aboutsummaryrefslogtreecommitdiff
path: root/scripts/gdb/linux/modules.py
diff options
context:
space:
mode:
authorYing Hsu <[email protected]>2023-01-11 03:16:14 +0000
committerLuiz Augusto von Dentz <[email protected]>2023-01-17 15:59:02 -0800
commit1d80d57ffcb55488f0ec0b77928d4f82d16b6a90 (patch)
tree878e4f4e48bf3843f5f1ce436ea08e42fc9d38da /scripts/gdb/linux/modules.py
parent506d9b4099a0ce8249bba16b4d0b828fdcf69d9a (diff)
Bluetooth: Fix possible deadlock in rfcomm_sk_state_change
syzbot reports a possible deadlock in rfcomm_sk_state_change [1]. While rfcomm_sock_connect acquires the sk lock and waits for the rfcomm lock, rfcomm_sock_release could have the rfcomm lock and hit a deadlock for acquiring the sk lock. Here's a simplified flow: rfcomm_sock_connect: lock_sock(sk) rfcomm_dlc_open: rfcomm_lock() rfcomm_sock_release: rfcomm_sock_shutdown: rfcomm_lock() __rfcomm_dlc_close: rfcomm_k_state_change: lock_sock(sk) This patch drops the sk lock before calling rfcomm_dlc_open to avoid the possible deadlock and holds sk's reference count to prevent use-after-free after rfcomm_dlc_open completes. Reported-by: [email protected] Fixes: 1804fdf6e494 ("Bluetooth: btintel: Combine setting up MSFT extension") Link: https://syzkaller.appspot.com/bug?extid=d7ce59b06b3eb14fd218 [1] Signed-off-by: Ying Hsu <[email protected]> Signed-off-by: Luiz Augusto von Dentz <[email protected]>
Diffstat (limited to 'scripts/gdb/linux/modules.py')
0 files changed, 0 insertions, 0 deletions