linux-hardened/net/bluetooth
David Herrmann 8d12356f33 Bluetooth: introduce hci_conn ref-counting
We currently do not allow using hci_conn from outside of HCI-core.
However, several other users could make great use of it. This includes
HIDP, rfcomm and all other sub-protocols that rely on an active
connection.

Hence, we now introduce hci_conn ref-counting. We currently never call
get_device(). put_device() is exclusively used in hci_conn_del_sysfs().
Hence, we currently never have a greater device-refcnt than 1.
Therefore, it is safe to move the put_device() call from
hci_conn_del_sysfs() to hci_conn_del() (it's the only caller). In fact,
this even fixes a "use-after-free" bug as we access hci_conn after calling
hci_conn_del_sysfs() in hci_conn_del().

From now on we can add references to hci_conn objects in other layers
(like l2cap_sock, HIDP, rfcomm, ...) and grab a reference via
hci_conn_get(). This does _not_ guarantee, that the connection is still
alive. But, this isn't what we want. We can simply lock the hci_conn
device and use "device_is_registered(hci_conn->dev)" to test that.
However, this is hardly necessary as outside users should never rely on
the HCI connection to be alive, anyway. Instead, they should solely rely
on the device-object to be available.
But if sub-devices want the hci_conn object as sysfs parent, they need to
be notified when the connection drops. This will be introduced in later
patches with l2cap_users.

Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-04-17 02:45:22 -03:00
..
bnep Bluetooth: discard bt_sock_unregister() errors 2013-03-08 10:38:44 -03:00
cmtp Bluetooth: discard bt_sock_unregister() errors 2013-03-08 10:38:44 -03:00
hidp Bluetooth: remove unneeded hci_conn_hold/put_device() 2013-04-17 02:38:36 -03:00
rfcomm Bluetooth: fix error return code in rfcomm_add_listener() 2013-03-20 14:17:52 -03:00
a2mp.c Bluetooth: Replaced kzalloc and memcpy with kmemdup 2013-03-18 14:01:50 -03:00
af_bluetooth.c Bluetooth: change bt_sock_unregister() to return void 2013-03-08 10:38:44 -03:00
amp.c Bluetooth: AMP: Use set_bit / test_bit for amp_mgr state 2013-01-09 17:05:05 -02:00
hci_conn.c Bluetooth: introduce hci_conn ref-counting 2013-04-17 02:45:22 -03:00
hci_core.c Bluetooth: Remove driver init queue from core 2013-04-04 19:28:25 +03:00
hci_event.c Bluetooth: remove unneeded hci_conn_hold/put_device() 2013-04-17 02:38:36 -03:00
hci_sock.c Bluetooth: Fix stand-alone HCI command handling 2013-03-08 10:40:26 -03:00
hci_sysfs.c Bluetooth: introduce hci_conn ref-counting 2013-04-17 02:45:22 -03:00
Kconfig Bluetooth: trivial: Remove newline before EOF 2012-10-24 00:42:47 -02:00
l2cap_core.c Bluetooth: Remove unneeded parameter 2013-04-11 16:34:18 -03:00
l2cap_sock.c Bluetooth: hidp: verify l2cap sockets 2013-04-05 23:44:14 -03:00
lib.c bluetooth: Remove unneeded batostr function 2012-09-27 18:10:43 -03:00
Makefile Bluetooth: AMP: Use HCI cmd to Read Loc AMP Assoc 2012-09-27 17:10:32 -03:00
mgmt.c Bluetooth: rename hci_conn_put to hci_conn_drop 2013-04-11 16:34:15 -03:00
sco.c Bluetooth: Minor coding style fix 2013-04-11 16:34:17 -03:00
smp.c Bluetooth: rename hci_conn_put to hci_conn_drop 2013-04-11 16:34:15 -03:00