git.baikalelectronics.ru Git - kernel.git/commit

author	Johan Hedberg <johan.hedberg@intel.com>
	Wed, 11 Nov 2015 19:47:12 +0000 (21:47 +0200)
committer	Marcel Holtmann <marcel@holtmann.org>
	Wed, 11 Nov 2015 22:48:34 +0000 (23:48 +0100)
commit	d39ce867cc557c0f148b71fc7bb205cfc7b266a6
tree	fc563a53515efdb1ecc2a42291adf42505e7b03b	tree \| snapshot
parent	310d2df23ae2a2e8d1fdefd73285496e5822939d	commit \| diff

Bluetooth: Fix l2cap_chan leak in SMP

The L2CAP core expects channel implementations to manage the reference
returned by the new_connection callback. With sockets this is already
handled with each channel being tied to the corresponding socket. With
SMP however there's no context to tie the pointer to in the
smp_new_conn_cb function. The function can also not just drop the
reference since it's the only one at that point.

For fixed channels (like SMP) the code path inside the L2CAP core from
new_connection() to ready() is short and straight-forwards. The
crucial difference is that in ready() the implementation has access to
the l2cap_conn that SMP needs associate its l2cap_chan. Instead of
taking a new reference in smp_ready_cb() we can simply assume to
already own the reference created in smp_new_conn_cb(), i.e. there is
no need to call l2cap_chan_hold().

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org # 3.19+