NothingOSS/android_kernel_msm-6.1_nothing_sm7635
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_msm-6.1_noth.../drivers/bluetooth
History
Zheng Wang cbf8deacb7 Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work 
[ Upstream commit 1e9ac114c4428fdb7ff4635b45d4f46017e8916f ]

In btsdio_probe, &data->work was bound with btsdio_work.In
btsdio_send_frame, it was started by schedule_work.

If we call btsdio_remove with an unfinished job, there may
be a race condition and cause UAF bug on hdev.

Fixes: ddbaf13e36 ("[Bluetooth] Add generic driver for Bluetooth SDIO devices")
Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-03-30 12:49:12 +02:00
..
ath3k.c Bluetooth: ath3k: remove superfluous header files 2022-03-18 17:12:09 +01:00
bcm203x.c Bluetooth: bcm203x: remove superfluous header files 2022-03-18 17:12:09 +01:00
bfusb.c Bluetooth: bfusb: fix division by zero in send path 2021-10-25 15:04:46 +02:00
bluecard_cs.c
bpa10x.c
bt3c_cs.c
btbcm.c Bluetooth: hci_bcm: Add BCM4349B1 variant 2022-07-21 17:06:36 -07:00
btbcm.h Bluetooth: hci_bcm: Add support for FW loading in autobaud mode 2022-07-21 17:04:38 -07:00
btintel.c Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() 2022-12-31 13:32:28 +01:00
btintel.h Bluetooth: btintel: Fix WBS setting for Intel legacy ROM products 2022-01-21 21:37:48 +01:00
btmrvl_debugfs.c treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_390.RULE 2022-06-10 14:51:36 +02:00
btmrvl_drv.h treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_390.RULE 2022-06-10 14:51:36 +02:00
btmrvl_main.c treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_390.RULE 2022-06-10 14:51:36 +02:00
btmrvl_sdio.c treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_390.RULE 2022-06-10 14:51:36 +02:00
btmrvl_sdio.h treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_390.RULE 2022-06-10 14:51:36 +02:00
btmtk.c Bluetooth: btmtkuart: rely on BT_MTK module 2022-03-18 17:12:07 +01:00
btmtk.h Bluetooth: btmtkuart: rely on BT_MTK module 2022-03-18 17:12:07 +01:00
btmtksdio.c Bluetooth: btmtksdio: Add in-band wakeup support 2022-07-21 17:08:03 -07:00
btmtkuart.c Bluetooth: btmtkuart: fix error handling in mtk_hci_wmt_sync() 2022-03-18 17:12:08 +01:00
btqca.c Bluetooth: btqca: sequential validation 2022-01-07 08:32:55 +01:00
btqca.h Bluetooth: btqca: sequential validation 2022-01-07 08:32:55 +01:00
btqcomsmd.c Bluetooth: btqcomsmd: Fix command timeout after setting BD address 2023-03-30 12:49:12 +02:00
btrsi.c
btrtl.c Bluetooth: btrtl: Fix typo in comment 2022-07-22 12:55:06 -07:00
btrtl.h
btsdio.c Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work 2023-03-30 12:49:12 +02:00
btusb.c Bluetooth: btusb: Remove detection of ISO packets over bulk 2023-03-30 12:49:10 +02:00
dtl1_cs.c
h4_recv.h
hci_ag6xx.c
hci_ath.c
hci_bcm.c Bluetooth: hci_bcm: Add CYW4373A0 support 2022-12-31 13:33:05 +01:00
hci_bcsp.c Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave() 2022-12-31 13:32:29 +01:00
hci_h4.c Bluetooth: hci_h4: Fix padding calculation error within h4_recv_buf() 2021-11-16 13:57:25 +01:00
hci_h5.c Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave() 2022-12-31 13:32:28 +01:00
hci_intel.c Bluetooth: hci_intel: Add check for platform_driver_register 2022-07-21 17:05:10 -07:00
hci_ldisc.c Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure 2022-09-19 10:33:39 -07:00
hci_ll.c Bluetooth: hci_ll: don't call kfree_skb() under spin_lock_irqsave() 2022-12-31 13:32:28 +01:00
hci_mrvl.c
hci_nokia.c
hci_qca.c Bluetooth: hci_qca: get wakeup status from serdev device handle 2023-03-10 09:33:02 +01:00
hci_serdev.c Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure 2022-09-19 10:33:39 -07:00
hci_uart.h
hci_vhci.c Bluetooth: vhci: Set HCI_QUIRK_VALID_LE_STATES 2021-12-22 23:01:35 +01:00
Kconfig Bluetooth: btmtkuart: rely on BT_MTK module 2022-03-18 17:12:07 +01:00
Makefile Bluetooth: mediatek: add BT_MTK module 2021-10-25 15:36:23 +02:00
virtio_bt.c Bluetooth: virtio_bt: Use skb_put to set length 2022-11-02 14:15:42 -07:00