lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2023091012-python-image-6f03@gregkh>
Date:   Sun, 10 Sep 2023 21:25:50 +0100
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Deepak Rathore <deeratho@...co.com>
Cc:     stable@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [v6.1.52][PATCH] Bluetooth: btsdio: fix use after free bug in
 btsdio_remove due to race condition

On Wed, Sep 06, 2023 at 05:45:25PM +0530, Deepak Rathore wrote:
> From: Zheng Wang <zyytlz.wz@....com>
> 
> [ Upstream commit 73f7b171b7c09139eb3c6a5677c200dc1be5f318 ]
> 
> In btsdio_probe, the data->work is bound with btsdio_work. It will be
> started in btsdio_send_frame.
> 
> If the btsdio_remove runs with a unfinished work, there may be a race
> condition that hdev is freed but used in btsdio_work. Fix it by
> canceling the work before do cleanup in btsdio_remove.
> 
> Signed-off-by: Zheng Wang <zyytlz.wz@....com>
> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@...el.com>
> Signed-off-by: Deepak Rathore <deeratho@...co.com>

Meta-comment, are you SURE you want this applied?  If so, why was it
reverted upstream in 6.4 in commit db2bf510bd5d ("Revert "Bluetooth:
btsdio: fix use after free bug in btsdio_remove due to unfinished
work"")

What testing did you do that determined this should be added to the
tree?  How did you come up with just this one commit to be requested to
be applied to just this one branch?

thanks,

greg k-h-

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