| From 7cc8380eb10347016d95bf6f9d842c2ae6d12932 Mon Sep 17 00:00:00 2001 |
| From: Ram Malovany <ramm@ti.com> |
| Date: Thu, 19 Jul 2012 10:26:10 +0300 |
| Subject: Bluetooth: Fix using a NULL inquiry cache entry |
| |
| From: Ram Malovany <ramm@ti.com> |
| |
| commit 7cc8380eb10347016d95bf6f9d842c2ae6d12932 upstream. |
| |
| If the device was not found in a list of found devices names of which |
| are pending.This may happen in a case when HCI Remote Name Request |
| was sent as a part of incoming connection establishment procedure. |
| Hence there is no need to continue resolving a next name as it will |
| be done upon receiving another Remote Name Request Complete Event. |
| This will fix a kernel crash when trying to use this entry to resolve |
| the next name. |
| |
| Signed-off-by: Ram Malovany <ramm@ti.com> |
| Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| net/bluetooth/hci_event.c | 16 +++++++++++----- |
| 1 file changed, 11 insertions(+), 5 deletions(-) |
| |
| --- a/net/bluetooth/hci_event.c |
| +++ b/net/bluetooth/hci_event.c |
| @@ -1406,12 +1406,18 @@ static void hci_check_pending_name(struc |
| return; |
| |
| e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING); |
| - if (e) { |
| + /* If the device was not found in a list of found devices names of which |
| + * are pending. there is no need to continue resolving a next name as it |
| + * will be done upon receiving another Remote Name Request Complete |
| + * Event */ |
| + if (!e) |
| + return; |
| + |
| + list_del(&e->list); |
| + if (name) { |
| e->name_state = NAME_KNOWN; |
| - list_del(&e->list); |
| - if (name) |
| - mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00, |
| - e->data.rssi, name, name_len); |
| + mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00, |
| + e->data.rssi, name, name_len); |
| } |
| |
| if (hci_resolve_next_name(hdev)) |
