]> Git Repo - linux.git/commit
projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c95930a) | patch
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition
authorZheng Wang <[email protected]>
Wed, 8 Mar 2023 16:45:01 +0000 (00:45 +0800)
committerLuiz Augusto von Dentz <[email protected]>
Mon, 10 Apr 2023 17:23:01 +0000 (10:23 -0700)
commit73f7b171b7c09139eb3c6a5677c200dc1be5f318
treed231eddc6d2705bac3eca408fc9d6259f7c680d8tree | snapshot
parentc95930abd687fcd1aa040dc4fe90dff947916460commit | diff
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition

In btsdio_probe, the data->work is bound with btsdio_work. It will be
started in btsdio_send_frame.

If the btsdio_remove runs with a unfinished work, there may be a race
condition that hdev is freed but used in btsdio_work. Fix it by
canceling the work before do cleanup in btsdio_remove.

Signed-off-by: Zheng Wang <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>
drivers/bluetooth/btsdio.c diff | blob | blame | history
Empty description
This page took 0.057611 seconds and 4 git commands to generate.