From: patchwork-bot+bluetooth@kernel.org
To: Ying Hsu <yinghsu@chromium.org>
Cc: marcel@holtmann.org, chromeos-bluetooth-upstreaming@chromium.org,
syzbot+2bef95d3ab4daa10155b@syzkaller.appspotmail.com,
josephsih@chromium.org, davem@davemloft.net,
desmondcheongzx@gmail.com, kuba@kernel.org,
johan.hedberg@gmail.com, luiz.dentz@gmail.com, pabeni@redhat.com,
linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org,
netdev@vger.kernel.org
Subject: Re: [PATCH v2] Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
Date: Tue, 29 Mar 2022 11:40:11 +0000 [thread overview]
Message-ID: <164855401131.3735.13754664491252004228.git-patchwork-notify@kernel.org> (raw)
In-Reply-To: <20220326070853.v2.1.I67f8ad854ac2f48701902bfb34d6e2070011b779@changeid>
Hello:
This patch was applied to bluetooth/bluetooth-next.git (master)
by Marcel Holtmann <marcel@holtmann.org>:
On Sat, 26 Mar 2022 07:09:28 +0000 you wrote:
> Connecting the same socket twice consecutively in sco_sock_connect()
> could lead to a race condition where two sco_conn objects are created
> but only one is associated with the socket. If the socket is closed
> before the SCO connection is established, the timer associated with the
> dangling sco_conn object won't be canceled. As the sock object is being
> freed, the use-after-free problem happens when the timer callback
> function sco_sock_timeout() accesses the socket. Here's the call trace:
>
> [...]
Here is the summary with links:
- [v2] Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
https://git.kernel.org/bluetooth/bluetooth-next/c/300cf0bfb43e
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
prev parent reply other threads:[~2022-03-29 11:40 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-26 7:09 [PATCH v2] Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout Ying Hsu
2022-03-26 7:58 ` [v2] " bluez.test.bot
2022-03-29 11:40 ` patchwork-bot+bluetooth [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=164855401131.3735.13754664491252004228.git-patchwork-notify@kernel.org \
--to=patchwork-bot+bluetooth@kernel.org \
--cc=chromeos-bluetooth-upstreaming@chromium.org \
--cc=davem@davemloft.net \
--cc=desmondcheongzx@gmail.com \
--cc=johan.hedberg@gmail.com \
--cc=josephsih@chromium.org \
--cc=kuba@kernel.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luiz.dentz@gmail.com \
--cc=marcel@holtmann.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=syzbot+2bef95d3ab4daa10155b@syzkaller.appspotmail.com \
--cc=yinghsu@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.