* [PATCH v2 0/2] Bluetooth: ISO: Fix KCSAN data-races on iso_pi(sk)
@ 2026-04-21 2:51 SeungJu Cheon
2026-04-21 2:51 ` [PATCH v2 1/2] Bluetooth: ISO: Fix data-race on dst in iso_sock_connect() SeungJu Cheon
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: SeungJu Cheon @ 2026-04-21 2:51 UTC (permalink / raw)
To: luiz.dentz, marcel
Cc: linux-bluetooth, netdev, linux-kernel, me, skhan,
linux-kernel-mentees, SeungJu Cheon
Found while auditing iso_pi(sk) field accesses after a KCSAN report.
Patch 1/2 is the reported race on iso_pi(sk)->dst in iso_sock_connect();
patch 2/2 covers related races on other iso_pi(sk) fields accessed in
iso_connect_{bis,cis}() and iso_connect_ind() that were found by
inspection during the same audit.
Changes in v2:
- Patch 1/2: Use sa->iso_bdaddr directly instead of caching the
bacmp() result in a local variable, as suggested by Luiz [1].
This avoids reading from iso_pi(sk) entirely for the broadcast
check.
- Patch 2/2: No changes.
v1: https://lore.kernel.org/linux-bluetooth/20260418053239.128190-1-suunj1331@gmail.com/
[1] https://lore.kernel.org/linux-bluetooth/CABBYNZLBoU3byfK_G+=sTkBx3wNwEh2X6_7dG4+4LFtrc3Skpw@mail.gmail.com/
SeungJu Cheon (2):
Bluetooth: ISO: Fix data-race on dst in iso_sock_connect()
Bluetooth: ISO: Fix data-race on iso_pi(sk) in socket and HCI event
paths
net/bluetooth/iso.c | 56 +++++++++++++++++++++++++--------------------
1 file changed, 31 insertions(+), 25 deletions(-)
--
2.52.0
^ permalink raw reply [flat|nested] 6+ messages in thread* [PATCH v2 1/2] Bluetooth: ISO: Fix data-race on dst in iso_sock_connect() 2026-04-21 2:51 [PATCH v2 0/2] Bluetooth: ISO: Fix KCSAN data-races on iso_pi(sk) SeungJu Cheon @ 2026-04-21 2:51 ` SeungJu Cheon 2026-04-21 4:08 ` Bluetooth: ISO: Fix KCSAN data-races on iso_pi(sk) bluez.test.bot 2026-04-21 2:51 ` [PATCH v2 2/2] Bluetooth: ISO: Fix data-race on iso_pi(sk) in socket and HCI event paths SeungJu Cheon 2026-04-21 17:40 ` [PATCH v2 0/2] Bluetooth: ISO: Fix KCSAN data-races on iso_pi(sk) patchwork-bot+bluetooth 2 siblings, 1 reply; 6+ messages in thread From: SeungJu Cheon @ 2026-04-21 2:51 UTC (permalink / raw) To: luiz.dentz, marcel Cc: linux-bluetooth, netdev, linux-kernel, me, skhan, linux-kernel-mentees, SeungJu Cheon iso_sock_connect() copies the destination address into iso_pi(sk)->dst under lock_sock, then releases the lock and reads it back with bacmp() to decide between the CIS and BIS connect paths: lock_sock(sk); bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr); iso_pi(sk)->dst_type = sa->iso_bdaddr_type; release_sock(sk); if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) // <- no lock held This read after release_sock() races with any concurrent write to iso_pi(sk)->dst on the same socket. Fix by reading the destination address directly from the local sockaddr argument (sa->iso_bdaddr) instead of iso_pi(sk)->dst. Since sa is a function-local argument, reading it requires no locking and avoids the race. This patch addresses only the bacmp() race in iso_sock_connect(); other unprotected iso_pi(sk) accesses are fixed separately in the next patch. KCSAN report: BUG: KCSAN: data-race in memcmp+0x39/0xb0 race at unknown origin, with read to 0xffff8f96ea66dde3 of 1 bytes by task 549 on cpu 1: memcmp+0x39/0xb0 iso_sock_connect+0x275/0xb40 __sys_connect_file+0xbd/0xe0 __sys_connect+0xe0/0x110 __x64_sys_connect+0x40/0x50 x64_sys_call+0xcad/0x1c60 do_syscall_64+0x133/0x590 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0x00 -> 0xee Reported by Kernel Concurrency Sanitizer on: CPU: 1 UID: 0 PID: 549 Comm: iso_race_combin Not tainted 7.0.0-08391-g1d51b370a0f8 #40 PREEMPT(lazy) Fixes: ccf74f2390d6 ("Bluetooth: Add BTPROTO_ISO socket type") Signed-off-by: SeungJu Cheon <suunj1331@gmail.com> --- net/bluetooth/iso.