Re: [PATCH] Bluetooth: avoid page fault from sco_send_frame()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [PATCH] Bluetooth: avoid page fault from sco_send_frame()
From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Date: Sat, 4 Sep 2021 11:02:58 +0900
Cc: LinMa <linma@xxxxxxxxxx>, "linux-bluetooth@xxxxxxxxxxxxxxx" <linux-bluetooth@xxxxxxxxxxxxxxx>, Marcel Holtmann <marcel@xxxxxxxxxxxx>, Johan Hedberg <johan.hedberg@xxxxxxxxx>, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
In-reply-to: <a7bed103-dbb1-6783-aba7-f18a4d495c13@i-love.sakura.ne.jp>
References: <15f5a46.b79d9.17ba6802ccd.Coremail.linma@zju.edu.cn> <c998d16d-f45a-8be4-2898-9e94509cb2ea@i-love.sakura.ne.jp> <60f604f8-2a89-fd3f-996f-9d9e4a229427@i-love.sakura.ne.jp> <CABBYNZK-JvPcB_T39_NUE-O6ztE6crNEfmFxszEtAu3OkrKF2A@mail.gmail.com> <a7bed103-dbb1-6783-aba7-f18a4d495c13@i-love.sakura.ne.jp>
User-agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0

Commit 99c23da0eed4fd20 ("Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()") in linux-next.git should be sent to linux.git now as a mitigation for CVE-2021-3640.

But I think "[PATCH v3 3/4] Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg" still contains bug.

Follow-Ups:
- Re: [PATCH] Bluetooth: avoid page fault from sco_send_frame()
  - From: Salvatore Bonaccorso

References:
- Help needed in patching CVE-2021-3640
  - From: LinMa
- Re: Help needed in patching CVE-2021-3640
  - From: Tetsuo Handa
- [PATCH] Bluetooth: avoid page fault from sco_send_frame()
  - From: Tetsuo Handa
- Re: [PATCH] Bluetooth: avoid page fault from sco_send_frame()
  - From: Luiz Augusto von Dentz
- Re: [PATCH] Bluetooth: avoid page fault from sco_send_frame()
  - From: Tetsuo Handa

Prev by Date: Re: [Bluez] shared/shell: don't allow completion fallback
Next by Date: Re: [syzbot] WARNING: kmalloc bug in hash_net_create
Previous by thread: Re: [PATCH] Bluetooth: avoid page fault from sco_send_frame()
Next by thread: Re: [PATCH] Bluetooth: avoid page fault from sco_send_frame()
Index(es):
- Date
- Thread

[Index of Archives] [Bluez Devel] [Linux Wireless Networking] [Linux Wireless Personal Area Networking] [Linux ATH6KL] [Linux USB Devel] [Linux Media Drivers] [Linux Audio Users] [Linux Kernel] [Linux SCSI] [Big List of Linux Books]