git.ipfire.org Git - thirdparty/kernel/stable.git/commit

Bluetooth: hci_sync: fix set_local_name race condition

[ Upstream commit 6bbd0d3f0c23fc53c17409dd7476f38ae0ff0cd9 ]

Function set_name_sync() uses hdev->dev_name field to send
HCI_OP_WRITE_LOCAL_NAME command, but copying from data to hdev->dev_name
is called after mgmt cmd was queued, so it is possible that function
set_name_sync() will read old name value.

This change adds name as a parameter for function hci_update_name_sync()
to avoid race condition.

Fixes: 6f6ff38a1e14 ("Bluetooth: hci_sync: Convert MGMT_OP_SET_LOCAL_NAME")
Signed-off-by: Pavel Shpakovskiy <pashpakovskii@salutedevices.com>
Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

author	Pavel Shpakovskiy <pashpakovskii@salutedevices.com>
	Fri, 22 Aug 2025 09:20:55 +0000 (12:20 +0300)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 4 Sep 2025 13:30:21 +0000 (15:30 +0200)
commit	4bd2866db0025d8943aa2fef454ca719daec4d6a
tree	b7668221bc4b89989eee268c117b9925f1827b3b	tree \| snapshot
parent	961abec8184a5ed76a2e975c6f8c5329ab85182d	commit \| diff

include/net/bluetooth/hci_sync.h		diff \| blob \| blame \| history
net/bluetooth/hci_sync.c		diff \| blob \| blame \| history
net/bluetooth/mgmt.c		diff \| blob \| blame \| history