From: Minho Ban <mhban@samsung.com>
To: Chanyeol Park <chanyeol.park@samsung.com>
Cc: Gustavo Padovan <gustavo@padovan.org>,
Marcel Holtmann <marcel@holtmann.org>,
Johan Hedberg <johan.hedberg@gmail.com>,
"David S. Miller" <davem@davemloft.net>,
linux-bluetooth@vger.kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Bluetooth: Fix null pointer dereference in l2cap_chan_send
Date: Thu, 24 May 2012 15:32:41 +0900 [thread overview]
Message-ID: <4FBDD609.8060702@samsung.com> (raw)
In-Reply-To: <4FBB8828.303@samsung.com>
On 05/22/2012 09:35 PM, Chanyeol Park wrote:
> Hi
> On 2012년 05월 21일 09:58, Minho Ban wrote:
>> diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
>> index 3bb1611..98d4541 100644
>> --- a/net/bluetooth/l2cap_sock.c
>> +++ b/net/bluetooth/l2cap_sock.c
>> @@ -727,10 +727,12 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
>> if (msg->msg_flags& MSG_OOB)
>> return -EOPNOTSUPP;
>>
>> - if (sk->sk_state != BT_CONNECTED)
>> + l2cap_chan_lock(chan);
>> + if (sk->sk_state != BT_CONNECTED || !chan->conn) {
>> + l2cap_chan_unlock(chan);
>> return -ENOTCONN;
>> + }
>>
>> - l2cap_chan_lock(chan);
>> err = l2cap_chan_send(chan, msg, len, sk->sk_priority);
>> l2cap_chan_unlock(chan);
>>
> Beside !chan->conn condition,I think it makes sense that sk_state check should be moved after l2cap_chan_lock()
> because sk_state could be changed due to l2cap_conn_del().
>
Thanks, chan->conn condition is not necessary, move sk->sk_state != BT_CONNECTED behind chan_lock is enough.
I'll amend this patch.
Regards
Minho Ban
prev parent reply other threads:[~2012-05-24 6:32 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-21 0:58 [PATCH] Bluetooth: Fix null pointer dereference in l2cap_chan_send Minho Ban
2012-05-21 16:17 ` Gustavo Padovan
2012-05-22 1:21 ` Minho Ban
2012-05-22 1:21 ` Minho Ban
2012-05-22 12:35 ` Chanyeol Park
2012-05-22 12:35 ` Chanyeol Park
2012-05-24 6:32 ` Minho Ban [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FBDD609.8060702@samsung.com \
--to=mhban@samsung.com \
--cc=chanyeol.park@samsung.com \
--cc=davem@davemloft.net \
--cc=gustavo@padovan.org \
--cc=johan.hedberg@gmail.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marcel@holtmann.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.