Commit 5b4cedaa authored by Andrei Emeltchenko's avatar Andrei Emeltchenko Committed by Johan Hedberg

Bluetooth: Fix double locking in LE and conless chan

Remove socket lock since chan->ops->recv locks socket itself.
Signed-off-by: default avatarAndrei Emeltchenko <andrei.emeltchenko@intel.com>
Reviewed-by: default avatarUlisses Furquim <ulisses@profusion.mobi>
Acked-by: default avatarGustavo F. Padovan <padovan@profusion.mobi>
Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
parent 8a7a3fd6
...@@ -4369,18 +4369,13 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk ...@@ -4369,18 +4369,13 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb) static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
{ {
struct sock *sk = NULL;
struct l2cap_chan *chan; struct l2cap_chan *chan;
chan = l2cap_global_chan_by_psm(0, psm, conn->src); chan = l2cap_global_chan_by_psm(0, psm, conn->src);
if (!chan) if (!chan)
goto drop; goto drop;
sk = chan->sk; BT_DBG("chan %p, len %d", chan, skb->len);
lock_sock(sk);
BT_DBG("sk %p, len %d", sk, skb->len);
if (chan->state != BT_BOUND && chan->state != BT_CONNECTED) if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
goto drop; goto drop;
...@@ -4389,31 +4384,23 @@ static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, str ...@@ -4389,31 +4384,23 @@ static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, str
goto drop; goto drop;
if (!chan->ops->recv(chan->data, skb)) if (!chan->ops->recv(chan->data, skb))
goto done; return 0;
drop: drop:
kfree_skb(skb); kfree_skb(skb);
done:
if (sk)
release_sock(sk);
return 0; return 0;
} }
static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct sk_buff *skb) static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct sk_buff *skb)
{ {
struct sock *sk = NULL;
struct l2cap_chan *chan; struct l2cap_chan *chan;
chan = l2cap_global_chan_by_scid(0, cid, conn->src); chan = l2cap_global_chan_by_scid(0, cid, conn->src);
if (!chan) if (!chan)
goto drop; goto drop;
sk = chan->sk; BT_DBG("chan %p, len %d", chan, skb->len);
lock_sock(sk);
BT_DBG("sk %p, len %d", sk, skb->len);
if (chan->state != BT_BOUND && chan->state != BT_CONNECTED) if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
goto drop; goto drop;
...@@ -4422,14 +4409,11 @@ static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct ...@@ -4422,14 +4409,11 @@ static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct
goto drop; goto drop;
if (!chan->ops->recv(chan->data, skb)) if (!chan->ops->recv(chan->data, skb))
goto done; return 0;
drop: drop:
kfree_skb(skb); kfree_skb(skb);
done:
if (sk)
release_sock(sk);
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment