| Message ID | 1583660727-9227-1-git-send-email-hqjagain@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Marcel Holtmann |
| Headers | show |
| Series | [v2] bluetooth/rfcomm: fix ODEBUG bug in rfcomm_dev_ioctl | expand |
Hi Qiujun, > Needn't call 'rfcomm_dlc_put' here, because 'rfcomm_dlc_exists' didn't > increase dlc->refcnt. > > Reported-by: syzbot+4496e82090657320efc6@syzkaller.appspotmail.com > Signed-off-by: Qiujun Huang <hqjagain@gmail.com> > Suggested-by: Hillf Danton <hdanton@sina.com> > --- > net/bluetooth/rfcomm/tty.c | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) patch has been applied to bluetooth-next tree. Regards Marcel
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c index 0c7d31c..a585849 100644 --- a/net/bluetooth/rfcomm/tty.c +++ b/net/bluetooth/rfcomm/tty.c @@ -413,10 +413,8 @@ static int __rfcomm_create_dev(struct sock *sk, void __user *arg) dlc = rfcomm_dlc_exists(&req.src, &req.dst, req.channel); if (IS_ERR(dlc)) return PTR_ERR(dlc); - else if (dlc) { - rfcomm_dlc_put(dlc); + if (dlc) return -EBUSY; - } dlc = rfcomm_dlc_alloc(GFP_KERNEL); if (!dlc) return -ENOMEM;
Needn't call 'rfcomm_dlc_put' here, because 'rfcomm_dlc_exists' didn't increase dlc->refcnt. Reported-by: syzbot+4496e82090657320efc6@syzkaller.appspotmail.com Signed-off-by: Qiujun Huang <hqjagain@gmail.com> Suggested-by: Hillf Danton <hdanton@sina.com> --- net/bluetooth/rfcomm/tty.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)