redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/net/bluetooth
History
Dan Carpenter 07d00820bf Bluetooth: Fix race condition in hci_release_sock() 
commit 11eb85ec42 upstream.

Syzbot managed to trigger a use after free "KASAN: use-after-free Write
in hci_sock_bind".  I have reviewed the code manually and one possibly
cause I have found is that we are not holding lock_sock(sk) when we do
the hci_dev_put(hdev) in hci_sock_release().  My theory is that the bind
and the release are racing against each other which results in this use
after free.

Reported-by: syzbot+eba992608adf3d796bcc@syzkaller.appspotmail.com
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-02-05 21:22:42 +00:00
..
bnep treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 234 2019-06-19 17:09:07 +02:00
cmtp treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
hidp Bluetooth: hidp: Fix assumptions on the return value of hidp_send_message 2019-09-06 15:55:40 +02:00
rfcomm treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
6lowpan.c net: core: add generic lockdep keys 2019-10-24 14:53:48 -07:00
a2mp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 284 2019-06-05 17:36:37 +02:00
a2mp.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 284 2019-06-05 17:36:37 +02:00
af_bluetooth.c net: use skb_queue_empty_lockless() in poll() handlers 2019-10-28 13:33:41 -07:00
amp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 284 2019-06-05 17:36:37 +02:00
amp.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 284 2019-06-05 17:36:37 +02:00
ecdh_helper.c
ecdh_helper.h
hci_conn.c Bluetooth: Fix memory leak in hci_connect_le_scan 2020-01-09 10:20:04 +01:00
hci_core.c Bluetooth: Allow combination of BDADDR_PROPERTY and INVALID_BDADDR quirks 2020-02-01 09:34:50 +00:00
hci_debugfs.c Bluetooth: Add debug setting for changing minimum encryption key size 2019-08-17 13:54:40 +03:00
hci_debugfs.h
hci_event.c Revert "Bluetooth: validate BLE connection interval updates" 2019-09-05 09:02:59 +03:00
hci_request.c Bluetooth: Fix advertising duplicated flags 2019-12-31 16:44:33 +01:00
hci_request.h Bluetooth: Use controller sets when available 2019-07-06 15:38:18 +02:00
hci_sock.c Bluetooth: Fix race condition in hci_release_sock() 2020-02-05 21:22:42 +00:00
hci_sysfs.c
Kconfig bluetooth: switch to AES library 2019-07-26 14:58:12 +10:00
l2cap_core.c Bluetooth: delete a stray unlock 2020-01-09 10:20:04 +01:00
l2cap_sock.c Bluetooth: Add return check for L2CAP security level set 2019-04-23 18:09:07 +02:00
leds.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
leds.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
lib.c
Makefile
mgmt.c Bluetooth: mgmt: Use struct_size() helper 2019-09-05 17:27:22 +02:00
mgmt_util.c
mgmt_util.h
sco.c net: rework SIOCGSTAMP ioctl handling 2019-04-19 14:07:40 -07:00
selftest.c
selftest.h
smp.c bluetooth: switch to AES library 2019-07-26 14:58:12 +10:00
smp.h Bluetooth: SMP: fix crash in unpairing 2018-09-26 12:39:32 +03:00