linux/drivers/bluetooth
Zheng Wang 1e9ac114c4 Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
In btsdio_probe, &data->work was bound with btsdio_work.In
btsdio_send_frame, it was started by schedule_work.

If we call btsdio_remove with an unfinished job, there may
be a race condition and cause UAF bug on hdev.

Fixes: ddbaf13e36 ("[Bluetooth] Add generic driver for Bluetooth SDIO devices")
Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
2023-03-23 13:09:38 -07:00
..
ath3k.c Bluetooth: ath3k: remove superfluous header files 2022-03-18 17:12:09 +01:00
bcm203x.c Bluetooth: bcm203x: remove superfluous header files 2022-03-18 17:12:09 +01:00
bfusb.c
bluecard_cs.c
bpa10x.c
bt3c_cs.c
btbcm.c Bluetooth: hci_bcm: Add BCM4349B1 variant 2022-07-21 17:06:36 -07:00
btbcm.h Bluetooth: hci_bcm: Add support for FW loading in autobaud mode 2022-07-21 17:04:38 -07:00
btintel.c Bluetooth: btinel: Check ACPI handle for NULL before accessing 2023-03-23 13:09:26 -07:00
btintel.h Bluetooth: btintel: Iterate only bluetooth device ACPI entries 2023-03-22 16:05:55 -07:00
btmrvl_debugfs.c treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_390.RULE 2022-06-10 14:51:36 +02:00
btmrvl_drv.h treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_390.RULE 2022-06-10 14:51:36 +02:00
btmrvl_main.c treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_390.RULE 2022-06-10 14:51:36 +02:00
btmrvl_sdio.c treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_390.RULE 2022-06-10 14:51:36 +02:00
btmrvl_sdio.h treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_390.RULE 2022-06-10 14:51:36 +02:00
btmtk.c Bluetooth: btmtkuart: rely on BT_MTK module 2022-03-18 17:12:07 +01:00
btmtk.h Bluetooth: btmtkuart: rely on BT_MTK module 2022-03-18 17:12:07 +01:00
btmtksdio.c Bluetooth: btmtksdio: Add in-band wakeup support 2022-07-21 17:08:03 -07:00
btmtkuart.c Bluetooth: btmtkuart: fix error handling in mtk_hci_wmt_sync() 2022-03-18 17:12:08 +01:00
btqca.c
btqca.h
btqcomsmd.c Bluetooth: btqcomsmd: Fix command timeout after setting BD address 2023-03-23 13:09:38 -07:00
btrsi.c
btrtl.c Bluetooth: btusb: Ignore zero length of USB packets on ALT 6 for specific chip 2022-12-12 14:19:23 -08:00
btrtl.h Bluetooth: btrtl: Add btrealtek data struct 2022-12-12 14:19:23 -08:00
btsdio.c Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work 2023-03-23 13:09:38 -07:00
btusb.c Bluetooth: btusb: Remove detection of ISO packets over bulk 2023-03-22 16:05:55 -07:00
dtl1_cs.c
h4_recv.h
hci_ag6xx.c
hci_ath.c
hci_bcm4377.c Bluetooth: hci_bcm4377: Fix missing pci_disable_device() on error in bcm4377_probe() 2022-12-12 14:19:25 -08:00
hci_bcm.c Bluetooth: hci_bcm: Add CYW4373A0 support 2022-12-12 14:19:24 -08:00
hci_bcsp.c treewide: Convert del_timer*() to timer_shutdown*() 2022-12-25 13:38:09 -08:00
hci_h4.c
hci_h5.c Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave() 2022-12-12 14:19:25 -08:00
hci_intel.c Bluetooth: hci_intel: Add check for platform_driver_register 2022-07-21 17:05:10 -07:00
hci_ldisc.c Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure 2022-09-19 10:33:39 -07:00
hci_ll.c Bluetooth: hci_ll: don't call kfree_skb() under spin_lock_irqsave() 2022-12-12 14:19:25 -08:00
hci_mrvl.c
hci_nokia.c
hci_qca.c Bluetooth: hci_qca: get wakeup status from serdev device handle 2023-02-09 14:19:08 -08:00
hci_serdev.c Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure 2022-09-19 10:33:39 -07:00
hci_uart.h
hci_vhci.c
Kconfig Bluetooth: hci_bcm4377: Add new driver for BCM4377 PCIe boards 2022-12-12 14:19:24 -08:00
Makefile Bluetooth: hci_bcm4377: Add new driver for BCM4377 PCIe boards 2022-12-12 14:19:24 -08:00
virtio_bt.c virtio_bt: Fix alignment in configuration struct 2022-12-12 14:19:23 -08:00