From: Lee Jones <lee.jones@linaro.org>
To: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
Cc: Eric Dumazet <edumazet@google.com>,
LKML <linux-kernel@vger.kernel.org>,
stable@kernel.org, Marcel Holtmann <marcel@holtmann.org>,
Johan Hedberg <johan.hedberg@gmail.com>,
"David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
"linux-bluetooth@vger.kernel.org"
<linux-bluetooth@vger.kernel.org>,
netdev <netdev@vger.kernel.org>
Subject: Re: [RESEND 1/1] Bluetooth: Use chan_list_lock to protect the whole put/destroy invokation
Date: Fri, 15 Jul 2022 08:28:37 +0100 [thread overview]
Message-ID: <YtEXJRpOx9kADVcs@google.com> (raw)
In-Reply-To: <CABBYNZJXiGHB+pyKq3uPaGfP29VdauevrBPeXbcU0LEHcEf_hg@mail.gmail.com>
> Hi Lee,
> > > > > > I'm struggling to apply this for test:
> > > > > >
> > > > > > "error: corrupt patch at line 6"
> > > > >
> > > > > Check with the attached patch.
> > > >
> > > > With the patch applied:
> > > >
> > > > [ 188.825418][ T75] refcount_t: addition on 0; use-after-free.
> > > > [ 188.825418][ T75] refcount_t: addition on 0; use-after-free.
> > >
> > > Looks like the changes just make the issue more visible since we are
> > > trying to add a refcount when it is already 0 so this proves the
> > > design is not quite right since it is removing the object from the
> > > list only when destroying it while we probably need to do it before.
> > >
> > > How about we use kref_get_unless_zero as it appears it was introduced
> > > exactly for such cases (patch attached.)
> >
> > Looks like I missed a few places like l2cap_global_chan_by_psm so here
> > is another version.
>
> Any feedback regarding these changes?
Not yet. I'll have time to test this next week.
Things really stacked up this week, apologies.
--
Lee Jones [李琼斯]
Principal Technical Lead - Developer Services
Linaro.org │ Open source software for Arm SoCs
Follow Linaro: Facebook | Twitter | Blog
next prev parent reply other threads:[~2022-07-15 7:28 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-22 8:27 [RESEND 1/1] Bluetooth: Use chan_list_lock to protect the whole put/destroy invokation Lee Jones
2022-06-22 9:15 ` [RESEND,1/1] " bluez.test.bot
2022-06-27 14:17 ` [RESEND 1/1] " Lee Jones
2022-06-27 14:41 ` Eric Dumazet
2022-06-27 23:39 ` Luiz Augusto von Dentz
2022-06-28 18:36 ` Luiz Augusto von Dentz
2022-06-29 15:28 ` Lee Jones
2022-07-05 17:21 ` Luiz Augusto von Dentz
2022-07-06 10:53 ` Lee Jones
2022-07-06 20:36 ` Luiz Augusto von Dentz
2022-07-06 20:58 ` Luiz Augusto von Dentz
2022-07-14 17:46 ` Luiz Augusto von Dentz
2022-07-15 7:28 ` Lee Jones [this message]
2022-07-20 11:52 ` Lee Jones
2022-07-20 17:10 ` Luiz Augusto von Dentz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YtEXJRpOx9kADVcs@google.com \
--to=lee.jones@linaro.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=johan.hedberg@gmail.com \
--cc=kuba@kernel.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luiz.dentz@gmail.com \
--cc=marcel@holtmann.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.