Bluetooth: hci_conn: fail SCO/ISO via hci_conn_failed if ACL gone early - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	Pauli Virtanen <pav@iki.fi>	2023-08-19 16:33:36 +0300
committer	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>	2023-08-24 22:22:35 +0300
commit	3344d318337d9dca928fd448e966557ec5063f85 (patch)
tree	82a6c1b14a5ed03cbee9afc71ab7b35078a454ce /net/bluetooth/hci_event.c
parent	db08722fc7d46168fe31d9b8a7b29229dd959f9f (diff)
download	linux-3344d318337d9dca928fd448e966557ec5063f85.tar.xz

Bluetooth: hci_conn: fail SCO/ISO via hci_conn_failed if ACL gone early

Not calling hci_(dis)connect_cfm before deleting conn referred to by a socket generally results to use-after-free. When cleaning up SCO connections when the parent ACL is deleted too early, use hci_conn_failed to do the connection cleanup properly. We also need to clean up ISO connections in a similar situation when connecting has started but LE Create CIS is not yet sent, so do it too here. Fixes: ca1fd42e7dbf ("Bluetooth: Fix potential double free caused by hci_conn_unlink") Reported-by: syzbot+cf54c1da6574b6c1b049@syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-bluetooth/00000000000013b93805fbbadc50@google.com/ Signed-off-by: Pauli Virtanen <pav@iki.fi> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

Diffstat (limited to 'net/bluetooth/hci_event.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: