Received: by 2002:a05:6a10:eb17:0:0:0:0 with SMTP id hx23csp972900pxb; Fri, 3 Sep 2021 19:11:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyP2WHl+1FuJSSZB3/tnKWGxz10SaUNLlPcEAQ0ef8S3Q75vYbuT5VbLxrZAHyeWN5wVfMa X-Received: by 2002:a17:906:350d:: with SMTP id r13mr1988836eja.408.1630721490936; Fri, 03 Sep 2021 19:11:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1630721490; cv=none; d=google.com; s=arc-20160816; b=rmrp3DOurqTYnANcXvMfEk79PeF88NkaZF6o3ra3in0eSfi7KwCVSFeJ3rZ4cQhgfL Tz+gnlrQV7JChKmTimC+fugU6RZmbLYoTeXJIEEhYM2C3yTtVF3PhKzKt94hsDoTo1WX SrCT1J7krnsCyJJWILeUN96wXT5YDh+s9XeLBnTMxBmhbO7inCH/X+ikisM9IlUnGCDe MuLeGTBaqEobr/+Ei+mV7U89JVUSDvVmViKPG8Dg5/0SwWmaWvF3Vj17BLgHCXOjA1FC gV9BeFFtDD8u6EpS34s/W1sjnskZz9KTVjA/x47HsJB7a3NFFlsYzT6tYwBHXjZ0JrmX 1jaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:references:cc :to:from:subject; bh=akKB6w35lSKrw+gD6fbZmwto/X7AS2XXwc5J+2ErrFA=; b=mvcaCV4LzOobsxiksiShAYPxT3cNMQw1a91AO3hLFpjpCaR728iSuAQm22n6Trljhz epgJbYYrhZ9WBL/GW31GNjx0TLm+OuxhrMR2DCiBcPUZWcBaSZOMDvyCN9mDdDAxBETC NbVb1g/JCjKgfZgxUEUTAYb4zDVbdaeWPZViGKrxU+oQNbXvreBeM8xvNvNOrHekcpMa i675W1PF/VlBldIVx59k2k6N+AsdEgDdLO3rA2FAsR5n1pKAyt3ndWWPZoleWSzFew8O RauF9PlsBA+tCG9ADyb4Ls5eAuREfDBQpz/datycKrVC/48H/u3qKU47he0lTyOifO7c Suxg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id qb26si839256ejc.538.2021.09.03.19.10.42; Fri, 03 Sep 2021 19:11:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233140AbhIDCEN (ORCPT + 99 others); Fri, 3 Sep 2021 22:04:13 -0400 Received: from www262.sakura.ne.jp ([202.181.97.72]:60299 "EHLO www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231389AbhIDCEM (ORCPT ); Fri, 3 Sep 2021 22:04:12 -0400 Received: from fsav312.sakura.ne.jp (fsav312.sakura.ne.jp [153.120.85.143]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id 184230PB021504; Sat, 4 Sep 2021 11:03:01 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav312.sakura.ne.jp (F-Secure/fsigk_smtp/550/fsav312.sakura.ne.jp); Sat, 04 Sep 2021 11:03:00 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/fsav312.sakura.ne.jp) Received: from [192.168.1.9] (M106072142033.v4.enabler.ne.jp [106.72.142.33]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id 184230T2021501 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO); Sat, 4 Sep 2021 11:03:00 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Subject: Re: [PATCH] Bluetooth: avoid page fault from sco_send_frame() From: Tetsuo Handa To: Luiz Augusto von Dentz Cc: LinMa , "linux-bluetooth@vger.kernel.org" , Marcel Holtmann , Johan Hedberg , Linus Torvalds References: <15f5a46.b79d9.17ba6802ccd.Coremail.linma@zju.edu.cn> <60f604f8-2a89-fd3f-996f-9d9e4a229427@i-love.sakura.ne.jp> Message-ID: <883dc4b7-d1a1-3d31-a5a8-8fa1791084b6@i-love.sakura.ne.jp> Date: Sat, 4 Sep 2021 11:02:58 +0900 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Commit 99c23da0eed4fd20 ("Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()") in linux-next.git should be sent to linux.git now as a mitigation for CVE-2021-3640. But I think "[PATCH v3 3/4] Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg" still contains bug.