mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-11-27 01:11:31 +00:00
11eb85ec42
Syzbot managed to trigger a use after free "KASAN: use-after-free Write in hci_sock_bind". I have reviewed the code manually and one possibly cause I have found is that we are not holding lock_sock(sk) when we do the hci_dev_put(hdev) in hci_sock_release(). My theory is that the bind and the release are racing against each other which results in this use after free. Reported-by: syzbot+eba992608adf3d796bcc@syzkaller.appspotmail.com Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> |
||
|---|---|---|
| .. | ||
| bnep | ||
| cmtp | ||
| hidp | ||
| rfcomm | ||
| 6lowpan.c | ||
| a2mp.c | ||
| a2mp.h | ||
| af_bluetooth.c | ||
| amp.c | ||
| amp.h | ||
| ecdh_helper.c | ||
| ecdh_helper.h | ||
| hci_conn.c | ||
| hci_core.c | ||
| hci_debugfs.c | ||
| hci_debugfs.h | ||
| hci_event.c | ||
| hci_request.c | ||
| hci_request.h | ||
| hci_sock.c | ||
| hci_sysfs.c | ||
| Kconfig | ||
| l2cap_core.c | ||
| l2cap_sock.c | ||
| leds.c | ||
| leds.h | ||
| lib.c | ||
| Makefile | ||
| mgmt.c | ||
| mgmt_util.c | ||
| mgmt_util.h | ||
| sco.c | ||
| selftest.c | ||
| selftest.h | ||
| smp.c | ||
| smp.h | ||