]> git.hungrycats.org Git - linux/commitdiff
projects / linux / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 59d7b1a)
Revert "Bluetooth: fix use-after-free in accessing skb after sending it"
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 13 Nov 2024 14:42:18 +0000 (15:42 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 17 Nov 2024 14:07:19 +0000 (15:07 +0100)
This reverts commit 715264ad09fd4004e347cdb79fa58a4f2344f13f which is
commit 947ec0d002dce8577b655793dcc6fc78d67b7cb6 upstream.

It is reported to cause regressions in the 6.1.y tree, so revert it for
now.

Link: https://lore.kernel.org/all/CADRbXaDqx6S+7tzdDPPEpRu9eDLrHQkqoWTTGfKJSRxY=hT5MQ@mail.gmail.com/
Reported-by: Jeremy Lainé <jeremy.laine@m4x.org>
Cc: Salvatore Bonaccorso <carnil@debian.org>
Cc: Mike <user.service2016@gmail.com>
Cc: Marcel Holtmann <marcel@holtmann.org>
Cc: Johan Hedberg <johan.hedberg@gmail.com>
Cc: Paul Menzel <pmenzel@molgen.mpg.de>
Cc: Pauli Virtanen <pav@iki.fi>
Cc: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Cc: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/bluetooth/hci_core.c patch | blob | history

diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 993b98257bc280e914c267f91ee0efa19aa914d8..796d9258787c5b1f375539800dfc80ce0843af53 100644 (file)
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -4146,7 +4146,7 @@ static void hci_send_cmd_sync(struct hci_dev *hdev, struct sk_buff *skb)
        if (hci_req_status_pend(hdev) &&
            !hci_dev_test_and_set_flag(hdev, HCI_CMD_PENDING)) {
                kfree_skb(hdev->req_skb);
-               hdev->req_skb = skb_clone(hdev->sent_cmd, GFP_KERNEL);
+               hdev->req_skb = skb_clone(skb, GFP_KERNEL);
        }
 
        atomic_dec(&hdev->cmd_cnt);
Linux kernels and configurations used by Zygo.