Skip to content

Commit 5e2b606

Browse files
nielsdosholtmann
nielsdos
authored and
holtmann
committed
Bluetooth: protect le accept and resolv lists with hdev->lock
Concurrent operations from events on le_{accept,resolv}_list are currently unprotected by hdev->lock. Most existing code do already protect the lists with that lock. This can be observed in hci_debugfs and hci_sync. Add the protection for these events too. Fixes: b950aa8 ("Bluetooth: Add definitions and track LE resolve list modification") Fixes: 0f36b58 ("Bluetooth: Track LE white list modification via HCI commands") Signed-off-by: Niels Dossche <[email protected]> Signed-off-by: Marcel Holtmann <[email protected]>
1 parent fb048ca commit 5e2b606

File tree

1 file changed

+12
-0
lines changed

1 file changed

+12
-0
lines changed

net/bluetooth/hci_event.c

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1835,7 +1835,9 @@ static u8 hci_cc_le_clear_accept_list(struct hci_dev *hdev, void *data,
18351835
if (rp->status)
18361836
return rp->status;
18371837

1838+
hci_dev_lock(hdev);
18381839
hci_bdaddr_list_clear(&hdev->le_accept_list);
1840+
hci_dev_unlock(hdev);
18391841

18401842
return rp->status;
18411843
}
@@ -1855,8 +1857,10 @@ static u8 hci_cc_le_add_to_accept_list(struct hci_dev *hdev, void *data,
18551857
if (!sent)
18561858
return rp->status;
18571859

1860+
hci_dev_lock(hdev);
18581861
hci_bdaddr_list_add(&hdev->le_accept_list, &sent->bdaddr,
18591862
sent->bdaddr_type);
1863+
hci_dev_unlock(hdev);
18601864

18611865
return rp->status;
18621866
}
@@ -1876,8 +1880,10 @@ static u8 hci_cc_le_del_from_accept_list(struct hci_dev *hdev, void *data,
18761880
if (!sent)
18771881
return rp->status;
18781882

1883+
hci_dev_lock(hdev);
18791884
hci_bdaddr_list_del(&hdev->le_accept_list, &sent->bdaddr,
18801885
sent->bdaddr_type);
1886+
hci_dev_unlock(hdev);
18811887

18821888
return rp->status;
18831889
}
@@ -1949,9 +1955,11 @@ static u8 hci_cc_le_add_to_resolv_list(struct hci_dev *hdev, void *data,
19491955
if (!sent)
19501956
return rp->status;
19511957

1958+
hci_dev_lock(hdev);
19521959
hci_bdaddr_list_add_with_irk(&hdev->le_resolv_list, &sent->bdaddr,
19531960
sent->bdaddr_type, sent->peer_irk,
19541961
sent->local_irk);
1962+
hci_dev_unlock(hdev);
19551963

19561964
return rp->status;
19571965
}
@@ -1971,8 +1979,10 @@ static u8 hci_cc_le_del_from_resolv_list(struct hci_dev *hdev, void *data,
19711979
if (!sent)
19721980
return rp->status;
19731981

1982+
hci_dev_lock(hdev);
19741983
hci_bdaddr_list_del_with_irk(&hdev->le_resolv_list, &sent->bdaddr,
19751984
sent->bdaddr_type);
1985+
hci_dev_unlock(hdev);
19761986

19771987
return rp->status;
19781988
}
@@ -1987,7 +1997,9 @@ static u8 hci_cc_le_clear_resolv_list(struct hci_dev *hdev, void *data,
19871997
if (rp->status)
19881998
return rp->status;
19891999

2000+
hci_dev_lock(hdev);
19902001
hci_bdaddr_list_clear(&hdev->le_resolv_list);
2002+
hci_dev_unlock(hdev);
19912003

19922004
return rp->status;
19932005
}

0 commit comments

Comments
 (0)