redonkable
/
remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/net
History
Peter Hurley b92483d54a Bluetooth: Fix unsafe RFCOMM device parenting 
Accessing the results of hci_conn_hash_lookup_ba() is unsafe without
holding the hci_dev_lock() during the lookup. For example:

CPU 0                             | CPU 1
hci_conn_hash_lookup_ba           | hci_conn_del
  rcu_read_lock                   |   hci_conn_hash_del
  list_for_each_entry_rcu         |     list_del_rcu
    if (.....)                    |       synchronize_rcu
      rcu_read_unlock             |
                                  |   hci_conn_del_sysfs
                                  |   hci_dev_put
                                  |   hci_conn_put
                                  |     put_device (last reference)
                                  |       bt_link_release
                                  |         kfree(conn)
      return p  << just freed     |

Even if a hci_conn reference were taken (via hci_conn_get), would
not guarantee the lifetime of the sysfs device, but only safe
access to the in-memory structure.

Ensure the hci_conn device stays valid while the rfcomm device
is reparented; rename rfcomm_get_device() to rfcomm_reparent_device()
and perform the reparenting within the function while holding the
hci_dev_lock.

Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Tested-By: Alexander Holler <holler@ahsoftware.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
 		2014-02-14 13:39:31 -08:00
..
9p net/9p: remove virtio default hack and set appropriate bits instead 2013-11-23 16:13:36 -06:00
802 neigh: use NEIGH_VAR_INIT in ndo_neigh_setup functions. 2014-01-16 11:31:58 -08:00
8021q 8021q: Use ether_addr_copy 2014-01-21 18:13:04 -08:00
appletalk net: Fix some fallout from the etner_addr_copy() changes. 2014-01-21 18:57:26 -08:00
atm net: Fix some fallout from the etner_addr_copy() changes. 2014-01-21 18:57:26 -08:00
ax25 net: add build-time checks for msg->msg_name size 2014-01-18 23:04:16 -08:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-01-18 00:55:41 -08:00
bluetooth Bluetooth: Fix unsafe RFCOMM device parenting 2014-02-14 13:39:31 -08:00
bridge bridge: Remove unnecessary vlan_put_tag in br_handle_vlan 2014-01-22 21:29:27 -08:00
caif net: Missing change from the ether_addr_copy() fixups. 2014-01-21 22:54:01 -08:00
can net: add build-time checks for msg->msg_name size 2014-01-18 23:04:16 -08:00
ceph libceph: do not dereference a NULL bio pointer 2014-02-07 11:37:07 -08:00
core net: Fix warning on make htmldocs caused by skbuff.c 2014-01-28 18:06:06 -08:00
dcb dcb: use __dev_get_by_name instead of dev_get_by_name to find interface 2014-01-14 18:50:46 -08:00
dccp ipv4: introduce hardened ip_no_pmtu_disc mode 2014-01-13 11:22:55 -08:00
decnet net: add build-time checks for msg->msg_name size 2014-01-18 23:04:16 -08:00
dns_resolver net/*: Fix FSF address in file headers 2013-12-06 12:37:57 -05:00
dsa dsa: Use ether_addr_copy 2014-01-21 18:13:05 -08:00
ethernet net: eth_type_trans() should use skb_header_pointer() 2014-01-16 15:30:31 -08:00
hsr net/hsr: using kfree_rcu() to simplify the code 2013-12-17 16:32:30 -05:00
ieee802154 net: 6lowpan: fixup for code movement 2014-01-27 16:43:03 -08:00
ipv4 net: gre: use icmp_hdr() to get inner ip header 2014-01-27 20:38:26 -08:00
ipv6 net: Fix memory leak if TPROXY used with TCP early demux 2014-01-27 16:22:11 -08:00
ipx net: add build-time checks for msg->msg_name size 2014-01-18 23:04:16 -08:00
irda net: add build-time checks for msg->msg_name size 2014-01-18 23:04:16 -08:00
iucv net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
key xfrm: export verify_userspi_info for pkfey and netlink interface 2013-12-16 12:54:02 +01:00
l2tp ipv6: protect protocols not handling ipv4 from v4 connection/bind attempts 2014-01-21 16:59:19 -08:00
lapb net/lapb: re-send packets on timeout 2013-09-23 16:52:45 -04:00
llc llc: remove noisy WARN from llc_mac_hdr_init 2014-01-28 18:01:32 -08:00
mac80211 mac80211: propagate STBC / LDPC flags to radiotap 2014-02-06 09:34:58 +01:00
mac802154 mac802154: fix following checkpath.pl warning Prefer pr_warn(... to pr_warning(... 2013-12-22 18:53:08 -05:00
mpls ipip: add GSO/TSO support 2013-10-19 19:36:19 -04:00
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2014-01-25 11:17:34 -08:00
netlabel netlabel: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
netlink net: add build-time checks for msg->msg_name size 2014-01-18 23:04:16 -08:00
netrom net: add build-time checks for msg->msg_name size 2014-01-18 23:04:16 -08:00
nfc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2014-01-25 11:17:34 -08:00
openvswitch net: replace macros net_random and net_srandom with direct calls to prandom 2014-01-14 15:15:25 -08:00
packet af_packet: Add Queue mapping mode to af_packet fanout operation 2014-01-22 17:35:50 -08:00
phonet net: add build-time checks for msg->msg_name size 2014-01-18 23:04:16 -08:00
rds net: add build-time checks for msg->msg_name size 2014-01-18 23:04:16 -08:00
rfkill net: rfkill: move poll work to power efficient workqueue 2014-02-04 21:58:16 +01:00
rose net: add build-time checks for msg->msg_name size 2014-01-18 23:04:16 -08:00
rxrpc RxRPC fixes 2014-01-28 18:04:18 -08:00
sched net: add and use skb_gso_transport_seglen() 2014-01-26 22:38:23 -08:00
sctp sctp: remove macros sctp_bh_[un]lock_sock 2014-01-21 18:41:36 -08:00
sunrpc NFS client bugfixes for Linux 3.14 2014-01-31 15:39:07 -08:00
tipc net: add build-time checks for msg->msg_name size 2014-01-18 23:04:16 -08:00
unix net: add build-time checks for msg->msg_name size 2014-01-18 23:04:16 -08:00
vmw_vsock net: add build-time checks for msg->msg_name size 2014-01-18 23:04:16 -08:00
wimax wimax: remove dead code 2013-11-21 13:09:42 -05:00
wireless cfg80211: regulatory introduce maximum bandwidth calculation 2014-02-05 14:03:19 +01:00
x25 net: add build-time checks for msg->msg_name size 2014-01-18 23:04:16 -08:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2014-01-25 11:17:34 -08:00
Kconfig net: netprio: rename config to be more consistent with cgroup configs 2014-01-03 23:41:42 +01:00
Makefile net: move 6lowpan compression code to separate module 2014-01-15 15:36:38 -08:00
compat.c x86, x32: Correct invalid use of user timespec in the kernel 2014-01-30 18:44:13 -08:00
nonet.c
socket.c net: handle error more gracefully in socketpair() 2013-12-10 22:24:13 -05:00
sysctl_net.c net: Update the sysctl permissions handler to test effective uid/gid 2013-10-07 15:57:56 -04:00