Re: Bluetooth: mgmt: Fix heap overflow in mgmt_mesh_add

Next message: Michal Hocko: "Re: [PATCH 0/4] Introduce QPW for per-cpu operations"
Previous message: Joel Fernandes: "Re: [PATCH v10 5/8] rust: clist: Add support to interface with C linked lists"
In reply to: Daniel Matsumoto: "Re: Bluetooth: mgmt: Fix heap overflow in mgmt_mesh_add"
Next in thread: Maiquel Paiva: "Re: Bluetooth: mgmt: Fix heap overflow in mgmt_mesh_add"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Maiquel Paiva

Date: Thu Feb 19 2026 - 14:29:57 EST

Hello Daniel and Luiz,

Daniel, thank you for the detailed analysis of the lock.
Once again, I made the mistake of analyzing the function in isolation.

In fact, I used `hdev->lock` in v4 of this series,
but I changed it to `mgmt_pending_lock` (and `guard(mutex)`)
specifically because it was suggested during a v4 review
to align with other list protections in that file.

But your analysis makes it clear that the primary device lock
already serializes this path.

Luiz, I fully agree with removing/reverting `003ca042a386` as well.
The list operations are already secure, thank you both for noticing this.

I consider this whole discussion a great learning experience on how to
track complete call paths and lock routes before introducing new locks!

Thanks,
Maiquel Paiva