• M
    Bluetooth: Fix issue with sysfs handling for connections · a67e899c
    Marcel Holtmann 提交于
    Due to a semantic changes in flush_workqueue() the current approach of
    synchronizing the sysfs handling for connections doesn't work anymore. The
    whole approach is actually fully broken and based on assumptions that are
    no longer valid.
    
    With the introduction of Simple Pairing support, the creation of low-level
    ACL links got changed. This change invalidates the reason why in the past
    two independent work queues have been used for adding/removing sysfs
    devices. The adding of the actual sysfs device is now postponed until the
    host controller successfully assigns an unique handle to that link. So
    the real synchronization happens inside the controller and not the host.
    
    The only left-over problem is that some internals of the sysfs device
    handling are not initialized ahead of time. This leaves potential access
    to invalid data and can cause various NULL pointer dereferences. To fix
    this a new function makes sure that all sysfs details are initialized
    when an connection attempt is made. The actual sysfs device is only
    registered when the connection has been successfully established. To
    avoid a race condition with the registration, the check if a device is
    registered has been moved into the removal work.
    
    As an extra protection two flush_work() calls are left in place to
    make sure a previous add/del work has been completed first.
    
    Based on a report by Marc Pignat <marc.pignat@hevs.ch>
    Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
    Tested-by: NJustin P. Mattock <justinmattock@gmail.com>
    Tested-by: NRoger Quadros <ext-roger.quadros@nokia.com>
    Tested-by: NMarc Pignat <marc.pignat@hevs.ch>
    a67e899c
hci_conn.c 15.3 KB