Re: [PATCH v2] Bluetooth: L2CAP: Fix UAF in channel timeout by holding conn ref

Next message: Wadim Mueller: "Re: [PATCH v3 2/3] dt-bindings: iio: flow: add Sensirion SLF3S liquid flow sensor"
Previous message: Fredrik Markstrom: "Re: [PATCH v2 0/3] arm64: perf: Skip device memory during user callchain unwinding"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Marco Elver

Date: Thu Jun 11 2026 - 06:37:05 EST

On Fri, 5 Jun 2026 at 17:48, Luiz Augusto von Dentz
<luiz.dentz@xxxxxxxxx> wrote:
[..]
> While I consider this a much cleaner approach than any the previous,
> perhaps we could go one step further and stop using chan->conn as an
> indiciation that l2cap_chan_del has run/detach l2cap_chan and instead
> perhaps use a flag e.g. FLAG_DEL, that way we can make chan->conn be
> used for reference tracking alone and don't need to introduce yet
> another field for it.

I agree in theory, but this is a larger refactor and needs a careful
audit of every user of conn in conditionals. Haven't had time to look
at that yet.

Thanks,
-- Marco