linux/net at 6c2718da59613d76013b501bf0f8bcf9d7794b2d - linux - Asai Git

sugar/linux

Files

History

Nick Pelly 6c2718da59 Bluetooth: Do not call rfcomm_session_put() for RFCOMM UA on closed socket

When processing a RFCOMM UA frame when the socket is closed and we were
not the RFCOMM initiator would cause rfcomm_session_put() to be called
twice during rfcomm_process_rx(). This would cause a kernel panic in
rfcomm_session_close() then.

This could be easily reproduced during disconnect with devices such as
Motorola H270 that send RFCOMM UA followed quickly by L2CAP disconnect
request. This trace for this looks like:

2009-09-21 17:22:37.788895 < ACL data: handle 1 flags 0x02 dlen 8
   L2CAP(d): cid 0x0041 len 4 [psm 3]
     RFCOMM(s): DISC: cr 0 dlci 20 pf 1 ilen 0 fcs 0x7d
2009-09-21 17:22:37.906204 > HCI Event: Number of Completed Packets (0x13) plen 5
   handle 1 packets 1
2009-09-21 17:22:37.933090 > ACL data: handle 1 flags 0x02 dlen 8
   L2CAP(d): cid 0x0040 len 4 [psm 3]
     RFCOMM(s): UA: cr 0 dlci 20 pf 1 ilen 0 fcs 0x57
2009-09-21 17:22:38.636764 < ACL data: handle 1 flags 0x02 dlen 8
   L2CAP(d): cid 0x0041 len 4 [psm 3]
     RFCOMM(s): DISC: cr 0 dlci 0 pf 1 ilen 0 fcs 0x9c
2009-09-21 17:22:38.744125 > HCI Event: Number of Completed Packets (0x13) plen 5
   handle 1 packets 1
2009-09-21 17:22:38.763687 > ACL data: handle 1 flags 0x02 dlen 8
   L2CAP(d): cid 0x0040 len 4 [psm 3]
     RFCOMM(s): UA: cr 0 dlci 0 pf 1 ilen 0 fcs 0xb6
2009-09-21 17:22:38.783554 > ACL data: handle 1 flags 0x02 dlen 12
   L2CAP(s): Disconn req: dcid 0x0040 scid 0x0041

Avoid calling rfcomm_session_put() twice by skipping this call
in rfcomm_recv_ua() if the socket is closed.

Signed-off-by: Nick Pelly <npelly@google.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

2010-02-03 16:28:44 -08:00

..

9p connect fixes

2009-12-16 12:16:41 -05:00

sysctl net: Remove unused binary sysctl code

2009-11-12 02:05:06 -08:00

vlan: fix vlan_skb_recv()

2010-01-24 19:52:24 -08:00

appletalk:: da.s_net not copied but assigned to itself in aarp_rcv()

2010-01-15 01:49:28 -08:00

atm: [br2684] allow routed mode operation again

2009-12-08 20:22:31 -08:00

ax25: netrom: rose: Fix timer oopses

2010-01-16 01:04:04 -08:00

Bluetooth: Do not call rfcomm_session_put() for RFCOMM UA on closed socket

2010-02-03 16:28:44 -08:00

netfilter: ebtables: enforce CAP_NET_ADMIN

2010-01-08 17:31:24 +01:00

net: Move && and || to end of previous line

2009-11-29 16:55:45 -08:00

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6

2010-01-12 20:53:29 -08:00

net: Move && and || to end of previous line

2009-11-29 16:55:45 -08:00

Merge branch 'master' of /home/davem/src/GIT/linux-2.6/

2010-01-22 22:45:46 -08:00

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6

2009-12-08 07:55:01 -08:00

netdev: convert pseudo-devices to netdev_tx_t

2009-09-01 01:13:07 -07:00

net: use net_eq to compare nets

2009-11-25 15:14:13 -08:00

remove deprecated and not used: print_mac()

2009-11-15 22:21:34 -08:00

net: use net_eq to compare nets

2009-11-25 15:14:13 -08:00

tcp_probe: avoid modulus operation and wrap fix

2010-01-25 15:47:50 -08:00

ipv6: conntrack: Add member of user to nf_ct_frag6_queue structure

2010-01-26 05:13:27 -08:00

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6

2009-12-08 07:55:01 -08:00

tree-wide: convert open calls to remove spaces to skip_spaces() lib function

2009-12-15 08:53:32 -08:00

const: constify remaining dev_pm_ops

2009-12-15 08:53:25 -08:00

xfrm: Fix truncation length of authentication algorithms installed via PF_KEY

2009-12-11 15:07:57 -08:00

net: remove NET_RX_BAD and NET_RX_CN* defines

2009-07-05 19:15:35 -07:00

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6

2009-12-08 07:55:01 -08:00

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6

2010-01-28 05:42:33 -08:00

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6

2010-02-02 09:04:58 -08:00

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial

2009-12-09 19:43:33 -08:00

net: use net_eq to compare nets

2009-11-25 15:14:13 -08:00

ax25: netrom: rose: Fix timer oopses

2010-01-16 01:04:04 -08:00

af_packet: Don't use skb after dev_queue_xmit()

2010-01-11 15:39:42 -08:00

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6

2009-12-08 07:55:01 -08:00

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband

2009-12-16 10:32:31 -08:00

net/rfkill/core.c: work around gcc-4.0.2 silliness

2009-12-07 16:51:23 -05:00

ax25: netrom: rose: Fix timer oopses

2010-01-16 01:04:04 -08:00

net: use net_eq to compare nets

2009-11-25 15:14:13 -08:00

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial

2009-12-09 19:43:33 -08:00

net/sctp/socket.c: squish warning

2010-01-03 21:25:53 -08:00

Merge branch 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6

2010-01-08 13:55:14 -08:00

net: Move && and || to end of previous line

2009-11-29 16:55:45 -08:00

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6

2009-12-08 07:55:01 -08:00

headers: smp_lock.h redux

2009-07-12 12:22:34 -07:00

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial

2009-12-09 19:43:33 -08:00

cfg80211: fix channel setting for wext

2010-01-14 17:14:58 -05:00

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6

2009-12-08 07:55:01 -08:00

netns xfrm: deal with dst entries in netns

2010-01-24 22:47:53 -08:00

compat.c

net: use compat helper functions in compat_sys_recvmmsg

2009-12-11 15:07:57 -08:00

Kconfig

net/compat/wext: send different messages to compat tasks

2009-07-15 08:53:39 -07:00

Makefile

net: remove redundant sched/ in net/Makefile

2009-07-12 20:11:14 -07:00

nonet.c

…

socket.c

fs: no games with DCACHE_UNHASHED

2009-12-17 10:51:40 -05:00

sysctl_net.c

…

TUNABLE

…