Commit a06b8044 authored by Krzysztof Kozlowski's avatar Krzysztof Kozlowski Committed by David S. Miller

nfc: llcp: protect nfc_llcp_sock_unlink() calls

nfc_llcp_sock_link() is called in all paths (bind/connect) as a last
action, still protected with lock_sock().  When cleaning up in
llcp_sock_release(), call nfc_llcp_sock_unlink() in a mirrored way:
earlier and still under the lock_sock().
Signed-off-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent a7364912
...@@ -631,6 +631,11 @@ static int llcp_sock_release(struct socket *sock) ...@@ -631,6 +631,11 @@ static int llcp_sock_release(struct socket *sock)
} }
} }
if (sock->type == SOCK_RAW)
nfc_llcp_sock_unlink(&local->raw_sockets, sk);
else
nfc_llcp_sock_unlink(&local->sockets, sk);
if (llcp_sock->reserved_ssap < LLCP_SAP_MAX) if (llcp_sock->reserved_ssap < LLCP_SAP_MAX)
nfc_llcp_put_ssap(llcp_sock->local, llcp_sock->ssap); nfc_llcp_put_ssap(llcp_sock->local, llcp_sock->ssap);
...@@ -643,11 +648,6 @@ static int llcp_sock_release(struct socket *sock) ...@@ -643,11 +648,6 @@ static int llcp_sock_release(struct socket *sock)
if (sk->sk_state == LLCP_DISCONNECTING) if (sk->sk_state == LLCP_DISCONNECTING)
return err; return err;
if (sock->type == SOCK_RAW)
nfc_llcp_sock_unlink(&local->raw_sockets, sk);
else
nfc_llcp_sock_unlink(&local->sockets, sk);
out: out:
sock_orphan(sk); sock_orphan(sk);
sock_put(sk); sock_put(sk);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment