Bluetooth: Fix using hci_conn_get() for hci_conn pointers

Wherever we keep hci_conn pointers around we should be using hci_conn_get/put to ensure that they stay valid. This patch fixes all places violating against the principle currently. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
author: Johan Hedberg <johan.hedberg@intel.com> 2014-08-17 22:28:57 +0200
committer: Marcel Holtmann <marcel@holtmann.org> 2014-09-08 19:07:53 +0200
commit: f8aaf9b65a77267f749c1af641e46c3457d50701 (patch)
tree: de1e0c30c71feca081078fe6a23daa5703759d94 /net/bluetooth/mgmt.c
parent: Bluetooth: Improve *_get() functions to return the object type (diff)
download: linux-f8aaf9b65a77267f749c1af641e46c3457d50701.tar.xz
linux-f8aaf9b65a77267f749c1af641e46c3457d50701.zip
1 files changed, 8 insertions, 4 deletions
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index c2457435a670..d8c66663ade8 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -3063,6 +3063,7 @@ static void pairing_complete(struct pending_cmd *cmd, u8 status)
 	conn->disconn_cfm_cb = NULL;
 
 	hci_conn_drop(conn);
+	hci_conn_put(conn);
 
 	mgmt_pending_remove(cmd);
 }
@@ -3212,7 +3213,7 @@ static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
 	}
 
 	conn->io_capability = cp->io_cap;
-	cmd->user_data = conn;
+	cmd->user_data = hci_conn_get(conn);
 
 	if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
 	    hci_conn_security(conn, sec_level, auth_type, true))
@@ -4914,6 +4915,7 @@ static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
 		     match->mgmt_status, &rp, sizeof(rp));
 
 	hci_conn_drop(conn);
+	hci_conn_put(conn);
 
 	mgmt_pending_remove(cmd);
 }
@@ -5070,7 +5072,7 @@ static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
 		}
 
 		hci_conn_hold(conn);
-		cmd->user_data = conn;
+		cmd->user_data = hci_conn_get(conn);
 
 		conn->conn_info_timestamp = jiffies;
 	} else {
@@ -5134,8 +5136,10 @@ send_rsp:
 	cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
 		     &rp, sizeof(rp));
 	mgmt_pending_remove(cmd);
-	if (conn)
+	if (conn) {
 		hci_conn_drop(conn);
+		hci_conn_put(conn);
+	}
 
 unlock:
 	hci_dev_unlock(hdev);
@@ -5198,7 +5202,7 @@ static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
 
 	if (conn) {
 		hci_conn_hold(conn);
-		cmd->user_data = conn;
+		cmd->user_data = hci_conn_get(conn);
 
 		hci_cp.handle = cpu_to_le16(conn->handle);
 		hci_cp.which = 0x01; /* Piconet clock */
author	Johan Hedberg <johan.hedberg@intel.com>	2014-08-17 22:28:57 +0200
committer	Marcel Holtmann <marcel@holtmann.org>	2014-09-08 19:07:53 +0200
commit	f8aaf9b65a77267f749c1af641e46c3457d50701 (patch)
tree	de1e0c30c71feca081078fe6a23daa5703759d94 /net/bluetooth/mgmt.c
parent	Bluetooth: Improve *_get() functions to return the object type (diff)
download	linux-f8aaf9b65a77267f749c1af641e46c3457d50701.tar.xz linux-f8aaf9b65a77267f749c1af641e46c3457d50701.zip