On 03/08/2016, 07:32 PM, Marcel Holtmann wrote:
> that means very little to me actually. So is the real issue caused by opening
> /dev/vhci or is that theoretical one via some internal kernel compile time
> feature.
Hi, what do you think about this one?
--- a/drivers/bluetooth/hci_vhci.c
+++ b/drivers/bluetooth/hci_vhci.c
@@ -196,6 +196,11 @@ static inline ssize_t vhci_get_user(stru
cancel_delayed_work_sync(&data->open_timeout);
+ if (data->hdev) {
+ kfree_skb(skb);
+ return -EBADFD;
+ }
+
opcode = *((__u8 *) skb->data);
skb_pull(skb, 1);
open_timeout could be in progress (raced with us) and _sync cancel
waited for vhci_create_device to actually finish and create the device
the second time.
thanks,
--
js
suse labs