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c index be145e2736b7..290a1b9a9daa 100644 --- a/net/bluetooth/iso.c +++ b/net/bluetooth/iso.c @@ -1193,7 +1193,7 @@ static int iso_sock_connect(struct socket *sock, struct sockaddr_unsized *addr, release_sock(sk); - if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) + if (bacmp(&sa->iso_bdaddr, BDADDR_ANY)) err = iso_connect_cis(sk); else err = iso_connect_bis(sk); -- 2.52.0 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* RE: Bluetooth: ISO: Fix KCSAN data-races on iso_pi(sk) 2026-04-21 2:51 ` [PATCH v2 1/2] Bluetooth: ISO: Fix data-race on dst in iso_sock_connect() SeungJu Cheon @ 2026-04-21 4:08 ` bluez.test.bot 0 siblings, 0 replies; 6+ messages in thread From: bluez.test.bot @ 2026-04-21 4:08 UTC (permalink / raw) To: linux-bluetooth, suunj1331 [-- Attachment #1: Type: text/plain, Size: 3965 bytes --] This is automated email and please do not reply to this email! Dear submitter, Thank you for submitting the patches to the linux bluetooth mailing list. This is a CI test results with your patch series: PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1083591 ---Test result--- Test Summary: CheckPatch FAIL 0.93 seconds GitLint FAIL 0.37 seconds SubjectPrefix PASS 0.38 seconds BuildKernel PASS 20.60 seconds CheckAllWarning PASS 22.42 seconds CheckSparse PASS 21.78 seconds BuildKernel32 PASS 20.58 seconds TestRunnerSetup PASS 419.00 seconds TestRunner_iso-tester PASS 26.91 seconds IncrementalBuild PASS 23.33 seconds Details ############################## Test: CheckPatch - FAIL Desc: Run checkpatch.pl script Output: [v2,1/2] Bluetooth: ISO: Fix data-race on dst in iso_sock_connect() WARNING: Prefer a maximum 75 chars per line (possible unwrapped commit description?) #134: race at unknown origin, with read to 0xffff8f96ea66dde3 of 1 bytes by task 549 on cpu 1: total: 0 errors, 1 warnings, 0 checks, 8 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. /github/workspace/src/patch/14531805.patch has style problems, please review. NOTE: Ignored message types: UNKNOWN_COMMIT_ID NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. [v2,2/2] Bluetooth: ISO: Fix data-race on iso_pi(sk) in socket and HCI event paths WARNING: Prefer a maximum 75 chars per line (possible unwrapped commit description?) #156: CPU: 1 UID: 0 PID: 334 Comm: iso_setup_race Not tainted 7.0.0-10949-g8541d8f725c6 #44 PREEMPT(lazy) total: 0 errors, 1 warnings, 0 checks, 137 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. /github/workspace/src/patch/14531806.patch has style problems, please review. NOTE: Ignored message types: UNKNOWN_COMMIT_ID NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. ############################## Test: GitLint - FAIL Desc: Run gitlint Output: [v2,1/2] Bluetooth: ISO: Fix data-race on dst in iso_sock_connect() WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search 31: B1 Line exceeds