Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Date:   Mon, 17 Jul 2023 23:48:49 +0800
From:   joeyli <jlee@suse.com>
To:     Dan Carpenter <dan.carpenter@linaro.org>
Cc:     Markus Elfring <Markus.Elfring@web.de>,
        linux-bluetooth@vger.kernel.org, kernel-janitors@vger.kernel.org,
        Chun-Yi Lee <joeyli.kernel@gmail.com>,
        "David S. Miller" <davem@davemloft.net>,
        Johan Hedberg <johan.hedberg@gmail.com>,
        Marcel Holtmann <marcel@holtmann.org>,
        LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] Bluetooth: hci_event: Ignore NULL link key in
 hci_link_key_notify_evt()
Message-ID: <20230717154849.GB14791@linux-l9pv.suse>
References: <20230714161210.20969-1-jlee@suse.com>
 <8eeb958e-d947-2f6d-5942-d30746cf1268@web.de>
 <20230717055150.GO5866@linux-l9pv.suse>
 <7cae670e-b7c5-470b-536b-ab03513cd0a3@web.de>
 <20230717102310.GS5866@linux-l9pv.suse>
 <7cc32a46-b4f6-4d92-bf72-24fdbb8f3eca@kadam.mountain>
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <7cc32a46-b4f6-4d92-bf72-24fdbb8f3eca@kadam.mountain>
User-Agent: Mutt/1.11.4 (2019-03-13)
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?NElIdTNtQm8xMWVrcWJGZVQxRGZaR1RleVBtV1U2T0FjRXhvdFd4K0ZaYmpj?=
 =?utf-8?B?NFE0cDVYa1JlZFAvbFY2blk0V055dWljdUFpMitqc2oxZ09tOHF5eEdlUHhG?=
 =?utf-8?B?UXZwaWFYS01ERXpYUVQwbjhRQXdBZTJHa3R0QjJVN1NHTm1kbE5VczNuMFZS?=
 =?utf-8?B?akYwdUFrN1dpeXNybzgySE9MMnZ1dnN3RzBoYjRKVnM4ZEdKT2hZeHdGSndU?=
 =?utf-8?B?aTlsYWtZYW1OVW5vdEtXMi9hQldOQkNLZHlVZU9FMjZCcnZaREwxTUFnYzhn?=
 =?utf-8?B?ZmJ3cFNObm4rL0F2a0Y4Yjg4Wk1YWlViUXFGYkhVY2JFY09iVllOb0tlQjBl?=
 =?utf-8?B?MnZzN3hRMmlFV0VWS0x6bXJxdEUwRjhDOWQ0ZFBSVW4rMzRSdjlpWHQzU3h0?=
 =?utf-8?B?SHNrcHNnWnV6bmU5R0NFNG9EQjZpUER0UG42Rk80TTd0MVZLVlpEQlU4MFEz?=
 =?utf-8?B?azI2aGtYNWo4MldDY29FRFJMdG5hSTlOQmY5eEJkVmVMU2Q5ODI1QUFralJJ?=
 =?utf-8?B?RTAxNW0wNTR2Mk53WVc5KzJuN08yNFJHRmpHK0haV0Juc1JWT1dlR25JbWRU?=
 =?utf-8?B?SkZERUhBZHZnZ1ZlN3VkcThvYUpBQldSNHovcHRCWHIyc3k1TW5pQmo3UnZJ?=
 =?utf-8?B?d2lFNllBODN6NHVZT3lKT25qbFRWalU0b2JEYUVIVTh1T0dzWTBZcC9MdWVr?=
 =?utf-8?B?OHF1dCsyU0dVNDNTUHd4Um92aDMzR002V01vcGgzZzVkQmI0RVBtMnEycWlE?=
 =?utf-8?B?SGZ6M0RSQVRxWnlaVlplbEF0YmxhZkE5Tm1Ka0tCaWxCWEVjNXZLeHlKOU01?=
 =?utf-8?B?dlFYbXRkWHBncTNCMGxrWkp2ZE5TaWVRTVlSRWQ4UzZuVzJQUFNkNStpZEQ4?=
 =?utf-8?B?elk0NHhDT3RYUTRDRGdtL0RZNVhoSUlxdnRub1F4a21DTUVUVXpMQy9Gc0Ew?=
 =?utf-8?B?RHRsbjVUQ3hobFVVb3lGQkhIUjd6cFRFdllTZ1YxZ2lVTFc1VDJzMFE4TW9h?=
 =?utf-8?B?LzIrMTQ4cmJWZGx6cklLTXdpeEUyNW1xTGE1Y1g2QkZMRmhob1lRQ0lMT2FE?=
 =?utf-8?B?NnRPL25KbTJudm1ReWU2eitrNDc2VGJzNzh4V2tyTWhlalFQMmFtbk5vNytl?=
 =?utf-8?B?R3hCRXNidlN0VmdNSzBxSTUrSnc3QnhYeUtqWXArY3JhandOMHdVN21zL21F?=
 =?utf-8?B?OFByRHQ4Y1ptNG5leE0vVy9zTkpITHJCc0drQXBFMk00L0tQTlpGQjA0OTRV?=
 =?utf-8?B?SXZYemtKV2tmT1dTU2QrODB1Q0xSQjJXZVk1YWFRWHNIZjgyblJ2TXpLSE5t?=
 =?utf-8?B?ek9RWUZJY1Z0aFBuOFRoVVZYUUNLaFQvVlVGUVhPam9NWUFYTThCNWQwVUM5?=
 =?utf-8?B?TjR0MG1RSXpBYjFGTGxrS0xUQVhVY0JITlR5ZHE1am5SZ05pNFMzMlVlL1Q2?=
 =?utf-8?B?QnorWTBNRFo1TEwwV0NxeWZiZUNyNW10elFaYk54b0R1K2JOcjdSWnA2aU8x?=
 =?utf-8?B?dU9kV0FHVy9zVytSc3ZpSzJlcnhIdVBGaVFRc1JjbTd2TWFweG13SmNVaVEx?=
 =?utf-8?B?ZXc1UnFnOEtoYXZ0bFRZRGFNbzZER25Jb3ZGWWJVWmRpUlNmMmpnbnpLVktn?=
 =?utf-8?B?MnBsY0V0UjVZTGN6OElybmpheDhYWXdPaFAzK0hlR3dRYzdXZkNyeGEyTHNS?=
 =?utf-8?B?d3dHM242cGNkemlMV1h4S1lGM2Rsd0ZNa3QrU05nZzdTRi9seEkyRFIvd2xO?=
 =?utf-8?B?dll3cFlqOGNRek95R2Y0bmJHQlFPa0E4MkxjNU54QktCUTJWRGhlL2FYMWJJ?=
 =?utf-8?B?YUhMcm9tRDRyb1BpMlJ6Z2QvZE5VbU9OTWtEclo4U3RsbmV6K0ZNamNOWndC?=
 =?utf-8?B?eUw0MzJ4TFZKaURhN3ZyVHFnUGhPdWxHeHVDK0hDZGllcFZBekJHUk4xblVq?=
 =?utf-8?B?eWJNYzlzQXR2K2hXT2xaWE9RSUEyVG13MWc1Ykg2bFJ3OHhiMGVBR3FsV2Vm?=
 =?utf-8?B?dVVUdzhoZ2F6RHdLd0RrVVZOM3I5N09sTmFYWTBaSU9WZWNKRldoNjd6alZN?=
 =?utf-8?B?ZGVWM0ZlSXlqWXRpYndhc3dEN25MVWQ0VkZvRFBGUGdjaHpVWjZWRlVpWXdD?=
 =?utf-8?Q?Dg4Zk5MrU2ac/A1uUw1QO4x7F?=
X-OriginatorOrg: suse.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8d36c95b-9249-4c3a-36ef-08db86dd53ed
X-MS-Exchange-CrossTenant-AuthSource: DB8PR04MB7164.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Jul 2023 15:48:55.8061
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: a60omoB9B1UwhYZlmkoW3ONhokN+5vy77cJOzMmrQp4S6dU4e6ouQ08UpS1BhY/D
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR04MB9628
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,
        RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

