Re: [PATCH 1/2] nfc: llcp: Fix use-after-free in llcp_sock_release()

[Lee Jones]

On Wed, 06 May 2026, David Heidelberg wrote:

> Hello Lee.
> 
> Yeah, I think today these should hit the linux-next integration tree, and I need to setup the Thank you email to work in `b4 review` :)

Thanks David.  And thanks for picking up the new role.

BTW, you may want to configure your mailer too. :)

> -------- Original Message --------
> From: Lee Jones <lee@xxxxxxxxxx>
> Sent: 6 May 2026 08:11:45 UTC
> To: Jakub Kicinski <kuba@xxxxxxxxxx>
> Cc: David Heidelberg <david+nfc@xxxxxxx>, "David S. Miller" <davem@xxxxxxxxxxxxx>, Eric Dumazet <edumazet@xxxxxxxxxx>, Paolo Abeni <pabeni@xxxxxxxxxx>, Simon Horman <horms@xxxxxxxxxx>, Kuniyuki Iwashima <kuniyu@xxxxxxxxxx>, Kees Cook <kees@xxxxxxxxxx>, Junxi Qian <qjx1298677004@xxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Samuel Ortiz <sameo@xxxxxxxxxxxxxxx>, netdev@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx
> Subject: Re: [PATCH 1/2] nfc: llcp: Fix use-after-free in llcp_sock_release()
> 
> On Fri, 01 May 2026, Jakub Kicinski wrote:
> 
> > On Wed, 29 Apr 2026 13:40:41 +0000 Lee Jones wrote:
> > > llcp_sock_release() unconditionally unlinks the socket from the local
> > > sockets list.  However, if the socket is still in connecting state, it
> > > is on the connecting list.
> > > 
> > > Fix this by checking the socket state and unlinking from the correct list.
> > > 
> > > Fixes: b4011239a08e ("NFC: llcp: Fix non blocking sockets connections")
> > > Signed-off-by: Lee Jones <lee@xxxxxxxxxx>
> > 
> > Adding David H and dropping from netdev's patchwork..
> 
> Is anyone looking at these please?
> 
> These are pretty important.
> 

-- 
Lee Jones