summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRam Malovany <ramm@ti.com>2012-07-19 10:26:10 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2012-09-14 10:00:18 -0700
commita8b8ad6dcf49c84c7a8633082191c6fd7539c355 (patch)
tree04b83d3d6fd2d6c2c5fefff150b835d7a315bead
parenta431bd57a95921188f61096e5ce29d1b769be118 (diff)
downloadlinux-3.10-a8b8ad6dcf49c84c7a8633082191c6fd7539c355.tar.gz
linux-3.10-a8b8ad6dcf49c84c7a8633082191c6fd7539c355.tar.bz2
linux-3.10-a8b8ad6dcf49c84c7a8633082191c6fd7539c355.zip
Bluetooth: Fix using a NULL inquiry cache entry
commit 7cc8380eb10347016d95bf6f9d842c2ae6d12932 upstream. If the device was not found in a list of found devices names of which are pending.This may happen in a case when HCI Remote Name Request was sent as a part of incoming connection establishment procedure. Hence there is no need to continue resolving a next name as it will be done upon receiving another Remote Name Request Complete Event. This will fix a kernel crash when trying to use this entry to resolve the next name. Signed-off-by: Ram Malovany <ramm@ti.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--net/bluetooth/hci_event.c16
1 files changed, 11 insertions, 5 deletions
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 866fc3b22fb..df2615d59eb 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -1388,12 +1388,18 @@ static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
return;
e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
- if (e) {
+ /* If the device was not found in a list of found devices names of which
+ * are pending. there is no need to continue resolving a next name as it
+ * will be done upon receiving another Remote Name Request Complete
+ * Event */
+ if (!e)
+ return;
+
+ list_del(&e->list);
+ if (name) {
e->name_state = NAME_KNOWN;
- list_del(&e->list);
- if (name)
- mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
- e->data.rssi, name, name_len);
+ mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
+ e->data.rssi, name, name_len);
}
if (hci_resolve_next_name(hdev))