max length (88>80): "race at unknown origin, with read to 0xffff8f96ea66dde3 of 1 bytes by task 549 on cpu 1:" 44: B1 Line exceeds max length (100>80): "CPU: 1 UID: 0 PID: 549 Comm: iso_race_combin Not tainted 7.0.0-08391-g1d51b370a0f8 #40 PREEMPT(lazy)" [v2,2/2] Bluetooth: ISO: Fix data-race on iso_pi(sk) in socket and HCI event paths WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search 1: T1 Title exceeds max length (82>80): "[v2,2/2] Bluetooth: ISO: Fix data-race on iso_pi(sk) in socket and HCI event paths" 53: B1 Line exceeds max length (99>80): "CPU: 1 UID: 0 PID: 334 Comm: iso_setup_race Not tainted 7.0.0-10949-g8541d8f725c6 #44 PREEMPT(lazy)" https://github.com/bluez/bluetooth-next/pull/108 --- Regards, Linux Bluetooth ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v2 2/2] Bluetooth: ISO: Fix data-race on iso_pi(sk) in socket and HCI event paths 2026-04-21 2:51 [PATCH v2 0/2] Bluetooth: ISO: Fix KCSAN data-races on iso_pi(sk) SeungJu Cheon 2026-04-21 2:51 ` [PATCH v2 1/2] Bluetooth: ISO: Fix data-race on dst in iso_sock_connect() SeungJu Cheon @ 2026-04-21 2:51 ` SeungJu Cheon 2026-04-21 17:40 ` [PATCH v2 0/2] Bluetooth: ISO: Fix KCSAN data-races on iso_pi(sk) patchwork-bot+bluetooth 2 siblings, 0 replies; 6+ messages in thread From: SeungJu Cheon @ 2026-04-21 2:51 UTC (permalink / raw) To: luiz.dentz, marcel Cc: linux-bluetooth, netdev, linux-kernel, me, skhan, linux-kernel-mentees, SeungJu Cheon Several iso_pi(sk) fields (qos, qos_user_set, bc_sid, base, base_len, sync_handle, bc_num_bis) are written under lock_sock in iso_sock_setsockopt() and iso_sock_bind(), but read and written under hci_dev_lock only in two other paths: - iso_connect_bis() / iso_connect_cis(), invoked from connect(2), read qos/base/bc_sid and reset qos to default_qos on the qos_user_set validation failure -- all without lock_sock. - iso_connect_ind(), invoked from hci_rx_work, writes sync_handle, bc_sid, qos.bcast.encryption, bc_num_bis, base and base_len on PA_SYNC_ESTABLISHED / PAST_RECEIVED / BIG_INFO_ADV_REPORT / PER_ADV_REPORT events. The BIG_INFO handler additionally passes &iso_pi(sk)->qos together with sync_handle / bc_num_bis / bc_bis to hci_conn_big_create_sync() while setsockopt may be mutating them. Acquire lock_sock around the affected accesses in both paths. The locking order hci_dev_lock -> lock_sock matches the existing iso_conn_big_sync() precedent, whose comment documents the same requirement for hci_conn_big_create_sync(). The HCI connect/bind helpers do not wait for command completion -- they enqueue work via hci_cmd_sync_queue{,_once}() / hci_le_create_cis_pending() and return -- so the added hold time is comparable to iso_conn_big_sync(). KCSAN report: BUG: KCSAN: data-race in iso_connect_cis / iso_sock_setsockopt read to 0xffffa3ae8ce3cdc8 of 1 bytes by task 335 on cpu 0: iso_connect_cis+0x49f/0xa20 iso_sock_connect+0x60e/0xb40 __sys_connect_file+0xbd/0xe0 __sys_connect+0xe0/0x110 __x64_sys_connect+0x40/0x50 x64_sys_call+0xcad/0x1c60 do_syscall_64+0x133/0x590 entry_SYSCALL_64_after_hwframe+0x77/0x7f write to 0xffffa3ae8ce3cdc8 of 60 bytes by task 334 on cpu 1: iso_sock_setsockopt+0x69a/0x930 do_sock_setsockopt+0xc3/0x170 __sys_setsockopt+0xd1/0x130 __x64_sys_setsockopt+0x64/0x80 x64_sys_call+0x1547/0x1c60 do_syscall_64+0x133/0x590 entry_SYSCALL_64_after_hwframe+0x77/0x7f