All of lore.kernel.org
 help / color / mirror / Atom feed
From: Greg KH <gregkh@linuxfoundation.org>
To: XIAO WU <xiaowu.417@qq.com>
Cc: Alva Lan <alvalan9@foxmail.com>,
	sashal@kernel.org, stable@vger.kernel.org,
	linux-kernel@vger.kernel.org, Pauli Virtanen <pav@iki.fi>,
	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Subject: Re: [PATCH 6.6.y] Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync
Date: Sun, 21 Jun 2026 07:38:53 +0200	[thread overview]
Message-ID: <2026062127-serve-valid-f1b2@gregkh> (raw)
In-Reply-To: <tencent_D72AF901D90EB103AEB5111845A7AC8FF705@qq.com>

On Sun, Jun 21, 2026 at 09:57:51AM +0800, XIAO WU wrote:
> Hi,
> 
> I came across a Sashiko AI code review [1] that flagged a related
> use-after-free in `get_l2cap_conn()` — it has the same lock-dropping
> pattern that your patch fixes in `set_cig_params_sync()`.
> 
> I was able to trigger it in QEMU with KASAN on a 6.6.y kernel. Writing
> to the 6lowpan debugfs control file races against connection teardown.

That's a very old kernel version, can you try 7.1.1 please?  Also, can
you just send a fix for it if it is an issue there?

thanks,

greg k-h

      reply	other threads:[~2026-06-21  5:38 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-08  9:56 [PATCH 6.6.y] Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync Alva Lan
2026-06-09  0:51 ` Sasha Levin
2026-06-21  1:57 ` XIAO WU
2026-06-21  5:38   ` Greg KH [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2026062127-serve-valid-f1b2@gregkh \
    --to=gregkh@linuxfoundation.org \
    --cc=alvalan9@foxmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luiz.von.dentz@intel.com \
    --cc=pav@iki.fi \
    --cc=sashal@kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=xiaowu.417@qq.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.