Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp22959393rwd; Fri, 30 Jun 2023 15:31:45 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7sbVY/5WTxge5QEiAKGnnP3ANsgTGToo+tMVzXTP2HyCVbBfou6iaZKjb8Kz5pzAM5nvjy X-Received: by 2002:a05:6830:605:b0:6b7:56f6:f846 with SMTP id w5-20020a056830060500b006b756f6f846mr4373379oti.5.1688164304805; Fri, 30 Jun 2023 15:31:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688164304; cv=none; d=google.com; s=arc-20160816; b=M6DnrBYsgikh894HW4+dV7PQwxu+zMGR5Rm+Q3aHUOsOmlf5ZkaqsUj5IdXxHBxm2M apX1q54Jg1oj+UQfpGFQ6mzzyWHlhrLwx/hNASmzjFcT/iGQ9yN7W+krNOLDBAFS53Ws 0pDWr7/NzHPr04zVar9jJx99SXstkIDAzcIUmZqsy8GIHpmYwfvw+Eeb2mZVsphH55FJ vhkIM7GoqIwigE0OJU7OeMiOevoYL3QvR08NMwR4pIDr2UR5sUL7gKJig2v7zqFN+r9Y GX9oXEdddt/w1X9DTpNS40vsdqi5XEO1RD01zeDS57cFhYuxY1k9M1gi2Gvsdmoog2cd lJTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=DpUt64TUG9f/DRzzzxuqwiJUEfTRlaFEKr7xn8qUIWY=; fh=xsxG4po9cOeLpaR7TnlEsYS2YuWb7JpAMluWyQtS1AM=; b=DD8L3Q4Yeb6SM7dO0PpWWjv5lmAkgaBzpK0480Iq+OPQ2cyWXpsRUZ4N5/OCoL4JK9 unTmaopK031ZTz7PRqYWx8q2VvTyUrKqaRmE7VW1RrDbZKt0gNQS17kX5vpanEXKMSmx pOvWc7SLtYaKse2zS4/IUGk9D5kRZI2tcpUhyKmisUoCXZgqmzSn7zLDz8y5ymI/OV4Q jDEQbwoNFm29R6gRsJ/b4k6i4RV/qyOfgbloDh35maCy4qTXxuuMDeIoUpztb3airICR xvO/Q85bpjxtmz2dBZBv3SZJ0pRkqtfCHbBRwHOx6LvmNwV3iY99ysUw6z3C/fUkRGk3 lbzw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=O0efaCTh; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g4-20020a636b04000000b005579d6bdf7esi12065686pgc.856.2023.06.30.15.31.28; Fri, 30 Jun 2023 15:31:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=O0efaCTh; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232562AbjF3WbZ (ORCPT + 99 others); Fri, 30 Jun 2023 18:31:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56628 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232590AbjF3WbX (ORCPT ); Fri, 30 Jun 2023 18:31:23 -0400 Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AC5B03C29 for ; Fri, 30 Jun 2023 15:31:11 -0700 (PDT) Received: by mail-wr1-x432.google.com with SMTP id ffacd0b85a97d-307d58b3efbso2746662f8f.0 for ; Fri, 30 Jun 2023 15:31:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1688164268; x=1690756268; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=DpUt64TUG9f/DRzzzxuqwiJUEfTRlaFEKr7xn8qUIWY=; b=O0efaCThDHNVytH88XvP6eK7uY/nnz7dm+BTWxdSpgQGtVbt5Pxz5SbhzAZPwV5pqY zVvp6Fc+tJjYOE+PxnMmniQVRsPZ6g1g+hLPQTHOlT5ujwHZ7DZLf7LgM61hFJByAWea FQmB/VOimdjYChbV7HW41R9vznM4q+8d1TiqE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688164268; x=1690756268; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DpUt64TUG9f/DRzzzxuqwiJUEfTRlaFEKr7xn8qUIWY=; b=DjNrY1xYyAabaTEneWL2e/DgF8SknkYfy15kmQSqHEEUA+uNgaFrTfRyW8YmNYtpwG