Re: Bluetooth: mgmt: Fix heap overflow in mgmt_mesh_add

Next message: Caleb Sander Mateos: "[PATCH v3 3/4] io_uring/uring_cmd: allow non-iopoll cmds with IORING_SETUP_IOPOLL"
Previous message: Daniel Wagner: "Re: [PATCH] blkdev: Annotate struct request_queue with __counted_by_ptr"
In reply to: Maiquel Paiva: "Re: Bluetooth: mgmt: Fix heap overflow in mgmt_mesh_add"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Maiquel Paiva

Date: Thu Feb 19 2026 - 12:25:07 EST

Thank you for the detailed follow-up.
The explanation about EXPORT_SYMBOL makes perfect sense.

I was analyzing the function's limits in complete isolation,
and didn't realize the context of the trust limit within the module itself.

I will certainly use this as a great learning experience,
(it's never too late to learn!)

I fully agree with reverting commit ac0c6f1b6a58
("Bluetooth: mgmt: Fix heap overflow in mgmt_mesh_add")
to avoid confusion and unnecessary code changes,
since the function that calls mesh_send already handles sanitization.

Just to confirm: what will happen to the other commit in this series that addresses the blocking problem
(003ca042a386)? The handling of the mesh_pending list was indeed unprotected
that's exactly what guard(mutex) is for.

Thank you for the review.

Thanks,
Maiquel Paiva