mirror of https://github.com/torvalds/linux.git
e305509e67
The hci_sock_dev_event() function will cleanup the hdev object for sockets even if this object may still be in used within the hci_sock_bound_ioctl() function, result in UAF vulnerability. This patch replace the BH context lock to serialize these affairs and prevent the race condition. Signed-off-by: Lin Ma <linma@zju.edu.cn> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> |
||
|---|---|---|
| .. | ||
| bnep | ||
| cmtp | ||
| hidp | ||
| rfcomm | ||
| 6lowpan.c | ||
| Kconfig | ||
| Makefile | ||
| a2mp.c | ||
| a2mp.h | ||
| af_bluetooth.c | ||
| amp.c | ||
| amp.h | ||
| aosp.c | ||
| aosp.h | ||
| ecdh_helper.c | ||
| ecdh_helper.h | ||
| hci_conn.c | ||
| hci_core.c | ||
| hci_debugfs.c | ||
| hci_debugfs.h | ||
| hci_event.c | ||
| hci_request.c | ||
| hci_request.h | ||
| hci_sock.c | ||
| hci_sysfs.c | ||
| l2cap_core.c | ||
| l2cap_sock.c | ||
| leds.c | ||
| leds.h | ||
| lib.c | ||
| mgmt.c | ||
| mgmt_config.c | ||
| mgmt_config.h | ||
| mgmt_util.c | ||
| mgmt_util.h | ||
| msft.c | ||
| msft.h | ||
| sco.c | ||
| selftest.c | ||
| selftest.h | ||
| smp.c | ||
| smp.h | ||