diff options
author | David S. Miller <davem@davemloft.net> | 2015-12-03 18:04:05 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2015-12-03 18:04:05 +0100 |
commit | 79aecc7216379788e0c6900ac50ea2d579190219 (patch) | |
tree | e2b3f6861b6ead1724e18a039badac2c04948353 /net/bluetooth | |
parent | arm64: bpf: add 'store immediate' instruction (diff) | |
parent | Bluetooth: Fix l2cap_chan leak in SMP (diff) | |
download | linux-79aecc7216379788e0c6900ac50ea2d579190219.tar.xz linux-79aecc7216379788e0c6900ac50ea2d579190219.zip |
Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth
Johan Hedberg says:
====================
pull request: bluetooth 2015-12-01
Here's a Bluetooth fix for the 4.4-rc series that fixes a memory leak of
the Security Manager L2CAP channel that'll happen for every LE
connection.
Please let me know if there are any issues pulling. Thanks.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bluetooth')
-rw-r--r-- | net/bluetooth/smp.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index c91353841e40..ffed8a1d4f27 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c @@ -3027,8 +3027,13 @@ static void smp_ready_cb(struct l2cap_chan *chan) BT_DBG("chan %p", chan); + /* No need to call l2cap_chan_hold() here since we already own + * the reference taken in smp_new_conn_cb(). This is just the + * first time that we tie it to a specific pointer. The code in + * l2cap_core.c ensures that there's no risk this function wont + * get called if smp_new_conn_cb was previously called. + */ conn->smp = chan; - l2cap_chan_hold(chan); if (hcon->type == ACL_LINK && test_bit(HCI_CONN_ENCRYPT, &hcon->flags)) bredr_pairing(chan); |