Bluetooth: Fix deadlock and crash when SMP pairing times out - wireguard-linux

diff options

author	Johan Hedberg <johan.hedberg@intel.com>	2012-06-06 18:44:11 +0800
committer	Gustavo Padovan <gustavo.padovan@collabora.co.uk>	2012-06-08 03:23:56 -0300
commit	d06cc416f517a25713dedd9e2a9ccf4f3086c09a (patch)
tree	4faf0f0e7f32bc66705f75d3f82d8db503e93741 /security/selinux/netlink.c
parent	Bluetooth: Fix LE pairing completion on connection failure (diff)
download	wireguard-linux-d06cc416f517a25713dedd9e2a9ccf4f3086c09a.tar.xz wireguard-linux-d06cc416f517a25713dedd9e2a9ccf4f3086c09a.zip

Bluetooth: Fix deadlock and crash when SMP pairing times out

The l2cap_conn_del function tries to cancel_sync the security timer, but when it's called from the timeout function itself a deadlock occurs. Subsequently the "hcon->l2cap_data = NULL" that's supposed to protect multiple calls to l2cap_conn_del never gets cleared and when the connection finally drops we double free's etc which will crash the kernel. This patch fixes the issue by using the HCI_CONN_LE_SMP_PEND for protecting against this. The same flag is also used for the same purpose in other places in the SMP code. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>

Diffstat (limited to 'security/selinux/netlink.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: