Revert "Bluetooth: fix use-after-free in accessing skb after sending it"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

This reverts commit 715264ad09fd4004e347cdb79fa58a4f2344f13f which is
commit 947ec0d002dce8577b655793dcc6fc78d67b7cb6 upstream.

It is reported to cause regressions in the 6.1.y tree, so revert it for
now.

Link: https://lore.kernel.org/all/CADRbXaDqx6S+7tzdDPPEpRu9eDLrHQkqoWTTGfKJSRxY=hT5MQ@xxxxxxxxxxxxxx/
Reported-by: Jeremy Lainé <jeremy.laine@xxxxxxx>
Cc: Salvatore Bonaccorso <carnil@xxxxxxxxxx>
Cc: Mike <user.service2016@xxxxxxxxx>
Cc: Marcel Holtmann <marcel@xxxxxxxxxxxx>
Cc: Johan Hedberg <johan.hedberg@xxxxxxxxx>
Cc: Paul Menzel <pmenzel@xxxxxxxxxxxxx>
Cc: Pauli Virtanen <pav@xxxxxx>
Cc: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
Cc: Sasha Levin <sashal@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 net/bluetooth/hci_core.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -4146,7 +4146,7 @@ static void hci_send_cmd_sync(struct hci
 	if (hci_req_status_pend(hdev) &&
 	    !hci_dev_test_and_set_flag(hdev, HCI_CMD_PENDING)) {
 		kfree_skb(hdev->req_skb);
-		hdev->req_skb = skb_clone(hdev->sent_cmd, GFP_KERNEL);
+		hdev->req_skb = skb_clone(skb, GFP_KERNEL);
 	}
 
 	atomic_dec(&hdev->cmd_cnt);


Patches currently in stable-queue which might be from gregkh@xxxxxxxxxxxxxxxxxxx are

queue-6.1/revert-bluetooth-hci_sync-fix-overwriting-request-callback.patch
queue-6.1/revert-bluetooth-hci_core-fix-possible-buffer-overflow.patch
queue-6.1/revert-bluetooth-fix-use-after-free-in-accessing-skb-after-sending-it.patch
queue-6.1/revert-bluetooth-hci_conn-consolidate-code-for-aborting-connections.patch
queue-6.1/revert-bluetooth-af_bluetooth-fix-deadlock.patch




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux