summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2015-12-03 18:04:05 +0100
committerDavid S. Miller <davem@davemloft.net>2015-12-03 18:04:05 +0100
commit79aecc7216379788e0c6900ac50ea2d579190219 (patch)
treee2b3f6861b6ead1724e18a039badac2c04948353
parentarm64: bpf: add 'store immediate' instruction (diff)
parentBluetooth: Fix l2cap_chan leak in SMP (diff)
downloadlinux-79aecc7216379788e0c6900ac50ea2d579190219.tar.xz
linux-79aecc7216379788e0c6900ac50ea2d579190219.zip
Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth
Johan Hedberg says: ==================== pull request: bluetooth 2015-12-01 Here's a Bluetooth fix for the 4.4-rc series that fixes a memory leak of the Security Manager L2CAP channel that'll happen for every LE connection. Please let me know if there are any issues pulling. Thanks. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/bluetooth/smp.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index c91353841e40..ffed8a1d4f27 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -3027,8 +3027,13 @@ static void smp_ready_cb(struct l2cap_chan *chan)
BT_DBG("chan %p", chan);
+ /* No need to call l2cap_chan_hold() here since we already own
+ * the reference taken in smp_new_conn_cb(). This is just the
+ * first time that we tie it to a specific pointer. The code in
+ * l2cap_core.c ensures that there's no risk this function wont
+ * get called if smp_new_conn_cb was previously called.
+ */
conn->smp = chan;
- l2cap_chan_hold(chan);
if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
bredr_pairing(chan);