]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2d35abd) | patch
Bluetooth: Stop BCSP/H5 timer before cleaning up
authorMichael Knudsen <m.knudsen@samsung.com>
Tue, 18 Feb 2014 08:48:08 +0000 (09:48 +0100)
committerJohan Hedberg <johan.hedberg@intel.com>
Tue, 4 Mar 2014 09:03:14 +0000 (11:03 +0200)
commitc1ba93649b3ed95296d6909a2ec5efc265539e49
tree61434dce7c8a233fbdf0f2c6103c27321202cb1ftree | snapshot
parent2d35abd9e874b46a9cc7ae9208eea2d4ac991f68commit | diff
Bluetooth: Stop BCSP/H5 timer before cleaning up

When stopping BCSP/H5, stop the retransmission timer before proceeding
to clean up packet queues.  The previous code had a race condition where
the timer could trigger after the packet lists and protocol structure
had been removed which led to dereferencing NULL or use-after-free bugs.

Signed-off-by: Michael Knudsen <m.knudsen@samsung.com>
Reported-by: Kirill Tkhai <ktkhai@parallels.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
drivers/bluetooth/hci_bcsp.c diff | blob | history
drivers/bluetooth/hci_h5.c diff | blob | history
Linux Kernel Source Tree.