Reported by Kernel Concurrency Sanitizer on: CPU: 1 UID: 0 PID: 334 Comm: iso_setup_race Not tainted 7.0.0-10949-g8541d8f725c6 #44 PREEMPT(lazy) The iso_connect_ind() races were found by inspection. Fixes: ccf74f2390d6 ("Bluetooth: Add BTPROTO_ISO socket type") Signed-off-by: SeungJu Cheon <suunj1331@gmail.com> --- net/bluetooth/iso.c | 54 +++++++++++++++++++++++++-------------------- 1 file changed, 30 insertions(+), 24 deletions(-) diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c index 290a1b9a9daa..7cb2864fe872 100644 --- a/net/bluetooth/iso.c +++ b/net/bluetooth/iso.c @@ -347,6 +347,7 @@ static int iso_connect_bis(struct sock *sk) return -EHOSTUNREACH; hci_dev_lock(hdev); + lock_sock(sk); if (!bis_capable(hdev)) { err = -EOPNOTSUPP; @@ -399,13 +400,9 @@ static int iso_connect_bis(struct sock *sk) goto unlock; } - lock_sock(sk); - err = iso_chan_add(conn, sk, NULL); - if (err) { - release_sock(sk); + if (err) goto unlock; - } /* Update source addr of the socket */ bacpy(&iso_pi(sk)->src, &hcon->src); @@ -421,9 +418,8 @@ static int iso_connect_bis(struct sock *sk) iso_sock_set_timer(sk, READ_ONCE(sk->sk_sndtimeo)); } - release_sock(sk); - unlock: + release_sock(sk); hci_dev_unlock(hdev); hci_dev_put(hdev); return err; @@ -444,6 +440,7 @@ static int iso_connect_cis(struct sock *sk) return -EHOSTUNREACH; hci_dev_lock(hdev); + lock_sock(sk); if (!cis_central_capable(hdev)) { err = -EOPNOTSUPP; @@ -498,13 +495,9 @@ static int iso_connect_cis(struct sock *sk) goto unlock; } - lock_sock(sk); - err = iso_chan_add(conn, sk, NULL); - if (err) { - release_sock(sk); + if (err) goto unlock; - } /* Update source addr of the socket */ bacpy(&iso_pi(sk)->src, &hcon->src); @@ -520,9 +513,8 @@ static int iso_connect_cis(struct sock *sk) iso_sock_set_timer(sk, READ_ONCE(sk->sk_sndtimeo)); } - release_sock(sk); - unlock: + release_sock(sk); hci_dev_unlock(hdev); hci_dev_put(hdev); return err; @@ -2256,8 +2248,10 @@ int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) sk = iso_get_sock(hdev, &hdev->bdaddr, bdaddr, BT_LISTEN, iso_match_sid, ev1); if (sk && !ev1->status) { + lock_sock(sk); iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle); iso_pi(sk)->bc_sid = ev1->sid; + release_sock(sk); } goto done; @@ -2268,8 +2262,10 @@ int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) sk = iso_get_sock(hdev, &hdev->bdaddr, bdaddr, BT_LISTEN, iso_match_sid_past, ev1a); if (sk && !ev1a->status) { + lock_sock(sk); iso_pi(sk)->sync_handle = le16_to_cpu(ev1a->sync_handle); iso_pi(sk)->bc_sid = ev1a->sid; + release_sock(sk); } goto done; @@ -2296,27 +2292,35 @@ int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) ev2); if (sk) { - int err; - struct hci_conn *hcon = iso_pi(sk)->conn->hcon; + int err = 0; + bool big_sync; + struct hci_conn *hcon; + lock_sock(sk); + + hcon = iso_pi(sk)->conn->hcon; iso_pi(sk)->qos.bcast.encryption = ev2->encryption; if (ev2->num_bis < iso_pi(sk)->bc_num_bis) iso_pi(sk)->bc_num_bis = ev2->num_bis; - if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) && - !test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) { + big_sync = !test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) && + !test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags); + + if (big_sync) err = hci_conn_big_create_sync(hdev, hcon, &iso_pi(sk)->qos, iso_pi(sk)->sync_handle, iso_pi(sk)->bc_num_bis, iso_pi(sk)->bc_bis); - if (err) { - bt_dev_err(hdev, "hci_le_big_create_sync: %d", - err); - sock_put(sk); - sk = NULL; - } + + release_sock(sk); + + if (big_sync && err) { + bt_dev_err(hdev, "hci_le_big_create_sync: %d", + err); + sock_put(sk); + sk = NULL; } } @@ -2370,8 +2374,10 @@ int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) if (!base || base_len > BASE_MAX_LENGTH) goto done; + lock_sock(sk); memcpy(iso_pi(sk)->base, base, base_len); iso_pi(sk)->base_len = base_len; + release_sock(sk); } else { /* This is a PA data fragment. Keep pa_data_len set to 0 * until all data has been reassembled. -- 2.52.0 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v2 0/2] Bluetooth: ISO: Fix KCSAN data-races on iso_pi(sk) 2026-04-21 2:51 [PATCH v2 0/2] Bluetooth: ISO: Fix KCSAN data-races on iso_pi(sk) SeungJu Cheon 2026-04-21 2:51 ` [PATCH v2 1/2] Bluetooth: ISO: Fix data-race on dst in iso_sock_connect() SeungJu Cheon 2026-04-21 2:51 ` [PATCH v2 2/2] Bluetooth: ISO: Fix data-race on iso_pi(sk) in socket and HCI event paths SeungJu Cheon @ 2026-04-21 17:40 ` patchwork-bot+bluetooth 2 siblings, 0 replies; 6+ messages in thread From: patchwork-bot+bluetooth @ 2026-04-21 17:40 UTC (permalink / raw) To: SeungJu Cheon Cc: luiz.dentz, marcel, linux-bluetooth, netdev, linux-kernel, me, skhan, linux-kernel-mentees Hello: This series was applied to bluetooth/bluetooth-next.git (master) by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>: On Tue, 21 Apr 2026 11:51:20 +0900 you wrote: > Found while auditing iso_pi(sk) field accesses after a KCSAN report. > Patch 1/2 is the reported race on iso_pi(sk)->dst in iso_sock_connect(); > patch 2/2 covers related races on other iso_pi(sk) fields accessed in > iso_connect_{bis,cis}() and iso_connect_ind() that were found by > inspection during the same audit. > > Changes in v2: > - Patch 1/2: Use sa->iso_bdaddr directly instead of caching the > bacmp() result in a local variable, as suggested by Luiz [1]. > This avoids reading from iso_pi(sk) entirely for the broadcast > check. > > [...] Here is the summary with links: - [v2,1/2] Bluetooth: ISO: Fix data-race on dst in iso_sock_connect() https://git.kernel.org/bluetooth/bluetooth-next/c/20ca2749b31a - [v2,2/2] Bluetooth: ISO: Fix data-race on iso_pi(sk) in socket and HCI event paths https://git.kernel.org/bluetooth/bluetooth-next/c/66d4d518020b You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/2] Bluetooth: ISO: Fix data-race on dst in iso_sock_connect()
@ 2026-04-18 5:34 SeungJu Cheon
2026-04-18 6:17 ` Bluetooth: ISO: Fix KCSAN data-races on iso_pi(sk) bluez.test.bot
0 siblings, 1 reply; 6+ messages in thread
From: SeungJu Cheon @ 2026-04-18 5:34 UTC (permalink / raw)
To: luiz.dentz, marcel
Cc: linux-bluetooth, netdev, linux-kernel, me, skhan,
linux-kernel-mentees, SeungJu Cheon
iso_sock_connect() copies the destination address into
iso_pi(sk)->dst under lock_sock, then releases the lock and reads
it back with bacmp() to decide between the CIS and BIS connect
paths:
lock_sock(sk);
bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr);
iso_pi(sk)->dst_type = sa->iso_bdaddr_type;
release_sock(sk);
if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY)) // <- no lock held
This read after release_sock() races with any concurrent write to
iso_pi(sk)->dst on the same socket.
