Re: use-after-free in bluetooth (hci_conn_hash_flush)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dave Jones <davej@redhat.com>
To: Andrei Emeltchenko <andrei.emeltchenko.news@gmail.com>
Cc: Marcel Holtmann <marcel@holtmann.org>,
	"Gustavo F. Padovan" <padovan@profusion.mobi>,
	Linux Kernel <linux-kernel@vger.kernel.org>,
	Fedora Kernel Team <kernel-team@fedoraproject.org>
Subject: Re: use-after-free in bluetooth (hci_conn_hash_flush)
Date: Tue, 6 Mar 2012 10:22:15 -0500	[thread overview]
Message-ID: <20120306152215.GA20793@redhat.com> (raw)
In-Reply-To: <20120306085342.GA8432@aemeltch-MOBL1>

On Tue, Mar 06, 2012 at 10:53:44AM +0200, Andrei Emeltchenko wrote:

 > On Mon, Mar 05, 2012 at 05:12:42PM -0500, Dave Jones wrote:
 > > We had a user report this, which looks like a use after free
 > > in hci_conn_hash_flush(). Probably related to bf4c63252490ba78fb833cc7acf1a5b1900c970f
 > 
 > Yes most probably this is the reason.
 > 
 > > Full report is at https://bugzilla.redhat.com/show_bug.cgi?id=797590
 > 
 > Could you try following commit?
 > 
 > commit 3c4e0df028935618d052235ba85bc7079be13394
 > Author: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
 > Date:   Thu Feb 2 10:32:17 2012 +0200
 > 
 >     Bluetooth: Use list _safe deleting from conn_hash_list

Could you attach the patch ? I'll throw it into a Fedora build for
the user who saw this to test.

	Dave

next prev parent reply	other threads:[~2012-03-06 15:22 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-03-05 22:12 use-after-free in bluetooth (hci_conn_hash_flush) Dave Jones
2012-03-06  8:53 ` Andrei Emeltchenko
2012-03-06 15:22   ` Dave Jones [this message]
2012-03-07  8:36     ` Andrei Emeltchenko

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120306152215.GA20793@redhat.com \
    --to=davej@redhat.com \
    --cc=andrei.emeltchenko.news@gmail.com \
    --cc=kernel-team@fedoraproject.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=marcel@holtmann.org \
    --cc=padovan@profusion.mobi \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.