superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/include/net/bluetooth
History
Jiexun Wang e83f5e24da Bluetooth: serialize accept_q access 
bt_sock_poll() walks the accept queue without synchronization, while
child teardown can unlink the same socket and drop its last reference.
The unsynchronized accept queue walk has existed since the initial
Bluetooth import.

Protect accept_q with a dedicated lock for queue updates and polling.
Also rework bt_accept_dequeue() to take temporary child references under
the queue lock before dropping it and locking the child socket.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Reported-by: Jann Horn <jannh@google.com>
Reported-by: Yuan Tan <yuantan098@gmail.com>
Reported-by: Yifan Wu <yifanwucs@gmail.com>
Reported-by: Juefei Pu <tomapufckgml@gmail.com>
Reported-by: Xin Liu <bird@lzu.edu.cn>
Signed-off-by: Jiexun Wang <wangjiexun2025@gmail.com>
Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
Signed-off-by: Jiexun Wang <wangjiexun2025@gmail.com>
Reviewed-by: Jann Horn <jannh@google.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
 		2026-05-14 09:49:56 -04:00
..
bluetooth.h Bluetooth: serialize accept_q access 2026-05-14 09:49:56 -04:00
coredump.h Bluetooth: Add support for hci devcoredump 2023-04-23 21:57:59 -07:00
hci.h Bluetooth: hci.h: Avoid a couple -Wflex-array-member-not-at-end warnings 2026-04-13 09:19:42 -04:00
hci_core.h Bluetooth: l2cap: defer conn param update to avoid conn->lock/hdev->lock inversion 2026-05-06 16:20:51 -04:00
hci_drv.h Bluetooth: Annotate struct hci_drv_rp_read_info with __counted_by_le() 2025-09-27 11:37:00 -04:00
hci_mon.h Bluetooth: Introduce HCI Driver protocol 2025-05-21 10:28:07 -04:00
hci_sock.h Bluetooth: hci_core: Prefer struct_size over open coded arithmetic 2024-07-14 21:33:29 -04:00
hci_sync.h Bluetooth: L2CAP: Add support for setting BT_PHY 2026-01-29 13:25:34 -05:00
iso.h Bluetooth: ISO: Add broadcast support 2022-07-22 17:14:13 -07:00
l2cap.h Bluetooth: L2CAP: Fix regressions caused by reusing ident 2026-03-19 14:44:25 -04:00
mgmt.h Bluetooth: HCI: Add initial support for PAST 2025-12-01 15:58:54 -05:00
rfcomm.h tty: rfcomm: prefer struct_size over open coded arithmetic 2024-07-14 21:33:31 -04:00
sco.h Bluetooth: af_bluetooth: Make BT_PKT_STATUS generic 2023-08-11 11:49:16 -07:00