Bluetooth: Fix missing hci_dev_lock/unlock in mgmt req_complete()
mgmt_pending_remove() should be called with hci_dev_lock protection
and currently the rule to take dev lock is that all mgmt req_complete
functions should take dev lock. So this patch fixes the same in the
missing functions
Without this patch there is a chance of invalid memory access while
accessing the mgmt_pending list like below
bluetoothd: 392] [0] Backtrace:
bluetoothd: 392] [0] [<
c04ec770>] (pending_eir_or_class+0x0/0x68) from [<
c04f1830>] (add_uuid+0x34/0x1c4)
bluetoothd: 392] [0] [<
c04f17fc>] (add_uuid+0x0/0x1c4) from [<
c04f3cc4>] (mgmt_control+0x204/0x274)
bluetoothd: 392] [0] [<
c04f3ac0>] (mgmt_control+0x0/0x274) from [<
c04f609c>] (hci_sock_sendmsg+0x80/0x308)
bluetoothd: 392] [0] [<
c04f601c>] (hci_sock_sendmsg+0x0/0x308) from [<
c03d4d68>] (sock_aio_write+0x144/0x174)
bluetoothd: 392] [0] r8:
00000000 r7
7c1be90 r6
7c1be18 r5:
00000017 r4
a90ea80
bluetoothd: 392] [0] [<
c03d4c24>] (sock_aio_write+0x0/0x174) from [<
c00e2d4c>] (do_sync_write+0xb0/0xe0)
bluetoothd: 392] [0] [<
c00e2c9c>] (do_sync_write+0x0/0xe0) from [<
c00e371c>] (vfs_write+0x134/0x13c)
bluetoothd: 392] [0] r8:
00000000 r7
7c1bf70 r6:
beeca5c8 r5:
00000017 r4
7c05900
bluetoothd: 392] [0] [<
c00e35e8>] (vfs_write+0x0/0x13c) from [<
c00e3910>] (sys_write+0x44/0x70)
bluetoothd: 392] [0] r8:
00000000 r7:
00000004 r6:
00000017 r5:
beeca5c8 r4
7c05900
bluetoothd: 392] [0] [<
c00e38cc>] (sys_write+0x0/0x70) from [<
c000e3c0>] (ret_fast_syscall+0x0/0x30)
bluetoothd: 392] [0] r9
7c1a000 r8:
c000e568 r6:
400b5f10 r5:
403896d8 r4:
beeca604
bluetoothd: 392] [0] Code:
e28cc00c e152000c 0a00000f e3a00001 (
e1d210b8)
bluetoothd: 392] [0] ---[ end trace
67b6ac67435864c4 ]---
bluetoothd: 392] [0] Kernel panic - not syncing: Fatal exception
Signed-off-by: Jaganath Kanakkassery <jaganath.k@samsung.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commit