[PATCH 0/2] bluetooth: fix NULL-pointer dereferences

From: Johan Hovold
Date: Wed Mar 07 2012 - 11:03:47 EST

Next message: Johan Hovold: "[PATCH 2/2] bluetooth: hci_core: fix NULL-pointer dereference at unregister"
Previous message: Johan Hovold: "[PATCH 1/2] bluetooth: hci_ldisc: fix NULL-pointer dereference on tty_close"
Next in thread: Johan Hovold: "[PATCH 1/2] bluetooth: hci_ldisc: fix NULL-pointer dereference on tty_close"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

These patches fixes two races in hci_ldisc and hci_core which can lead to
NULL-pointer dereferences.

The first one is 100% reproducible on 3.2 as well as 3.3-rc6 and needs to be
backported to all stable kernels as the offending code has been around for
quite some time.

The second one is 100% reproducible on 3.3-rc6 but I haven't seen it on 3.2 or
earlier, but as far as I can see it could be possibly to trigger it at least on
3.0 and later.

Thanks,
Johan

Johan Hovold (2):
bluetooth: hci_ldisc: fix NULL-pointer dereference on tty_close
bluetooth: hci_core: fix NULL-pointer dereference at unregister

drivers/bluetooth/hci_ldisc.c | 2 +-
include/net/bluetooth/hci.h | 1 +
net/bluetooth/hci_core.c | 7 +++++++
3 files changed, 9 insertions(+), 1 deletions(-)

--
1.7.8.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Johan Hovold: "[PATCH 2/2] bluetooth: hci_core: fix NULL-pointer dereference at unregister"
Previous message: Johan Hovold: "[PATCH 1/2] bluetooth: hci_ldisc: fix NULL-pointer dereference on tty_close"
Next in thread: Johan Hovold: "[PATCH 1/2] bluetooth: hci_ldisc: fix NULL-pointer dereference on tty_close"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]