Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp1367478pxb; Mon, 11 Oct 2021 04:38:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzVa0i+WGK3ABs69hJVzaPSw8LEvfsPehAQZVqhqG+IyMr8r99GwLRNsaIMGwoxck0x3HaY X-Received: by 2002:a62:3893:0:b0:44b:9369:5de5 with SMTP id f141-20020a623893000000b0044b93695de5mr25191201pfa.40.1633952312241; Mon, 11 Oct 2021 04:38:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633952312; cv=none; d=google.com; s=arc-20160816; b=esiGTfyL8/Kh9cbmUIsGWHWy8ELLNke/7FYQ2Bquk79qX+mCJ2ELtdbyR/Zd8OP1u2 AaqoCzSvgFg7g8v6Fa2o2dzITmotIkg4X3t8y1GuQMY/WEkaL7QC909Y4if4cUwJwyIt mzWMkvoeLdsxbZE6BzNeyrB1g2avOni3mRVeEc+w4BPzHftuKKOEoAA2hlAAu8rj6tWK pGuz37o3kxIci4MEgy2xylyW/w7TIiW95QiKfkfPjgjv5Y52BOwbs8YBIOMgK0mAJKe1 boqEwGuvByvOgZQ7o+meOYqmGJ/VF+URq3dzGB2GT4exfppSTKN8/8StLIrP3rgUKNXs SE9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:sender:dkim-signature; bh=OFwvO+5O26jNeJwoqotjqSerIJKGdnZeWd3xTRtCT7w=; b=HB2YGYC0JmBSaLL/iZxC+4jaZ/Yuny1AUtlqYzp6V65HK3A1xj/QUS+JAKqRVUT6jy 7S/O8IjA8UopiMXgUgvCJ0/CWuzKezmRjeJVfMbnCYWGplj4Ly+ZZYPWiqIkuk2ckv7j Z4mJ6xCp9tRjlq29BE0cfmcD2+iCFL5ik/1PydBVPXQOdYLrFUYZa3qlZh56aUoW2wGV LoeZBi1MNuQ77m/jcls4RUe/Hbb210kO7to+abAgtSoZfzQ9nfF62LeTc0fI+ql614n2 XaZRZv6/u2Q1RqDngJfiQw8AfJr1A4lkEiQSYJGQVINu2ZRNMs/HzYzUVXrIyT3oyn2H 8s9w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=mvJcpty7; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m129si10798120pfd.210.2021.10.11.04.38.18; Mon, 11 Oct 2021 04:38:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=mvJcpty7; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233541AbhJKHCD (ORCPT + 99 others); Mon, 11 Oct 2021 03:02:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53130 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233148AbhJKHCC (ORCPT ); Mon, 11 Oct 2021 03:02:02 -0400 Received: from mail-wr1-x436.google.com (mail-wr1-x436.google.com [IPv6:2a00:1450:4864:20::436]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 38D98C061570 for ; Mon, 11 Oct 2021 00:00:03 -0700 (PDT) Received: by mail-wr1-x436.google.com with SMTP id r18so52763950wrg.6 for ; Mon, 11 Oct 2021 00:00:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=OFwvO+5O26jNeJwoqotjqSerIJKGdnZeWd3xTRtCT7w=; b=mvJcpty7kt+1nZiphV30bvaToBP06DmQdDZ5kVlZqeL5/dWP2hOVGQwnlte1Izb+QC TaC7KAopbLnv2jxCRWqe/soYLUFVKzcRfcOgQLQWebBs+6sFmLdFM7uKJdTEDbYNyHZR 2EqWuSZNMMZX96yJAhkxe8X+H32XZw/gLi0EydFfH1+18pEUZb3GnNWrKzp1O/96BTmk iy2kPFSAMjMsQwXR50U9PZ5b8QmLcmiLQMFbgpHVHPXeNr2tqzk8LndXLhlQ4C2mLDrq r96yWMSoEhIurmPaXQEFmxUIq8k+3URZQYm1tkW/0iPERUYoKaNUq+J/uRE2IPHbbG+1 Nd5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to; bh=OFwvO+5O26jNeJwoqotjqSerIJKGdnZeWd3xTRtCT7w=; b=aR3V/6Jp/9o22sYEUleXttzYuAVb9yiVaxQAGr0Mmy11QTvVoxgQnXtXdcAXqeGd69 U0W9FLwII36X5uEJW7DxdBYPtP2+cq4p2pL1tKYIj8m7l4BZIjuTMWyAxnibRlZHWylx myvZRR6WCh+cUv9JokksnpOydj0xs2IXBD/zUTGrq7aUfieb+PYcLmzd6GF46OjosAoN MokigHsS5ROnB0DJzjhj1f5MbmfNTNsUqRaYsnbBaDXTHLfin6ZqM/FLSJWeKg94UesW Pg1vwGmjWGO2ILFjiuvVgJDfPn08g9i65VuBS9VB28Zl/gtudSF3yD9Rh2/klm4TnQeZ 8o5A== X-Gm-Message-State: AOAM532j+kYN/j+r4YZJ315fp8O1LjbPTAPtqzz1qtWzDwflkfAiQHYg AQiJTuUINcLPCO8i1SktrvM= X-Received: by 2002:adf:a45e:: with SMTP id e30mr22396222wra.269.1633935601776; Mon, 11 Oct 2021 00:00:01 -0700 (PDT) Received: from eldamar (80-218-24-251.dclient.hispeed.ch. [80.218.24.251]) by smtp.gmail.com with ESMTPSA id n7sm7017389wra.37.2021.10.11.00.00.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 00:00:00 -0700 (PDT) Sender: Salvatore Bonaccorso Date: Mon, 11 Oct 2021 09:00:00 +0200 From: Salvatore Bonaccorso To: Tetsuo Handa Cc: Luiz Augusto von Dentz , LinMa , "linux-bluetooth@vger.kernel.org" , Marcel Holtmann , Johan Hedberg , Linus Torvalds , tiwai@suse.com Subject: Re: [PATCH] Bluetooth: avoid page fault from sco_send_frame() Message-ID: References: <15f5a46.b79d9.17ba6802ccd.Coremail.linma@zju.edu.cn> <60f604f8-2a89-fd3f-996f-9d9e4a229427@i-love.sakura.ne.jp> <883dc4b7-d1a1-3d31-a5a8-8fa1791084b6@i-love.sakura.ne.jp> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <883dc4b7-d1a1-3d31-a5a8-8fa1791084b6@i-love.sakura.ne.jp> Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi, On Sat, Sep 04, 2021 at 11:02:58AM +0900, Tetsuo Handa wrote: > Commit 99c23da0eed4fd20 ("Bluetooth: sco: Fix lock_sock() blockage > by memcpy_from_msg()") in linux-next.git should be sent to linux.git > now as a mitigation for CVE-2021-3640. > > But I think "[PATCH v3 3/4] Bluetooth: SCO: Replace use of > memcpy_from_msg with bt_skb_sendmsg" still contains bug. Did his one felt through the cracks? I'm confused about the statement in https://bugzilla.suse.com/show_bug.cgi?id=1188172#c8 so Cc'ing Takashi Iwai as well. Regards, Salvatore