[PATCH v2 0/2] Bluetooth: ISO: Fix KCSAN data-races on iso_pi(sk)

Next message: SeungJu Cheon: "[PATCH v2 1/2] Bluetooth: ISO: Fix data-race on dst in iso_sock_connect()"
Previous message: SeungJu Cheon: "[PATCH v2 2/2] Bluetooth: ISO: Fix data-race on iso_pi(sk) in socket and HCI event paths"
Next in thread: SeungJu Cheon: "[PATCH v2 2/2] Bluetooth: ISO: Fix data-race on iso_pi(sk) in socket and HCI event paths"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: SeungJu Cheon

Date: Mon Apr 20 2026 - 22:52:31 EST

Found while auditing iso_pi(sk) field accesses after a KCSAN report.
Patch 1/2 is the reported race on iso_pi(sk)->dst in iso_sock_connect();
patch 2/2 covers related races on other iso_pi(sk) fields accessed in
iso_connect_{bis,cis}() and iso_connect_ind() that were found by
inspection during the same audit.

Changes in v2:
- Patch 1/2: Use sa->iso_bdaddr directly instead of caching the
bacmp() result in a local variable, as suggested by Luiz [1].
This avoids reading from iso_pi(sk) entirely for the broadcast
check.

- Patch 2/2: No changes.

v1: https://lore.kernel.org/linux-bluetooth/20260418053239.128190-1-suunj1331@xxxxxxxxx/

[1] https://lore.kernel.org/linux-bluetooth/CABBYNZLBoU3byfK_G+=sTkBx3wNwEh2X6_7dG4+4LFtrc3Skpw@xxxxxxxxxxxxxx/

SeungJu Cheon (2):
Bluetooth: ISO: Fix data-race on dst in iso_sock_connect()
Bluetooth: ISO: Fix data-race on iso_pi(sk) in socket and HCI event
paths

net/bluetooth/iso.c | 56 +++++++++++++++++++++++++--------------------
1 file changed, 31 insertions(+), 25 deletions(-)

--
2.52.0