Commit 4bd80d7a authored by Niels Dossche's avatar Niels Dossche Committed by Marcel Holtmann

Bluetooth: move adv_instance_cnt read within the device lock

The field adv_instance_cnt is always accessed within a device lock,
except in the function add_advertising. A concurrent remove of an
advertisement with adding another one could result in the if check
"if a new instance was actually added" to not trigger, resulting
in not triggering the "advertising added event".
Signed-off-by: default avatarNiels Dossche <niels.dossche@ugent.be>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
parent 728abc01
......@@ -8079,7 +8079,7 @@ static int add_advertising(struct sock *sk, struct hci_dev *hdev,
u32 flags;
u8 status;
u16 timeout, duration;
unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
unsigned int prev_instance_cnt;
u8 schedule_instance = 0;
struct adv_info *next_instance;
int err;
......@@ -8130,6 +8130,8 @@ static int add_advertising(struct sock *sk, struct hci_dev *hdev,
goto unlock;
}
prev_instance_cnt = hdev->adv_instance_cnt;
err = hci_add_adv_instance(hdev, cp->instance, flags,
cp->adv_data_len, cp->data,
cp->scan_rsp_len,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment