diff options
| author | Takashi Iwai <tiwai@suse.de> | 2021-08-28 18:18:18 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2021-11-26 11:58:36 +0100 |
| commit | f632f88fe209240f5cad853e33f74fda4d341004 (patch) | |
| tree | 657819887bc325bac6f81fb938c6501e5de4cccc /tools/perf/scripts/python/netdev-times.py | |
| parent | 315a8f60684aaf4cfb929968c328570a25691d86 (diff) | |
Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
[ Upstream commit 99c23da0eed4fd20cae8243f2b51e10e66aa0951 ]
The sco_send_frame() also takes lock_sock() during memcpy_from_msg()
call that may be endlessly blocked by a task with userfaultd
technique, and this will result in a hung task watchdog trigger.
Just like the similar fix for hci_sock_sendmsg() in commit
92c685dc5de0 ("Bluetooth: reorganize functions..."), this patch moves
the memcpy_from_msg() out of lock_sock() for addressing the hang.
This should be the last piece for fixing CVE-2021-3640 after a few
already queued fixes.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'tools/perf/scripts/python/netdev-times.py')
0 files changed, 0 insertions, 0 deletions