• Dean Jenkins's avatar
    Bluetooth: hci_ldisc: Use rwlocking to avoid closing proto races · dec2c928
    Dean Jenkins authored
    When HCI_UART_PROTO_READY is in the set state, the Data Link protocol
    layer (proto) is bound to the HCI UART driver. This state allows the
    registered proto function pointers to be used by the HCI UART driver.
    
    When unbinding (closing) the Data Link protocol layer, the proto
    function pointers much be prevented from being used immediately before
    running the proto close function pointer. Otherwise, there is a risk
    that a proto non-close function pointer is used during or after the
    proto close function pointer is used. The consequences are likely to
    be a kernel crash because the proto close function pointer will free
    resources used in the Data Link protocol layer.
    
    Therefore, add a reader writer lock (rwlock) solution to prevent the
    close proto function pointer from running by using write_lock_irqsave()
    whilst the other proto function pointers are protected using
    read_lock(). This means HCI_UART_PROTO_READY can safely be cleared
    in the knowledge that no proto function pointers are running.
    
    When flag HCI_UART_PROTO_READY is put into the clear state,
    proto close function pointer can safely be run. Note
    flag HCI_UART_PROTO_SET being in the set state prevents the proto
    open function pointer from being run so there is no race condition
    between proto open and close function pointers.
    Signed-off-by: default avatarDean Jenkins <Dean_Jenkins@mentor.com>
    Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
    dec2c928
hci_ldisc.c 19.3 KB