etaH59rm3bTiL4uqQYLvUfWLg+MTu4V0BR1MfT6QPtYF+zCNhqFtDsSH4l62PTFPCu53 JA1J0EtnVtXz8CwegpaCNp/4LxrV1UBLyfQlVOQZ8gzy19ZeYPGhi0ciaZlARmVS7pkA z0s5T6hFvIy6yJr4fDFRJWXU9BGgX8SVPNtr7QFiYKwA+l4zxFtGo5l8O+P7AXsPMOw+ SqEL8a0ShR9I7qXWZAYhBM1EXK0HfuJHJJrWjDtzgawga1yk2/Lho2bXFb9XPTFbtJUG 8olQ== X-Gm-Message-State: ABy/qLYqzQ0cyLukqhYS13ZYq+f5ZP9mj07U6Yr0yrhtxa+TnTrc+qiO eR6qgwAQ246v1KU3GfstaCGqllQJkHF7/TwFHNB54Q== X-Received: by 2002:a5d:6812:0:b0:313:e952:e500 with SMTP id w18-20020a5d6812000000b00313e952e500mr3208904wru.7.1688164268711; Fri, 30 Jun 2023 15:31:08 -0700 (PDT) Received: from mail-ed1-f51.google.com (mail-ed1-f51.google.com. [209.85.208.51]) by smtp.gmail.com with ESMTPSA id bu5-20020a170906a14500b0096f6a131b9fsm8523079ejb.23.2023.06.30.15.31.07 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 30 Jun 2023 15:31:07 -0700 (PDT) Received: by mail-ed1-f51.google.com with SMTP id 4fb4d7f45d1cf-51d9372f027so3208a12.0 for ; Fri, 30 Jun 2023 15:31:07 -0700 (PDT) X-Received: by 2002:a50:c242:0:b0:506:90c4:b63b with SMTP id t2-20020a50c242000000b0050690c4b63bmr22867edf.4.1688164267585; Fri, 30 Jun 2023 15:31:07 -0700 (PDT) MIME-Version: 1.0 References: <20230630143125.1.I3b7c8905728f3124576361ca35ed28e37f12f5d1@changeid> In-Reply-To: From: Doug Anderson Date: Fri, 30 Jun 2023 15:30:55 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor() To: Luiz Augusto von Dentz Cc: Marcel Holtmann , Johan Hedberg , Stephen Boyd , Manish Mandlik , Miao-chen Chou , linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi, On Fri, Jun 30, 2023 at 3:11=E2=80=AFPM Doug Anderson wrote: > > > > @@ -1980,9 +1981,10 @@ static int hci_remove_adv_monitor(struct hci_d= ev *hdev, > > > goto free_monitor; > > > > > > case HCI_ADV_MONITOR_EXT_MSFT: > > > + handle =3D monitor->handle; > > > status =3D msft_remove_monitor(hdev, monitor); > > > bt_dev_dbg(hdev, "%s remove monitor %d msft status %d= ", > > > - hdev->name, monitor->handle, status); > > > + hdev->name, handle, status); > > > > Just move the call to bt_dev_dbg under msft_remove_monitor, > > Sure. I wasn't sure how much the order of the printout matters, but if > it doesn't then just putting the print first makes sense. Done in v2. So I assumed that this meant you just wanted me to switch the order, which I did for v2. ...but then Manish pointed out that meant I wasn't printing the right status. Looking again, maybe you meant that I should move the debug statement into the msft_remove_monitor(). I'm not convinced that's any cleaner. That would mean adding an "exit" label to that function just for the printout. It also makes the printout asymmetric with other similar printouts. I'm going back to v1 here. If I've misunderstood then I guess I can always spin again. :-/ -Doug