Received: by 2002:ab2:1689:0:b0:1f7:5705:b850 with SMTP id d9csp662231lqa; Sat, 27 Apr 2024 20:48:46 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCX74CJQ6yxp8MAc98W4x//L/lM+cAw6SQYQI47RgbslwPnW3xnmki+hbfghU0mdfs3d2kPoA/jBBS4aR6z2SshaJ3OFWeyw0YgZYIIebQ== X-Google-Smtp-Source: AGHT+IEjCoS+s/yYoxfw2DnKhmaQVxhwNSD6ayzVJDuLn5DKVVSpNozOS8yls0vrFwzdlIAGJSJx X-Received: by 2002:a05:600c:458d:b0:41a:9a6a:41e1 with SMTP id r13-20020a05600c458d00b0041a9a6a41e1mr5613759wmo.29.1714276126253; Sat, 27 Apr 2024 20:48:46 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714276126; cv=pass; d=google.com; s=arc-20160816; b=OaE58DhIfXLgj1d0Mo/2v9qcCly7IiIQuMyKpQxr+m07TZj/7ZgbM2Ys8r1etEr1na gSeAQfzffYwMGsVfBIybWBM6ZXbL1qoUufgrcz8GA1kiGhkr2cW0cxiiG1WImbR1maWw 8oXAzhJG5/YVmpQQk1C3IMZ2f+N+jHWICNvdovWhC1ZpANpo9z0CXdXZO/Jn5HqYR7w3 v5e4HCDXvagR79tVc+Pqoc6h1S9PjxGyrfTWy97YxY6A39n2zf36MLc3huKpVB42nXEe vyka1tSycEmyqNH1TplZaRO25w89IEEk48xDztmXt9Yx+6O9n4mdjvKKU5/fcly8EQIR az9Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence; bh=DYPrh4DHdmH+zyt0A/i+XtVcAopST5l2VEcQ5Ak5hpQ=; fh=lxbsn1rhwyjKcvl/q5Q8aIK1x9u37nVk4NHA5mDx0Kw=; b=Wo3m9rCrFTMWreDshc/4+D1YzJKZB4/KncicveMxBnkT8nMjX3rW2mMKQ4M6kI3yyy YjkRiC0EJIJ1zWTwIvTS3DGLfgWqMHhNFkgza6lIh6vw5QLiYQnKvBdwPE9VlYjj9zsd eumYDrIngYo0uj/kDFkYY7LFq0zPlSowptusMOlc1P0chi+s3iSMBxK+1jheBvZcjKWZ qHcd9UYnRfLLIfdx1+qgu01odJqYxdOytn0Z2DqJWcSud8TqiqdihNd9TjJ/VZKluy0t 8adAD7Ga9pviV/2JA5+p+vdRi9SYs80+N6qtMoCrsQV/rD/VpoNqNnx/KyH/sq2PSEU7 7NRQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=gmail.com); spf=pass (google.com: domain of linux-bluetooth+bounces-4139-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-4139-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=sung-woo.kim Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id hg17-20020a170906f35100b00a523be5894fsi12613151ejb.603.2024.04.27.20.48.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 27 Apr 2024 20:48:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth+bounces-4139-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=gmail.com); spf=pass (google.com: domain of linux-bluetooth+bounces-4139-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-4139-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=sung-woo.kim Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 024861F2169E for ; Sun, 28 Apr 2024 03:48:46 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 703923D64; Sun, 28 Apr 2024 03:48:37 +0000 (UTC) X-Original-To: linux-bluetooth@vger.kernel.org Received: from mail-lj1-f170.google.com (mail-lj1-f170.google.com [209.85.208.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 79E5823BB for ; Sun, 28 Apr 2024 03:48:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.170 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714276117; cv=none; b=rjMoAbIBAuvjOtCDzK7GoY5Wy0PQDX+nbrz08w5hoiW2bmQQspmidNVC+oaSub2Oq7XlwpSfQ2SGX+pHRm66qj5Ykcj3Ho+zeKyORVcx9fQfYzDPjp893kRfX6v/jPdZ+fZmXNzo6D19EQgeaGxvWvRBlc51Cl2KQ8JLwjUh4cQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714276117; c=relaxed/simple; bh=T9aAS6gjprJFrjRsVKMX+gzE3b6ZZkshttqPSxfH9OY=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: Cc:Content-Type; b=NQm8e6QJlo4OiMua8IJHc5TN4gp1Mf5F2m+/c3mI14xDdzEoP9PzzJaMfmpXVBBM7eln+6RUhPPAHa8QEIs0UnsTCPd4ogAb8wuidwiUDcnnMi655wxRBgr9Ub76GXG+aUeUBXwKdQ1wR2PiLE3w6mMPvlM5wLekVM/kljVLbb4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=sung-woo.kim; spf=pass smtp.mailfrom=gmail.com; arc=none smtp.client-ip=209.85.208.