[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bluetooth-dev] race condition in hci_inquiry



 kfree(inq_res);
 inq_res = (inquiry_results*) kmalloc(sizeof(inquiry_results)
          + 6 * num_resp, GFP_ATOMIC);

/* More stuff, then the caller will block here... but what if another
process calls in while this one is blocked? The new process will delete
this one's inquiry_result... */
 tmp = send_inq_cmd_block((u8*) &c_pkt ,c_pkt.len + CMD_HDR_LEN +
     HCI_HDR_LEN);


Why not have the callers provide their own inquiry_result struct?

--gmcnutt

-
To unsubscribe from this list: send the line "unsubscribe bluetooth-dev" in
the body of a message to majordomo@xxxxxxx.com