Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp12785033rwd; Fri, 23 Jun 2023 10:36:05 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6tUm2FVV9iGHtyw9gQ8ebwhh9JXrqKfRQG77L16f6OE6/lqyvZkdb/VbZFu5684FdzS99R X-Received: by 2002:a05:6808:1390:b0:3a0:5772:e204 with SMTP id c16-20020a056808139000b003a05772e204mr7814465oiw.35.1687541765093; Fri, 23 Jun 2023 10:36:05 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1687541765; cv=pass; d=google.com; s=arc-20160816; b=aAqr8FRYcQAFEUopJLh/X5nSJSvnuC+kNHcxKEwRJInAO149qY8RrqbcbuXlop6eq3 zfzXJUht9KFv6xFqgu/ZtEWb+z3co/GiFenfF6JqOWi9fCeaJkceYOkCdQLpOwB7ySC5 B8PNKG75vmZ++Hs+7liS7eKhTW/yWQslCohmYQY2ZDZDS1r6AfBAz8/V2lzIQ9ib0Zg/ WgTyck5Ywpv8S4lYOq/z4YpohscaqPf38XidLIGxps5R//+zMJU6AIkx5qk+Kd5hiCdM O4IkI+IRU+J4XHQfKsu8AUsTPSgzpcYdtDwotaxguvZEzT8G3Slakc+TRJFoVo3pMgR2 aoPQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=zaCe5l9sNZdr/d/DwckHXoXDhHv0aArdv7bPevQmsZQ=; b=GQbgu0UED3DR3OtiPKreHaCAKLHH61J1CFyW3ZAm+MqaxlpDMDeNmfZeG/QKOiU6kr v8sfKZTJS3yksReE3EKhQe1DlOrgGzTrus7kGGJzyqU1bsN6cAY6Naw27C1CpHE2R94E VqjdokDuiu2s0DeJtSVIaDTvwVkEMNYaM2//IpAU/PhthvYndVt6qz1usN8X9f9i30yr 2grIqULzqzRFlq4yepeN1CzZqd0/Uuq3QZhFU4av/LDBAHQKMhO8EKrdsK6i1ay85qpC XWHeMLhS7RnYUpRTcwo5qRm7szMzWpkbTxU73m15yvK2SsqGFrEUvX7TiL2LoFphYqN8 jUxw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@iki.fi header.s=lahtoruutu header.b=PP8hMMJa; arc=pass (i=1); spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b18-20020a639312000000b005538432adcasi3043822pge.57.2023.06.23.10.35.52; Fri, 23 Jun 2023 10:36:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@iki.fi header.s=lahtoruutu header.b=PP8hMMJa; arc=pass (i=1); spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232471AbjFWRTU (ORCPT + 99 others); Fri, 23 Jun 2023 13:19:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47514 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232620AbjFWRTA (ORCPT ); Fri, 23 Jun 2023 13:19:00 -0400 Received: from lahtoruutu.iki.fi (lahtoruutu.iki.fi [IPv6:2a0b:5c81:1c1::37]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 221A41997 for ; Fri, 23 Jun 2023 10:18:59 -0700 (PDT) Received: from monolith.lan (91-152-120-101.elisa-laajakaista.fi [91.152.120.101]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: pav) by lahtoruutu.iki.fi (Postfix) with ESMTPSA id 4QnkVK0RyXz49QK5; Fri, 23 Jun 2023 20:18:49 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1687540729; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zaCe5l9sNZdr/d/DwckHXoXDhHv0aArdv7bPevQmsZQ=; b=PP8hMMJatUJu323qjIPOT3/Zc/qr6LDLVBDTFpF0ksAv55cLAAJ/5ICZImKD3cGGvft9M8 XLeNmVAiBerU0mntFIcSYQttp5MvGnaTuPcwf6FLLBF2bqIqIuqgIf3y77VBfuV4k+4OGz EmSbSJEt5eLQltyBxf1eVY4Gal3D2OMkK42dv1S6yEL3GCAJFwq+NvLLfYvXjIgvLyliOi