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=sung-woo.kim Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-lj1-f170.google.com with SMTP id 38308e7fff4ca-2dd041acff1so38641251fa.1 for ; Sat, 27 Apr 2024 20:48:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714276113; x=1714880913; h=content-transfer-encoding:cc:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DYPrh4DHdmH+zyt0A/i+XtVcAopST5l2VEcQ5Ak5hpQ=; b=jv8BjnbaaxlViQbAU1+Rp+RjDT96tZUsLKQqckp+xVlaDn90zT7aGj59l9gYEwjLRi deqNHgm2/I9drnKYDEVG0GRanpbo8GqmuTfoP+dMKM5vxif+d6ltP2osGoTcOd6rB3gR EVb4bx6KwdSb1SDBRlqKgmVfIHvFJK4dJtTpEvsg49AuYehVbC8BY2ku2hEfHOLK16m7 eDbFCfSbYj8XnizHGrLSC3X6zAZfSmt2C5nmwj8GjWM+OkhTlVLK4K72QbXK9bZNqE+j AEKHkXJ5vfLobHnhHxFceT7UXuDVpcDQizWBrztqLCoyUGf/W4d/oedTlcdC4ekNRidR a+9Q== X-Forwarded-Encrypted: i=1; AJvYcCVYCa1cNtJ8sLGcbcdcyEkSuO+HKHKqedhbYmdcYj41O7B4wzmEeJ34JcPqwFsNwC6LBFq2UVOwXEgnPZ9ZVTuGS6j26vF0xKjh3str4XXE X-Gm-Message-State: AOJu0YxOShrzbTrUFVvHIlf9n80fMdcpp6b81RUm7vYs/1Ijl82drzak mx19iHxSt9pjnyyEVna6bVa3q+DTQq4KNiKdQfGI7yYLICRrK0Zr/EqECbVqIsY= X-Received: by 2002:a2e:8703:0:b0:2dd:1802:a1ee with SMTP id m3-20020a2e8703000000b002dd1802a1eemr3748803lji.0.1714276113187; Sat, 27 Apr 2024 20:48:33 -0700 (PDT) Received: from mail-lf1-f46.google.com (mail-lf1-f46.google.com. [209.85.167.46]) by smtp.gmail.com with ESMTPSA id d5-20020a2e96c5000000b002df6de7283asm647378ljj.126.2024.04.27.20.48.32 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 27 Apr 2024 20:48:33 -0700 (PDT) Received: by mail-lf1-f46.google.com with SMTP id 2adb3069b0e04-51aa6a8e49aso4001080e87.3 for ; Sat, 27 Apr 2024 20:48:32 -0700 (PDT) X-Forwarded-Encrypted: i=1; AJvYcCVkCMKAjRS4Y368wuJmkbUguaYTrDckSGIEKOSeotWEiDtlEc61m8F9jtAZiaSEJdZQdgZv5LpLs9HES/VofMJmNuqToPh/aawgIPQ2OrPY X-Received: by 2002:a19:7708:0:b0:51b:d3a2:9d85 with SMTP id s8-20020a197708000000b0051bd3a29d85mt3212757lfc.9.1714276112649; Sat, 27 Apr 2024 20:48:32 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240427051934.879051-1-iam@sung-woo.kim> In-Reply-To: <20240427051934.879051-1-iam@sung-woo.kim> From: Sungwoo Kim Date: Sat, 27 Apr 2024 23:47:53 -0400 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] Bluetooth: msft: fix slab-use-after-free in msft_do_close() Cc: daveti@purdue.edu, Marcel Holtmann , Johan Hedberg , Luiz Augusto von Dentz , linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello, Could you not apply this? I found an error. On Sat, Apr 27, 2024 at 1:19=E2=80=AFAM Sungwoo Kim wrot= e: > > + > +static struct msft_data *msft_data_hold_unless_zero(struct msft_data *ms= ft) > +{ > + BT_DBG("msft %p orig refcnt %u", msft, kref_read(&msft->kref)); Here, msft could be NULL. &msft->kref causes a null-ptr-deref error. I already sent a v2 patch fixing this. > + > + if (!msft) > + return NULL; > + > + if (!kref_get_unless_zero(&msft->kref)) > + return NULL; > + > + return msft; > +} > + Thanks, Sungwoo.