1
linux/net/bluetooth
Gustavo Padovan b7e98b5100 Bluetooth: Check if the hci connection exists in SCO shutdown
Checking only for sco_conn seems to not be enough and lead to NULL
dereferences in the code, check for hcon instead.

<1>[11340.226404] BUG: unable to handle kernel NULL pointer dereference at
0000000
8
<4>[11340.226619] EIP is at __sco_sock_close+0xe8/0x1a0
<4>[11340.226629] EAX: f063a740 EBX: 00000000 ECX: f58f4544 EDX: 00000000
<4>[11340.226640] ESI: dec83e00 EDI: 5f9a081f EBP: e0fdff38 ESP: e0fdff1c
<0>[11340.226674] Stack:
<4>[11340.226682]  c184db87 c1251028 dec83e00 e0fdff38 c1754aef dec83e00
00000000
e0fdff5c
<4>[11340.226718]  c184f587 e0fdff64 e0fdff68 5f9a081f e0fdff5c c1751852
d7813800
62262f10
<4>[11340.226752]  e0fdff70 c1753c00 00000000 00000001 0000000d e0fdffac
c175425c
00000041
<0>[11340.226793] Call Trace:
<4>[11340.226813]  [<c184db87>] ? sco_sock_clear_timer+0x27/0x60
<4>[11340.226831]  [<c1251028>] ? local_bh_enable+0x68/0xd0
<4>[11340.226846]  [<c1754aef>] ? lock_sock_nested+0x4f/0x60
<4>[11340.226862]  [<c184f587>] sco_sock_shutdown+0x67/0xb0
<4>[11340.226879]  [<c1751852>] ? sockfd_lookup_light+0x22/0x80
<4>[11340.226897]  [<c1753c00>] sys_shutdown+0x30/0x60
<4>[11340.226912]  [<c175425c>] sys_socketcall+0x1dc/0x2a0
<4>[11340.226929]  [<c149ba78>] ? trace_hardirqs_on_thunk+0xc/0x10
<4>[11340.226944]  [<c18860f1>] syscall_call+0x7/0xb
<4>[11340.226960]  [<c1880000>] ? restore_cur+0x5e/0xd7
<0>[11340.226969] Code: <f0> ff 4b 08 0f 94 c0 84 c0 74 20 80 7b 19 01 74
2f b8 0a 00 00

Reported-by: Chuansheng Liu <chuansheng.liu@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-01-10 03:53:32 -02:00
..
bnep Bluetooth: Remove unnecessary include export.h 2012-11-01 20:27:04 -02:00
cmtp Bluetooth: Replace include linux/module.h with linux/export.h 2012-10-24 00:44:05 -02:00
hidp Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() 2013-01-09 17:39:05 -02:00
rfcomm Bluetooth: Add missing lock nesting notation 2012-12-03 15:59:10 -02:00
a2mp.c Bluetooth: Rename ctrl_id to remote_amp_id 2012-11-01 20:27:11 -02:00
af_bluetooth.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2012-10-19 15:22:27 -04:00
amp.c Bluetooth: Set local_amp_id after getting Phylink Completed evt 2012-11-20 15:54:44 -02:00
hci_conn.c Bluetooth: Add put(hcon) when deleting hchan 2012-11-01 20:27:03 -02:00
hci_core.c Bluetooth: Fix authentication if acl data comes before remote feature evt 2013-01-10 03:26:18 -02:00
hci_event.c Bluetooth: Fix sending HCI commands after reset 2013-01-09 17:05:14 -02:00
hci_sock.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-09-28 14:40:49 -04:00
hci_sysfs.c Bluetooth: Use %pMR in sprintf/seq_printf instead of batostr 2012-09-27 18:10:15 -03:00
Kconfig Bluetooth: trivial: Remove newline before EOF 2012-10-24 00:42:47 -02:00
l2cap_core.c Bluetooth: Fix authentication if acl data comes before remote feature evt 2013-01-10 03:26:18 -02:00
l2cap_sock.c Bluetooth: Start channel move when socket option is changed 2012-10-24 00:26:30 -02:00
lib.c bluetooth: Remove unneeded batostr function 2012-09-27 18:10:43 -03:00
Makefile Bluetooth: AMP: Use HCI cmd to Read Loc AMP Assoc 2012-09-27 17:10:32 -03:00
mgmt.c Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2012-12-03 13:46:03 -05:00
sco.c Bluetooth: Check if the hci connection exists in SCO shutdown 2013-01-10 03:53:32 -02:00
smp.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless 2012-11-21 12:57:56 -05:00