[kernel,v2,0/1] Bluetooth: hci_sync: hold hdev->lock when cleanup hci_conn

Message ID	20220823044434.3402413-1-jiangzp@google.com
Headers	show Return-Path: <linux-bluetooth-owner@kernel.org> Date: Mon, 22 Aug 2022 21:44:33 -0700 Message-Id: <20220823044434.3402413-1-jiangzp@google.com> Mime-Version: 1.0 Subject: [kernel PATCH v2 0/1] Bluetooth: hci_sync: hold hdev->lock when cleanup hci_conn From: Zhengping Jiang <jiangzp@google.com> To: linux-bluetooth@vger.kernel.org, marcel@holtmann.org Cc: chromeos-bluetooth-upstreaming@chromium.org, Zhengping Jiang <jiangzp@google.com>, "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Johan Hedberg <johan.hedberg@gmail.com>, Luiz Augusto von Dentz <luiz.dentz@gmail.com>, Paolo Abeni <pabeni@redhat.com>, linux-kernel@vger.kernel.org, netdev@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk
Series	Bluetooth: hci_sync: hold hdev->lock when cleanup hci_conn \| expand [kernel,v2,0/1] Bluetooth: hci_sync: hold hdev->lock when cleanup hci_conn [kernel,v2,1/1] Bluetooth: hci_sync: hold hdev->lock when cleanup hci_conn

Message ID

20220823044434.3402413-1-jiangzp@google.com

Headers

Date: Mon, 22 Aug 2022 21:44:33 -0700
Message-Id: <20220823044434.3402413-1-jiangzp@google.com>
Mime-Version: 1.0
Subject: [kernel PATCH v2 0/1] Bluetooth: hci_sync: hold hdev->lock when
 cleanup hci_conn
From: Zhengping Jiang <jiangzp@google.com>
To: linux-bluetooth@vger.kernel.org, marcel@holtmann.org
Cc: chromeos-bluetooth-upstreaming@chromium.org,
        Zhengping Jiang <jiangzp@google.com>,
        "David S. Miller" <davem@davemloft.net>,
        Eric Dumazet <edumazet@google.com>,
        Jakub Kicinski <kuba@kernel.org>,
        Johan Hedberg <johan.hedberg@gmail.com>,
        Luiz Augusto von Dentz <luiz.dentz@gmail.com>,
        Paolo Abeni <pabeni@redhat.com>, linux-kernel@vger.kernel.org,
        netdev@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk

Series

Bluetooth: hci_sync: hold hdev->lock when cleanup hci_conn | expand

Message

Zhengping Jiang Aug. 23, 2022, 4:44 a.m. UTC

Hold hdev->lock for hci_conn_failed. There are possible race conditions
which may cause kernel crash.

Changes in v2:
- Update commit message

Changes in v1:
- Hold hdev->lock for hci_conn_failed

Zhengping Jiang (1):
  Bluetooth: hci_sync: hold hdev->lock when cleanup hci_conn

 net/bluetooth/hci_sync.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comments

Paolo Abeni Aug. 23, 2022, 11:06 a.m. UTC | #1

On Mon, 2022-08-22 at 21:44 -0700, Zhengping Jiang wrote:
> When disconnecting all devices, hci_conn_failed is used to cleanup
> hci_conn object when the hci_conn object cannot be aborted.
> The function hci_conn_failed requires the caller holds hdev->lock.
> 
> Fixes: 9b3628d79b46f ("Bluetooth: hci_sync: Cleanup hci_conn if it cannot be aborted")
> 
> Signed-off-by: Zhengping Jiang <jiangzp@google.com>

For the records, you should avoid empty lines between the 'fixes' tag
and your SoB.

Cheers,

Paolo