Received: by 2002:a05:7412:3784:b0:e2:908c:2ebd with SMTP id jk4csp2101761rdb; Tue, 3 Oct 2023 10:10:44 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGxd/+Wk/sGKAIsvUYcNgSZ6XZpJGP7FJF9HXBjLo51361qU2MoYeYB0e2UID0nPeFaWojr X-Received: by 2002:a05:6358:591c:b0:143:7d73:6e63 with SMTP id g28-20020a056358591c00b001437d736e63mr81889rwf.2.1696353044505; Tue, 03 Oct 2023 10:10:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696353044; cv=none; d=google.com; s=arc-20160816; b=lKwt8TLc1VeJbgJN/gF6sYHeg6n+EP0PtjZDYdUUaoqX0b0dIzO2ly/Y4MLy2Y1t9Q LTIiUxxgy7LLguyEXinU9yHNYO9Z+q+LUVID8lXVtzRJRpE/kiVBs7EPnGgiFxhCZhWM h7ot8JglKD71GZtjJBrpbZsJMBwocPmCBXawj+BkSoixh+KRAv+DqOR7DZuCH4to+wA7 Fy2ScteTvX92tuTVqxSmoT5KKIEram73hohPmw54VVUy36PHXJHkNFrMbEjs7MyG1Isu t03gDNQvhIxXrs3oj6y4aQ9r4+mak326Z0TJCj5FICDyigesF9s1WQ0APHjBI03O0jOv mMEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:date:message-id :from:subject:content-transfer-encoding:mime-version:dkim-signature; bh=vIGVvoxWQ8TmsgAzI4uQ7gX9yKivE/fb1cFie/MOCP0=; fh=fAVvqa29TMCSLQ1BWo+IkeTh9vOt2h2EvlnFWIq0DOI=; b=gsW3tJGf9C78ZR0SOpY8AtRNTbM+4GQeLWFFEnWLvaMFavHzsJ1Z0GhvqiOhMCcWlr 7J/PvTQwjAofV9jp9B3HXSIV9o3TNLFAU7AMtS8fpGVn96gebbLLqg8q05y75QOpqWhR U9NoUgysApRFzgo5GdzA8ebGDkCmO8MAYmnRej22fktiY8Q5jlD19JcMWwEMfa9uhPhN SRzPWhFo4NA9UZLnze9aNkmnCKL1KQiIwY2J9WsbopPrXCQ4Cf0rcJ0BIvXm+hxADvPH MIYpTkpRjKkoL2dfvmmKViZNYOIlkkO5DlbkcCqQi9sBCqZJDWoSJvrqMqy7cdM5cfYT olAg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=MzvXx6hI; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id a22-20020a637f16000000b00565e92e8734si1803729pgd.769.2023.10.03.10.10.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Oct 2023 10:10:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=MzvXx6hI; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 4AE7C80BB200; Tue, 3 Oct 2023 10:10:32 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231791AbjJCRKc (ORCPT + 99 others); Tue, 3 Oct 2023 13:10:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51130 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230422AbjJCRKc (ORCPT ); Tue, 3 Oct 2023 13:10:32 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 02A2FA7 for ; Tue, 3 Oct 2023 10:10:28 -0700 (PDT) Received: by smtp.kernel.org (Postfix) with ESMTPS id 9BBA1C433C8; Tue, 3 Oct 2023 17:10:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696353027; bh=sffx/fc2QiY2yopVmvlFFzi0A5WGVXMiOIaGg2Ta9tc=; h=Subject:From:Date:References:In-Reply-To:To:Cc:From; b=MzvXx6hIxkx28nV1ak+KnfgOspASZTTH1MH9rAOg/zTPR9jpdxcAy/u4G3NCXHJGZ xzIdSBNUiGXdgRGr/QqD9QoLvIFCilFRL5yRjAVrorjL34o0rrQK+QTrswiUOc3qPq mOk3wxbw55FHNTSZQlK9WzyOPDYpkRN9iKQ1peMhqnfve1nKYPBu7HAZLzsZu6x2tN UKWYQ8vW2Q5sbEKaEA+MbQMH1VbpKj7xdk0jc2KzJmV42Kei2s1b431N6ntBADU7Jv CW9pe4swH4imFNgSi6Zrp4triofP1Npk6M59Atr87isa2v0Fa2TR4THqfxLQAli0+x lpolrUHJ7An1w== Received: from aws-us-west-2-korg-oddjob-1.ci.codeaurora.org (localhost.localdomain [127.0.0.1]) by aws-us-west-2-korg-oddjob-1.ci.codeaurora.org (Postfix) with ESMTP id 79A6EE632D1; Tue, 3 Oct 2023 17:10:27 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: Re: [PATCH v2 1/2] Bluetooth: hci_sync: always check if connection is alive before deleting From: patchwork-bot+bluetooth@kernel.org Message-Id: <169635302749.22624.6754938752814022940.git-patchwork-notify@kernel.org> Date: Tue, 03 Oct 2023 17:10:27 +0000 References: <53130b4a5fb21a15f2674c336282d25ef5d2232e.1696077070.git.pav@iki.fi> In-Reply-To: <53130b4a5fb21a15f2674c336282d25ef5d2232e.1696077070.git.pav@iki.fi> To: Pauli Virtanen Cc: linux-bluetooth@vger.kernel.org X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Tue, 03 Oct 2023 10:10:32 -0700 (PDT) Hello: This series was applied to bluetooth/bluetooth-next.git (master) by Luiz Augusto von Dentz : On Sat, 30 Sep 2023 15:53:32 +0300 you wrote: > In hci_abort_conn_sync it is possible that conn is deleted concurrently > by something else, also e.g. when waiting for hdev->lock. This causes > double deletion of the conn, so UAF or conn_hash.list corruption. > > Fix by having all code paths check that the connection is still in > conn_hash before deleting it, while holding hdev->lock which prevents > any races. > > [...] Here is the summary with links: - [v2,1/2] Bluetooth: hci_sync: always check if connection is alive before deleting https://git.kernel.org/bluetooth/bluetooth-next/c/32f6776f0083 - [v2,2/2] Bluetooth: hci_conn: verify connection is to be aborted before doing it (no matching commit) You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html