From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> This reverts commit cb8adca52f306563d958a863bb0cbae9c184d1ae which is commit f7b94bdc1ec107c92262716b073b3e816d4784fb upstream. It is reported to cause regressions in the 6.1.y tree, so revert it for now. Link: https://lore.kernel.org/all/CADRbXaDqx6S+7tzdDPPEpRu9eDLrHQkqoWTTGfKJSRxY=hT5MQ@xxxxxxxxxxxxxx/ Reported-by: Jeremy Lainé <jeremy.laine@xxxxxxx> Cc: Salvatore Bonaccorso <carnil@xxxxxxxxxx> Cc: Mike <user.service2016@xxxxxxxxx> Cc: Marcel Holtmann <marcel@xxxxxxxxxxxx> Cc: Johan Hedberg <johan.hedberg@xxxxxxxxx> Cc: Paul Menzel <pmenzel@xxxxxxxxxxxxx> Cc: Pauli Virtanen <pav@xxxxxx> Cc: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx> Cc: Sasha Levin <sashal@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- net/bluetooth/af_bluetooth.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/net/bluetooth/af_bluetooth.c +++ b/net/bluetooth/af_bluetooth.c @@ -307,11 +307,14 @@ int bt_sock_recvmsg(struct socket *sock, if (flags & MSG_OOB) return -EOPNOTSUPP; + lock_sock(sk); + skb = skb_recv_datagram(sk, flags, &err); if (!skb) { if (sk->sk_shutdown & RCV_SHUTDOWN) err = 0; + release_sock(sk); return err; } @@ -337,6 +340,8 @@ int bt_sock_recvmsg(struct socket *sock, skb_free_datagram(sk, skb); + release_sock(sk); + if (flags & MSG_TRUNC) copied = skblen; @@ -559,11 +564,10 @@ int bt_sock_ioctl(struct socket *sock, u if (sk->sk_state == BT_LISTEN) return -EINVAL; - spin_lock(&sk->sk_receive_queue.lock); + lock_sock(sk); skb = skb_peek(&sk->sk_receive_queue); amount = skb ? skb->len : 0; - spin_unlock(&sk->sk_receive_queue.lock); - + release_sock(sk); err = put_user(amount, (int __user *)arg); break; Patches currently in stable-queue which might be from gregkh@xxxxxxxxxxxxxxxxxxx are queue-6.1/revert-bluetooth-hci_sync-fix-overwriting-request-callback.patch queue-6.1/revert-bluetooth-hci_core-fix-possible-buffer-overflow.patch queue-6.1/revert-bluetooth-fix-use-after-free-in-accessing-skb-after-sending-it.patch queue-6.1/revert-bluetooth-hci_conn-consolidate-code-for-aborting-connections.patch queue-6.1/revert-bluetooth-af_bluetooth-fix-deadlock.patch