Hello:
This series was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>:
On Sat, 30 Sep 2023 15:53:32 +0300 you wrote:
> In hci_abort_conn_sync it is possible that conn is deleted concurrently
> by something else, also e.g. when waiting for hdev->lock. This causes
> double deletion of the conn, so UAF or conn_hash.list corruption.
>
> Fix by having all code paths check that the connection is still in
> conn_hash before deleting it, while holding hdev->lock which prevents
> any races.
>
> [...]
Here is the summary with links:
- [v2,1/2] Bluetooth: hci_sync: always check if connection is alive before deleting
https://git.kernel.org/bluetooth/bluetooth-next/c/32f6776f0083
- [v2,2/2] Bluetooth: hci_conn: verify connection is to be aborted before doing it
(no matching commit)
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
