From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 98E97EE49A4
	for <stable@archiver.kernel.org>; Sun, 10 Sep 2023 20:25:54 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233296AbjIJUZ5 (ORCPT <rfc822;stable@archiver.kernel.org>);
        Sun, 10 Sep 2023 16:25:57 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33170 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229688AbjIJUZ5 (ORCPT
        <rfc822;stable@vger.kernel.org>); Sun, 10 Sep 2023 16:25:57 -0400
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7203A135;
        Sun, 10 Sep 2023 13:25:53 -0700 (PDT)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id AF664C433C7;
        Sun, 10 Sep 2023 20:25:52 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1694377553;
        bh=M3XVpYTqMwblDvLDn0+Gp61z7L6XFs9z98lcQBonSEE=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=F2hGKi4a0virIj+5bk4bqBU5xa6SbOIxFosULuH2+EkgrTYMrzI0i9CE84yuKxSyJ
         7Vi1sgnfUcaLkYQQWc8u0e6kdSgzDZ5eYiw+spV+VsI53R3NMveqrXliFVxNP11hXS
         W0Ne6Lac9BzyGG2JlZvZqLBJXo2OMSD6jnknjAoc=
Date:   Sun, 10 Sep 2023 21:25:50 +0100
From:   Greg KH <gregkh@linuxfoundation.org>
To:     Deepak Rathore <deeratho@cisco.com>
Cc:     stable@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [v6.1.52][PATCH] Bluetooth: btsdio: fix use after free bug in
 btsdio_remove due to race condition
Message-ID: <2023091012-python-image-6f03@gregkh>
References: <20230906121525.3946250-1-deeratho@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20230906121525.3946250-1-deeratho@cisco.com>
Precedence: bulk
List-ID: <stable.vger.kernel.org>
X-Mailing-List: stable@vger.kernel.org

On Wed, Sep 06, 2023 at 05:45:25PM +0530, Deepak Rathore wrote:
> From: Zheng Wang <zyytlz.wz@163.com>
> 
> [ Upstream commit 73f7b171b7c09139eb3c6a5677c200dc1be5f318 ]
> 
> In btsdio_probe, the data->work is bound with btsdio_work. It will be
> started in btsdio_send_frame.
> 
> If the btsdio_remove runs with a unfinished work, there may be a race
> condition that hdev is freed but used in btsdio_work. Fix it by
> canceling the work before do cleanup in btsdio_remove.
> 
> Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> Signed-off-by: Deepak Rathore <deeratho@cisco.com>

Meta-comment, are you SURE you want this applied?  If so, why was it
reverted upstream in 6.4 in commit db2bf510bd5d ("Revert "Bluetooth:
btsdio: fix use after free bug in btsdio_remove due to unfinished
work"")

What testing did you do that determined this should be added to the
tree?  How did you come up with just this one commit to be requested to
be applied to just this one branch?

thanks,

greg k-h-