Lin Ma 2d84ef4e65 bluetooth: eliminate the potential race condition when removing the HCI controller ... commit e2cb6b891ad2b8caa9131e3be70f45243df82a80 upstream. There is a possible race condition vulnerability between issuing a HCI command and removing the cont. Specifically, functions hci_req_sync() and hci_dev_do_close() can race each other like below: thread-A in hci_req_sync() | thread-B in hci_dev_do_close() | hci_req_sync_lock(hdev); test_bit(HCI_UP, &hdev->flags); | ... | test_and_clear_bit(HCI_UP, &hdev->flags) hci_req_sync_lock(hdev); | | In this commit we alter the sequence in function hci_req_sync(). Hence, the thread-A cannot issue th. Signed-off-by: Lin Ma <linma@zju.edu.cn> Cc: Marcel Holtmann <marcel@holtmann.org> Fixes: 7c6a329e44 ("[Bluetooth] Fix regression from using default link policy") Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2021-05-14 09:49:55 +02:00
..
bnep
cmtp
hidp
rfcomm
6lowpan.c
a2mp.c
a2mp.h
af_bluetooth.c
amp.c	Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data	2021-03-07 12:34:10 +01:00
amp.h
ecdh_helper.c
ecdh_helper.h	Fix misc new gcc warnings	2021-05-11 14:47:36 +02:00
hci_conn.c
hci_core.c	Bluetooth: Add new HCI_QUIRK_NO_SUSPEND_NOTIFIER quirk	2021-03-07 12:34:10 +01:00
hci_debugfs.c
hci_debugfs.h
hci_event.c	Bluetooth: verify AMP hci_chan before amp_destroy	2021-05-14 09:49:55 +02:00
hci_request.c	bluetooth: eliminate the potential race condition when removing the HCI controller	2021-05-14 09:49:55 +02:00
hci_request.h
hci_sock.c
hci_sysfs.c
Kconfig
l2cap_core.c
l2cap_sock.c
leds.c
leds.h
lib.c
Makefile
mgmt_config.c
mgmt_config.h
mgmt_util.c
mgmt_util.h
mgmt.c
msft.c
msft.h
sco.c
selftest.c
selftest.h
smp.c
smp.h