Re: [PATCH 1/2] nfc: llcp: Fix use-after-free in llcp_sock_release()

Next message: J&#xFC;rgen Gro&#xDF;: "Re: [PATCH v2 2/8] x86/msr: Consolidate rdmsr() definitions"
Previous message: Ivaylo Dimitrov: "Re: [PATCH v2 4/5] arch: arm: dts: cpcap-mapphone: Add audio-codec jack detection interrupts"
In reply to: Lee Jones: "Re: [PATCH 1/2] nfc: llcp: Fix use-after-free in llcp_sock_release()"
Next in thread: Lee Jones: "Re: [PATCH 1/2] nfc: llcp: Fix use-after-free in llcp_sock_release()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Heidelberg

Date: Wed May 06 2026 - 07:09:12 EST

Hello Lee.

Yeah, I think today these should hit the linux-next integration tree, and I need to setup the Thank you email to work in `b4 review` :)

David

-------- Original Message --------
From: Lee Jones <lee@xxxxxxxxxx>
Sent: 6 May 2026 08:11:45 UTC
To: Jakub Kicinski <kuba@xxxxxxxxxx>
Cc: David Heidelberg <david+nfc@xxxxxxx>, "David S. Miller" <davem@xxxxxxxxxxxxx>, Eric Dumazet <edumazet@xxxxxxxxxx>, Paolo Abeni <pabeni@xxxxxxxxxx>, Simon Horman <horms@xxxxxxxxxx>, Kuniyuki Iwashima <kuniyu@xxxxxxxxxx>, Kees Cook <kees@xxxxxxxxxx>, Junxi Qian <qjx1298677004@xxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Samuel Ortiz <sameo@xxxxxxxxxxxxxxx>, netdev@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx
Subject: Re: [PATCH 1/2] nfc: llcp: Fix use-after-free in llcp_sock_release()

On Fri, 01 May 2026, Jakub Kicinski wrote:

> On Wed, 29 Apr 2026 13:40:41 +0000 Lee Jones wrote:
> > llcp_sock_release() unconditionally unlinks the socket from the local
> > sockets list. However, if the socket is still in connecting state, it
> > is on the connecting list.
> >
> > Fix this by checking the socket state and unlinking from the correct list.
> >
> > Fixes: b4011239a08e ("NFC: llcp: Fix non blocking sockets connections")
> > Signed-off-by: Lee Jones <lee@xxxxxxxxxx>
>
> Adding David H and dropping from netdev's patchwork..

Is anyone looking at these please?

These are pretty important.