Hi Dan,

On Mon, Jul 17, 2023 at 02:25:06PM +0300, Dan Carpenter wrote:
> On Mon, Jul 17, 2023 at 06:23:10PM +0800, joeyli wrote:
> > Hi Markus,
> > 
> > On Mon, Jul 17, 2023 at 08:15:56AM +0200, Markus Elfring wrote:
> > > >> …
> > > >>> We can ignore null link key in the handler of "Link Key Notification
> > > >>> event" to relieve the attack. …
> > > …
> > > > Sorry for I didn't capture your point.
> > > 
> > > Did you provide sufficient justification for a possible addition of the tag “Fixes”?
> > >
> > 
> > This patch is against a CVE. The issue is not introduced by any old kernel
> > patch. So I think it doesn't need Fixes: tag.
> 
> You should probably put a Fixes tag against when the feature was
> introduced.  (Kernel's prior to that were not affected by the CVE).
> 

OK! I see.

I have digged that the link key stored function be introduced by 55ed8ca10f35
since v2.6.39-rc1:

commit 55ed8ca10f3530de8edbbf138acb50992bf5005b
Author: Johan Hedberg <johan.hedberg@nokia.com>
Date:   Mon Jan 17 14:41:05 2011 +0200

    Bluetooth: Implement link key handling for the management interface

I will add Fixes: 55ed8ca10f35 ("Bluetooth: Implement link key handling for the management interface")
in next version.

Thanks for your and Markus's reminder.

Joey Lee