This was accidentally changed from list_for_each_entry_safe() to
list_for_each_entry() so now it has a use after free bug. I've changed
it back.
Fixes: 90305829635d ('Bluetooth: 6lowpan: Converting rwlocks to use RCU')
Signed-off-by: Dan Carpenter <[email protected]>
diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c
index 7254bdd..eef298d 100644
--- a/net/bluetooth/6lowpan.c
+++ b/net/bluetooth/6lowpan.c
@@ -1383,7 +1383,7 @@ static const struct file_operations lowpan_control_fops = {
static void disconnect_devices(void)
{
- struct lowpan_dev *entry, *new_dev;
+ struct lowpan_dev *entry, *tmp, *new_dev;
struct list_head devices;
INIT_LIST_HEAD(&devices);
@@ -1408,7 +1408,7 @@ static void disconnect_devices(void)
rcu_read_unlock();
- list_for_each_entry(entry, &devices, list) {
+ list_for_each_entry_safe(entry, tmp, &devices, list) {
ifdown(entry->netdev);
BT_DBG("Unregistering netdev %s %p",
entry->netdev->name, entry->netdev);
Hi Dan,
> This was accidentally changed from list_for_each_entry_safe() to
> list_for_each_entry() so now it has a use after free bug. I've changed
> it back.
>
> Fixes: 90305829635d ('Bluetooth: 6lowpan: Converting rwlocks to use RCU')
> Signed-off-by: Dan Carpenter <[email protected]>
patch has been applied to bluetooth-next tree.
Regards
Marcel
Hi Dan,
On ke, 2014-10-29 at 19:10 +0300, Dan Carpenter wrote:
> This was accidentally changed from list_for_each_entry_safe() to
> list_for_each_entry() so now it has a use after free bug. I've changed
> it back.
Good catch! Thanks for the patch.
Acked-by: Jukka Rissanen <[email protected]>
>
> Fixes: 90305829635d ('Bluetooth: 6lowpan: Converting rwlocks to use RCU')
> Signed-off-by: Dan Carpenter <[email protected]>
>
> diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c
> index 7254bdd..eef298d 100644
> --- a/net/bluetooth/6lowpan.c
> +++ b/net/bluetooth/6lowpan.c
> @@ -1383,7 +1383,7 @@ static const struct file_operations lowpan_control_fops = {
>
> static void disconnect_devices(void)
> {
> - struct lowpan_dev *entry, *new_dev;
> + struct lowpan_dev *entry, *tmp, *new_dev;
> struct list_head devices;
>
> INIT_LIST_HEAD(&devices);
> @@ -1408,7 +1408,7 @@ static void disconnect_devices(void)
>
> rcu_read_unlock();
>
> - list_for_each_entry(entry, &devices, list) {
> + list_for_each_entry_safe(entry, tmp, &devices, list) {
> ifdown(entry->netdev);
> BT_DBG("Unregistering netdev %s %p",
> entry->netdev->name, entry->netdev);
> --
> To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
Cheers,
Jukka