Re: [PATCH] Bluetooth: L2CAP: Fix user-after-free

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello:

This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>:

On Thu, 29 Sep 2022 13:32:41 -0700 you wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
> 
> This uses l2cap_chan_hold_unless_zero() after calling
> __l2cap_get_chan_blah() to prevent the following trace:
> 
> Bluetooth: l2cap_core.c:static void l2cap_chan_destroy(struct kref
> *kref)
> Bluetooth: chan 0000000023c4974d
> Bluetooth: parent 00000000ae861c08
> ==================================================================
> BUG: KASAN: use-after-free in __mutex_waiter_is_first
> kernel/locking/mutex.c:191 [inline]
> BUG: KASAN: use-after-free in __mutex_lock_common
> kernel/locking/mutex.c:671 [inline]
> BUG: KASAN: use-after-free in __mutex_lock+0x278/0x400
> kernel/locking/mutex.c:729
> Read of size 8 at addr ffff888006a49b08 by task kworker/u3:2/389
> 
> [...]

Here is the summary with links:
  - Bluetooth: L2CAP: Fix user-after-free
    https://git.kernel.org/bluetooth/bluetooth-next/c/35fcbc4243aa

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux