Bluetooth: hci_sock: purge socket queues in the destruct() callback
stable inclusion from stable-v5.10.173 commit 7474be26b032f682b2166beb4a92c533f4de6a76 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7X0QU Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=7474be26b032f682b2166beb4a92c533f4de6a76 -------------------------------- commit 709fca50 upstream. The receive path may take the socket right before hci_sock_release(), but it may enqueue the packets to the socket queues after the call to skb_queue_purge(), therefore the socket can be destroyed without clear its queues completely. Moving these skb_queue_purge() to the hci_sock_destruct() will fix this issue, because nothing is referencing the socket at this point. Signed-off-by:Nguyen Dinh Phi <phind.uet@gmail.com> Reported-by:
Loading
Please sign in to comment