Fix by performing the bacmp() inside the lock_sock critical section
and caching the result in a local variable.
This patch addresses only the bacmp() race in iso_sock_connect();
other unprotected iso_pi(sk) accesses are fixed separately in the
next patch.
KCSAN report:
BUG: KCSAN: data-race in memcmp+0x39/0xb0
race at unknown origin, with read to 0xffff8f96ea66dde3 of 1 bytes by task 549 on cpu 1:
memcmp+0x39/0xb0
iso_sock_connect+0x275/0xb40
__sys_connect_file+0xbd/0xe0
__sys_connect+0xe0/0x110
__x64_sys_connect+0x40/0x50
x64_sys_call+0xcad/0x1c60
do_syscall_64+0x133/0x590
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x00 -> 0xee
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 549 Comm: iso_race_combin Not tainted 7.0.0-08391-g1d51b370a0f8 #40 PREEMPT(lazy)
Fixes: ccf74f2390d6 ("Bluetooth: Add BTPROTO_ISO socket type")
Signed-off-by: SeungJu Cheon <suunj1331@gmail.com>
---
net/bluetooth/iso.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c
index be145e2736b7..14963ba68597 100644
--- a/net/bluetooth/iso.c
+++ b/net/bluetooth/iso.c
@@ -1169,6 +1169,7 @@ static int iso_sock_connect(struct socket *sock, struct sockaddr_unsized *addr,
struct sockaddr_iso *sa = (struct sockaddr_iso *)addr;
struct sock *sk = sock->sk;
int err;
+ bool bcast;
BT_DBG("sk %p", sk);
@@ -1191,9 +1192,11 @@ static int iso_sock_connect(struct socket *sock, struct sockaddr_unsized *addr,
bacpy(&iso_pi(sk)->dst, &sa->iso_bdaddr);
iso_pi(sk)->dst_type = sa->iso_bdaddr_type;
+ bcast = !bacmp(&iso_pi(sk)->dst, BDADDR_ANY);
+
release_sock(sk);
- if (bacmp(&iso_pi(sk)->dst, BDADDR_ANY))
+ if (!bcast)
err = iso_connect_cis(sk);
else
err = iso_connect_bis(sk);
--
2.52.0
^ permalink raw reply related [flat|nested] 6+ messages in thread* RE: Bluetooth: ISO: Fix KCSAN data-races on iso_pi(sk) 2026-04-18 5:34 [PATCH 1/2] Bluetooth: ISO: Fix data-race on dst in iso_sock_connect() SeungJu Cheon @ 2026-04-18 6:17 ` bluez.test.bot 0 siblings, 0 replies; 6+ messages in thread From: bluez.test.bot @ 2026-04-18 6:17 UTC (permalink / raw) To: linux-bluetooth, suunj1331 [-- Attachment #1: Type: text/plain, Size: 3829 bytes --] This is automated email and please do not reply to this email! Dear submitter, Thank you for submitting the patches to the linux bluetooth mailing list. This is a CI test results with your patch series: PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1082745 ---Test result--- Test Summary: CheckPatch FAIL 1.15 seconds GitLint FAIL 0.53 seconds SubjectPrefix PASS 0.21 seconds BuildKernel PASS 20.74 seconds CheckAllWarning PASS 22.73 seconds CheckSparse PASS 22.00 seconds BuildKernel32 PASS 20.52 seconds TestRunnerSetup PASS 414.87 seconds TestRunner_iso-tester PASS 26.97 seconds IncrementalBuild PASS 22.15 seconds Details ############################## Test: CheckPatch - FAIL Desc: Run checkpatch.pl script Output: [1/2] Bluetooth: ISO: Fix data-race on dst in iso_sock_connect() WARNING: Prefer a maximum 75 chars per line (possible unwrapped commit description?) #132: race at unknown origin, with read to 0xffff8f96ea66dde3 of 1 bytes by task 549 on cpu 1: total: 0 errors, 1 warnings, 0 checks, 19 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. /github/workspace/src/patch/14529234.patch has style problems, please review. NOTE: Ignored message types: UNKNOWN_COMMIT_ID NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. [2/2] Bluetooth: ISO: Fix data-race on iso_pi(sk) in socket and HCI event paths WARNING: Prefer a maximum 75 chars per line (possible unwrapped commit description?) #156: CPU: 1 UID: 0 PID: 334 Comm: iso_setup_race Not tainted 7.0.0-10949-g8541d8f725c6 #44 PREEMPT(lazy) total: 0 errors, 1 warnings, 0 checks, 137 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. /github/workspace/src/patch/14529235.patch has style problems, please review. NOTE: Ignored message types: UNKNOWN_COMMIT_ID NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. ############################## Test: GitLint - FAIL Desc: Run gitlint Output: [1/2] Bluetooth: ISO: Fix data-race on dst in iso_sock_connect() WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search 29: B1 Line exceeds max length (88>80): "race at unknown origin, with read to 0xffff8f96ea66dde3 of 1 bytes by task 549 on cpu 1:" 42: B1 Line exceeds max length (100>80): "CPU: 1 UID: 0 PID: 549 Comm: iso_race_combin Not tainted 7.0.0-08391-g1d51b370a0f8 #40 PREEMPT(lazy)" [2/2] Bluetooth: ISO: Fix data-race on iso_pi(sk) in socket and HCI event paths WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search 53: B1 Line exceeds max length (99>80): "CPU: 1 UID: 0 PID: 334 Comm: iso_setup_race Not tainted 7.0.0-10949-g8541d8f725c6 #44 PREEMPT(lazy)" https://github.com/bluez/bluetooth-next/pull/102 --- Regards, Linux Bluetooth ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2026-04-21 17:40 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2026-04-21 2:51 [PATCH v2 0/2] Bluetooth: ISO: Fix KCSAN data-races on iso_pi(sk) SeungJu Cheon 2026-04-21 2:51 ` [PATCH v2 1/2] Bluetooth: ISO: Fix data-race on dst in iso_sock_connect() SeungJu Cheon 2026-04-21 4:08 ` Bluetooth: ISO: Fix KCSAN data-races on iso_pi(sk) bluez.test.bot 2026-04-21 2:51 ` [PATCH v2 2/2] Bluetooth: ISO: Fix data-race on iso_pi(sk) in socket and HCI event paths SeungJu Cheon 2026-04-21 17:40 ` [PATCH v2 0/2] Bluetooth: ISO: Fix KCSAN data-races on iso_pi(sk) patchwork-bot+bluetooth -- strict thread matches above, loose matches on Subject: below -- 2026-04-18 5:34 [PATCH 1/2] Bluetooth: ISO: Fix data-race on dst in iso_sock_connect() SeungJu Cheon 2026-04-18 6:17 ` Bluetooth: ISO: Fix KCSAN data-races on iso_pi(sk) bluez.test.bot
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox