hamza.kesraoui/sst-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f96e9ca205
sst-linux/net/bluetooth
History
Ying Hsu 06e2b5ad72 Bluetooth: Fix hci_suspend_sync crash 
[ Upstream commit 573ebae162111063eedc6c838a659ba628f66a0f ]

If hci_unregister_dev() frees the hci_dev object but hci_suspend_notifier
may still be accessing it, it can cause the program to crash.
Here's the call trace:
  <4>[102152.653246] Call Trace:
  <4>[102152.653254]  hci_suspend_sync+0x109/0x301 [bluetooth]
  <4>[102152.653259]  hci_suspend_dev+0x78/0xcd [bluetooth]
  <4>[102152.653263]  hci_suspend_notifier+0x42/0x7a [bluetooth]
  <4>[102152.653268]  notifier_call_chain+0x43/0x6b
  <4>[102152.653271]  __blocking_notifier_call_chain+0x48/0x69
  <4>[102152.653273]  __pm_notifier_call_chain+0x22/0x39
  <4>[102152.653276]  pm_suspend+0x287/0x57c
  <4>[102152.653278]  state_store+0xae/0xe5
  <4>[102152.653281]  kernfs_fop_write+0x109/0x173
  <4>[102152.653284]  __vfs_write+0x16f/0x1a2
  <4>[102152.653287]  ? selinux_file_permission+0xca/0x16f
  <4>[102152.653289]  ? security_file_permission+0x36/0x109
  <4>[102152.653291]  vfs_write+0x114/0x21d
  <4>[102152.653293]  __x64_sys_write+0x7b/0xdb
  <4>[102152.653296]  do_syscall_64+0x59/0x194
  <4>[102152.653299]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1

This patch holds the reference count of the hci_dev object while
processing it in hci_suspend_notifier to avoid potential crash
caused by the race condition.

Signed-off-by: Ying Hsu <yinghsu@chromium.org>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-09-23 11:11:02 +02:00
..
bnep
cmtp
hidp Bluetooth: Fix race condition in hidp_session_thread 2023-04-20 12:35:06 +02:00
rfcomm Bluetooth: Fix possible deadlock in rfcomm_sk_state_change 2023-02-01 08:34:22 +01:00
6lowpan.c use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
a2mp.c use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
a2mp.h
af_bluetooth.c
amp.c
amp.h
aosp.c
aosp.h
ecdh_helper.c
ecdh_helper.h
eir.c
eir.h
hci_codec.c
hci_codec.h
hci_conn.c Bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync 2023-07-27 08:50:47 +02:00
hci_core.c Bluetooth: Fix hci_suspend_sync crash 2023-09-23 11:11:02 +02:00
hci_debugfs.c
hci_debugfs.h
hci_event.c Bluetooth: hci_event: call disconnect callback before deleting conn 2023-07-27 08:50:47 +02:00
hci_request.c
hci_request.h
hci_sock.c bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() 2023-06-05 09:26:21 +02:00
hci_sync.c Bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync 2023-07-27 08:50:47 +02:00
hci_sysfs.c
iso.c net: annotate data-races around sk->sk_lingertime 2023-09-13 09:42:33 +02:00
Kconfig
l2cap_core.c Bluetooth: L2CAP: Fix use-after-free 2023-08-23 17:52:25 +02:00
l2cap_sock.c Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb 2023-08-11 12:08:23 +02:00
leds.c
leds.h
lib.c Bluetooth: Fix EALREADY and ELOOP cases in bt_status() 2022-12-31 13:32:28 +01:00
Makefile
mgmt_config.c
mgmt_config.h
mgmt_util.c
mgmt_util.h Bluetooth: Fix a buffer overflow in mgmt_mesh_add() 2023-02-01 08:34:21 +01:00
mgmt.c Bluetooth: MGMT: Use correct address for memcpy() 2023-08-23 17:52:27 +02:00
msft.c
msft.h
sco.c net: annotate data-races around sk->sk_lingertime 2023-09-13 09:42:33 +02:00
selftest.c
selftest.h
smp.c use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
smp.h