leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
082a1532fc
linux/net/bluetooth
History
Peter Hurley 082a1532fc Bluetooth: Fix racy acquire of rfcomm_dev reference 
rfcomm_dev_get() can return a rfcomm_dev reference for a
device for which destruction may be commencing. This can happen
on tty destruction, which calls rfcomm_tty_cleanup(), the last
port reference may have been released but RFCOMM_TTY_RELEASED
was not set. The following race is also possible:

CPU 0                            | CPU 1
                                 | rfcomm_release_dev
rfcomm_dev_get                   |   .
  spin_lock                      |   .
    dev  = __rfcomm_dev_get      |   .
    if dev                       |   .
      if test_bit(TTY_RELEASED)  |   .
                                 |   !test_and_set_bit(TTY_RELEASED)
                                 |     tty_port_put   <<<< last reference
      else                       |
        tty_port_get             |

The reference acquire is bogus because destruction will commence
with the release of the last reference.

Ignore the external state change of TTY_RELEASED and instead rely
on the reference acquire itself to determine if the reference is
valid.

Cc: Jiri Slaby <jslaby@suse.cz>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Tested-By: Alexander Holler <holler@ahsoftware.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-14 13:39:29 -08:00
..
bnep net/*: Fix FSF address in file headers 2013-12-06 12:37:57 -05:00
cmtp Bluetooth: Access CMTP session addresses through L2CAP channel 2013-10-13 20:00:30 +03:00
hidp Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem 2013-11-04 14:51:28 -05:00
rfcomm Bluetooth: Fix racy acquire of rfcomm_dev reference 2014-02-14 13:39:29 -08:00
6lowpan.c Bluetooth: Fix 6loWPAN peer lookup 2014-01-07 11:32:15 -02:00
6lowpan.h Bluetooth: Enable 6LoWPAN support for BT LE devices 2013-12-11 12:57:55 -08:00
a2mp.c Bluetooth: Rename L2CAP_CHAN_CONN_FIX_A2MP to L2CAP_CHAN_FIXED 2014-02-13 09:51:37 +02:00
a2mp.h Bluetooth: Move a2mp.h header file into net/bluetooth/ 2013-10-11 00:10:05 +02:00
af_bluetooth.c Bluetooth: Increase minor version of core module 2013-12-07 21:29:43 +04:00
amp.c Bluetooth: Remove l2cap_conn->dst usage from AMP manager 2013-10-13 17:43:32 +03:00
amp.h Bluetooth: Move amp.h header file into net/bluetooth/ 2013-10-11 00:10:03 +02:00
hci_conn.c Bluetooth: Use connection parameters if any 2014-02-13 09:51:44 +02:00
hci_core.c Bluetooth: Introduce connection parameters list 2014-02-13 09:51:44 +02:00
hci_event.c Bluetooth: Track if link is using P-256 authenticated combination key 2014-02-13 09:51:44 +02:00
hci_sock.c Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth 2013-12-18 13:46:08 -05:00
hci_sysfs.c Bluetooth: Convert to use ATTRIBUTE_GROUPS macro 2014-02-13 09:51:34 +02:00
Kconfig net: move 6lowpan compression code to separate module 2014-01-15 15:36:38 -08:00
l2cap_core.c Bluetooth: Enable LE L2CAP CoC support by default 2014-02-14 13:39:12 -08:00
l2cap_sock.c Bluetooth: Enable LE L2CAP CoC support by default 2014-02-14 13:39:12 -08:00
lib.c bluetooth: Remove unneeded batostr function 2012-09-27 18:10:43 -03:00
Makefile Bluetooth: remove direct compilation of 6lowpan_iphc.c 2014-01-17 19:13:49 -08:00
mgmt.c Bluetooth: Add management command for Secure Connection Only Mode 2014-02-13 09:51:43 +02:00
sco.c net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
smp.c Bluetooth: Fix differentiating stored master vs slave LTK types 2014-02-13 09:51:41 +02:00
smp.h Bluetooth: Add smp_sufficient_security helper function 2013-12-05 07:05:33 -08:00