AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-21 00:58:17 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
c4e5bafa66
linux_dsm_epyc7002/net/bluetooth
History
Johan Hedberg c4e5bafa66 Bluetooth: Fix potential double-frees of L2CAP skbs 
The l2cap_recv_frame function is expected to take ownership and
eventually free the skb passed to it. We need to ensure that the
conn->rx_skb pointer is no longer reachable when calling
l2cap_recv_frame so that no other function, such as l2cap_conn_del, may
think that it can free conn->rx_skb.

An actual situation when this can happen is when smp_sig_channel (called
from l2cap_recv_frame) fails and l2cap_conn_del gets called as a
consequence. The l2cap_conn_del function would then try to free
conn->rx_skb, but as the same skb was just passed to smp_sig_channel and
freed we get a double-free.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2013-10-10 05:00:34 -07:00
..
bnep Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
cmtp Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
hidp Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2013-09-06 09:30:36 -07:00
rfcomm Merge git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth 2013-09-27 11:56:14 -03:00
a2mp.c Bluetooth: List powered down AMP controllers correctly 2013-10-07 10:08:42 +02:00
af_bluetooth.c Bluetooth: Add clarifying comment to bt_sock_wait_state() 2013-09-25 14:30:10 -03:00
amp.c Bluetooth: AMP: Use set_bit / test_bit for amp_mgr state 2013-01-09 17:05:05 -02:00
hci_conn.c Bluetooth: Refactor hci_connect_le 2013-10-10 01:30:18 -07:00
hci_core.c Bluetooth: Read flow control mode on AMP controller init 2013-10-07 16:53:43 +02:00
hci_event.c Bluetooth: Use HCI request for LE connection 2013-10-10 01:30:18 -07:00
hci_sock.c Bluetooth: Require CAP_NET_ADMIN for HCI User Channel operation 2013-10-02 09:10:04 +03:00
hci_sysfs.c PTR_RET is now PTR_ERR_OR_ZERO(): Replace most. 2013-07-15 11:25:01 +09:30
Kconfig Bluetooth: trivial: Remove newline before EOF 2012-10-24 00:42:47 -02:00
l2cap_core.c Bluetooth: Fix potential double-frees of L2CAP skbs 2013-10-10 05:00:34 -07:00
l2cap_sock.c Bluetooth: Fix variable shadow warnings 2013-10-07 09:52:12 -07:00
lib.c bluetooth: Remove unneeded batostr function 2012-09-27 18:10:43 -03:00
Makefile Bluetooth: Enable -D__CHECK_ENDIAN__ for sparse by default 2013-10-02 09:10:05 +03:00
mgmt.c Bluetooth: Restrict high speed support to SSP enabled controllers 2013-10-10 12:54:51 +02:00
sco.c Bluetooth: Prevent transparent SCO on older devices 2013-08-21 16:47:12 +02:00
smp.c Bluetooth: Check minimum length of SMP packets 2013-10-03 13:06:41 +03:00