mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/net/bluetooth
History
Marcel Holtmann e0edf3733f Bluetooth: Fix issue with shared SKB between HCI raw socket and driver 
Any HCI raw socket gets a copy of each SKB that is either received or
send via the Bluetooth subsystem. The raw socket uses SKB clones to
send out data, but the problem is that it needs to add an extra packet
type byte in front of it. And some drivers need to also add an extra
header before submitting the packet.

So far this all worked magically fine since all of the drivers and the
raw sockets are adding the same byte at the same location. But that is
by pure coincidence. Since the data of cloned SKBs is shared, this means
that the raw socket and driver kept writing into the shared data area.

To fix this the only safe way is if the HCI raw socket creates a copy of
the SKB before sending it out. To not always copy all SKBs around, the
copy is only created once and only after any of the HCI filter checks
succeeded.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
 		2012-02-20 15:59:11 +02:00
..
bnep Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem 2012-01-03 15:16:34 -05:00
cmtp Bluetooth: Always compile SCO and L2CAP in Bluetooth Core 2011-12-21 02:21:08 -02:00
hidp Bluetooth: Always compile SCO and L2CAP in Bluetooth Core 2011-12-21 02:21:08 -02:00
rfcomm Bluetooth: Fix RFCOMM session reference counting issue 2012-02-13 17:01:31 +02:00
Kconfig Bluetooth: Always compile SCO and L2CAP in Bluetooth Core 2011-12-21 02:21:08 -02:00
Makefile Bluetooth: Always compile SCO and L2CAP in Bluetooth Core 2011-12-21 02:21:08 -02:00
af_bluetooth.c Bluetooth: silence lockdep warning 2012-02-13 17:01:29 +02:00
hci_conn.c Bluetooth: Fix hci_connect error return values 2012-02-19 14:22:11 +02:00
hci_core.c Bluetooth: Split sending for HCI raw and control sockets 2012-02-20 15:55:11 +02:00
hci_event.c Bluetooth: Split sending for HCI raw and control sockets 2012-02-20 15:55:11 +02:00
hci_sock.c Bluetooth: Fix issue with shared SKB between HCI raw socket and driver 2012-02-20 15:59:11 +02:00
hci_sysfs.c Bluetooth: Use proper datatypes in release-callbacks 2012-02-13 17:01:38 +02:00
l2cap_core.c Bluetooth: Prefix hex numbers with object name 2012-02-17 13:02:33 +02:00
l2cap_sock.c Bluetooth: Use symbolic names for state in debug 2012-02-17 13:01:54 +02:00
lib.c Bluetooth: Add logging functions bt_info and bt_err 2012-02-17 11:33:17 +02:00
mgmt.c Bluetooth: Remove unneeded bt_cb(skb)->channel variable 2012-02-20 15:55:37 +02:00
sco.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth-next 2012-01-10 15:44:17 -05:00
smp.c Bluetooth: Add address type to mgmt_ev_auth_failed 2012-02-13 17:01:37 +02:00