nfc: llcp: protect nfc_llcp_sock_unlink() calls

nfc_llcp_sock_link() is called in all paths (bind/connect) as a last
action, still protected with lock_sock().  When cleaning up in
llcp_sock_release(), call nfc_llcp_sock_unlink() in a mirrored way:
earlier and still under the lock_sock().

Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Krzysztof Kozlowski 2022-03-02 20:25:22 +01:00 committed by David S. Miller
parent a736491239
commit a06b804416
1 changed files with 5 additions and 5 deletions

View File

@ -631,6 +631,11 @@ static int llcp_sock_release(struct socket *sock)
}
}
if (sock->type == SOCK_RAW)
nfc_llcp_sock_unlink(&local->raw_sockets, sk);
else
nfc_llcp_sock_unlink(&local->sockets, sk);
if (llcp_sock->reserved_ssap < LLCP_SAP_MAX)
nfc_llcp_put_ssap(llcp_sock->local, llcp_sock->ssap);
@ -643,11 +648,6 @@ static int llcp_sock_release(struct socket *sock)
if (sk->sk_state == LLCP_DISCONNECTING)
return err;
if (sock->type == SOCK_RAW)
nfc_llcp_sock_unlink(&local->raw_sockets, sk);
else
nfc_llcp_sock_unlink(&local->sockets, sk);
out:
sock_orphan(sk);
sock_put(sk);