qej7jiz/cTRmTJBCXcLPAJOHQDH/IIoPiVJjC9ttw0DanTlkqHIUkh/bSJ+zI3QY/5zgoY maMEhXSqSfwSDw53Kk4HfshuNQ9P4FhFYgsgOQTKmQrBc1pdtCcfhTRnWOMGqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1687540729; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zaCe5l9sNZdr/d/DwckHXoXDhHv0aArdv7bPevQmsZQ=; b=d5TgFgcULHDmAE+I6GnlgXyGTodsNpb8fG2V3f+Yahg2ZQjzwOHu1+I5DRXpy7uDVqxott DyV9V7h0Q5qay20HR1AD5qbqTjToGD2y09o2osXcXBHACkfG1YjwvE0lyGOf5CqxRy6XYP bsWG1Ah/Oj4jW0sPA4UVuCDAUzgRfEfb908/97cDL8Go8w+QuBu5Ygfkmox3soNCh+h1ld f8W8HaZOIsAEs3q6sV0299ZCr2mMkFRgXsXjUAE3Dbe5zuJuJnnWQxpQ58li30gh2c1Tpo rcP5RJ4mJTEJbo3olwvYMkHL5t5cfyfDNwcL5QaYruRzRCliOGynLQjbzbgXLA== ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=pav smtp.mailfrom=pav@iki.fi ARC-Seal: i=1; s=lahtoruutu; d=iki.fi; t=1687540729; a=rsa-sha256; cv=none; b=VYZCLYn54KUx8tWUqH+PK3x1eJkj/rstqeWVeGe4a/lSZNAqnUesKccv6zH2sSyEyUf/gv HYaKUDpZ1ONtOziHf/lZ065i4bMxj8x9gmSE/CK1u2QLSN5P9W/hTJyM52hhyd92vUfttJ eATTsKrcWN6L2l8CES4NIDrST4mTJlo4ImAlvAi+94LgD9kIfmFtRK6D2o35Mff8JJSICP Do0LPPr3hL+YgV7K30/3mcNt95bkIeZhUjHjH6SaM40CgCAJKiO2CvtqBaNizyoURiHVjF t9VSJT+9UH1CQsXaDwKnNvaKOaIjfpRiNuJhjJlxdogiT+i0uL7opq9BnBMNyg== From: Pauli Virtanen To: linux-bluetooth@vger.kernel.org Cc: Pauli Virtanen Subject: [PATCH RFC 5/5] Bluetooth: ISO: fix locking in iso_conn_ready Date: Fri, 23 Jun 2023 20:18:42 +0300 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Getting conn->sk must sock_hold, otherwise the socket may be freed concurrently. Access to conn->hcon is safe when holding hdev->lock. Fix the locking in iso_conn_ready to obey this. Signed-off-by: Pauli Virtanen --- net/bluetooth/iso.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c index ea0209fb9872..c2045adbd7b6 100644 --- a/net/bluetooth/iso.c +++ b/net/bluetooth/iso.c @@ -179,6 +179,7 @@ static void iso_chan_del(struct sock *sk, int err) sock_set_flag(sk, SOCK_ZAPPED); } +/* Must hold hdev->lock */ static void iso_conn_del(struct hci_conn *hcon, int err) { struct iso_conn *conn = hcon->iso_data; @@ -1547,19 +1548,23 @@ static bool iso_match_big(struct sock *sk, void *data) static void iso_conn_ready(struct iso_conn *conn) { struct sock *parent; - struct sock *sk = conn->sk; + struct sock *sk; struct hci_ev_le_big_sync_estabilished *ev; struct hci_conn *hcon; BT_DBG("conn %p", conn); - if (sk) { - iso_sock_ready(conn->sk); - } else { - hcon = conn->hcon; - if (!hcon) - return; + iso_conn_lock(conn); + hcon = conn->hcon; + sk = conn->sk; + if (sk) + sock_hold(sk); + iso_conn_unlock(conn); + if (sk) { + iso_sock_ready(sk); + sock_put(sk); + } else if (hcon) { ev = hci_recv_event_data(hcon->hdev, HCI_EVT_LE_BIG_SYNC_ESTABILISHED); if (ev) -- 2.41.0