AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-02-20 13:29:44 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
a5de17bb91
linux_dsm_epyc7002/net/bluetooth
History
Thadeu Lima de Souza Cascardo 1b364f8ede Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails 
commit 8da3a0b87f4f1c3a3bbc4bfb78cf68476e97d183 upstream.

When cmtp_attach_device fails, cmtp_add_connection returns the error value
which leads to the caller to doing fput through sockfd_put. But
cmtp_session kthread, which is stopped in this path will also call fput,
leading to a potential refcount underflow or a use-after-free.

Add a refcount before we signal the kthread to stop. The kthread will try
to grab the cmtp_session_sem mutex before doing the fput, which is held
when get_file is called, so there should be no races there.

Reported-by: Ryota Shiga
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-06-03 09:00:35 +02:00
..
bnep
cmtp Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails 2021-06-03 09:00:35 +02:00
hidp
rfcomm Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2020-07-31 15:11:52 -07:00
6lowpan.c
a2mp.c Bluetooth: drop HCI device reference before return 2021-03-04 11:37:25 +01:00
a2mp.h
af_bluetooth.c
amp.c Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data 2021-03-07 12:34:10 +01:00
amp.h
ecdh_helper.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
ecdh_helper.h Fix misc new gcc warnings 2021-05-11 14:47:36 +02:00
hci_conn.c Bluetooth: avoid deadlock between hci_dev->lock and socket lock 2021-05-14 09:50:29 +02:00
hci_core.c Bluetooth: Add new HCI_QUIRK_NO_SUSPEND_NOTIFIER quirk 2021-03-07 12:34:10 +01:00
hci_debugfs.c
hci_debugfs.h
hci_event.c Bluetooth: Fix incorrect status handling in LE PHY UPDATE event 2021-05-19 10:12:52 +02:00
hci_request.c bluetooth: eliminate the potential race condition when removing the HCI controller 2021-05-14 09:49:55 +02:00
hci_request.h
hci_sock.c Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2020-07-31 15:11:52 -07:00
hci_sysfs.c
Kconfig Bluetooth: Disable High Speed by default 2020-09-25 20:21:55 +02:00
l2cap_core.c Bluetooth: initialize skb_queue_head at l2cap_chan_create() 2021-05-19 10:12:53 +02:00
l2cap_sock.c Bluetooth: check for zapped sk before connecting 2021-05-19 10:12:53 +02:00
leds.c
leds.h
lib.c
Makefile
mgmt_config.c
mgmt_config.h
mgmt_util.c
mgmt_util.h
mgmt.c Bluetooth: MGMT: Fix not checking if BT_HS is enabled 2020-09-25 20:21:55 +02:00
msft.c Bluetooth: Replace zero-length array with flexible-array member 2020-10-29 17:22:59 -05:00
msft.h
sco.c Bluetooth: sco: Fix crash when using BT_SNDMTU/BT_RCVMTU option 2020-12-30 11:53:40 +01:00
selftest.c Bluetooth: Remove CRYPTO_ALG_INTERNAL flag 2020-07-31 16:42:04 +03:00
selftest.h
smp.c Bluetooth: SMP: Fail if remote and local public keys are identical 2021-05-26 12:06:57 +02:00
smp.h