avoid killing an already killed socket 2018-08-22 07:47:15 +02:00
selftest.c Bluetooth: Export ECDH selftest result in debugfs 2015-04-02 08:47:38 +03:00
selftest.h Bluetooth: Add support for self testing framework 2014-12-30 08:53:55 +02:00
smp.c Bluetooth: SMP: fix crash in unpairing 2018-11-10 07:42:42 -08:00
smp.h Bluetooth: SMP: fix crash in unpairing 2018-11-10 07:42:42 -08:00