nfc: llcp: protect nfc_llcp_sock_unlink() calls
nfc_llcp_sock_link() is called in all paths (bind/connect) as a last action, still protected with lock_sock(). When cleaning up in llcp_sock_release(), call nfc_llcp_sock_unlink() in a mirrored way: earlier and still under the lock_sock(). Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
a736491239
commit
a06b804416
|
@ -631,6 +631,11 @@ static int llcp_sock_release(struct socket *sock)
|
|||
}
|
||||
}
|
||||
|
||||
if (sock->type == SOCK_RAW)
|
||||
nfc_llcp_sock_unlink(&local->raw_sockets, sk);
|
||||
else
|
||||
nfc_llcp_sock_unlink(&local->sockets, sk);
|
||||
|
||||
if (llcp_sock->reserved_ssap < LLCP_SAP_MAX)
|
||||
nfc_llcp_put_ssap(llcp_sock->local, llcp_sock->ssap);
|
||||
|
||||
|
@ -643,11 +648,6 @@ static int llcp_sock_release(struct socket *sock)
|
|||
if (sk->sk_state == LLCP_DISCONNECTING)
|
||||
return err;
|
||||
|
||||
if (sock->type == SOCK_RAW)
|
||||
nfc_llcp_sock_unlink(&local->raw_sockets, sk);
|
||||
else
|
||||
nfc_llcp_sock_unlink(&local->sockets, sk);
|
||||
|
||||
out:
|
||||
sock_orphan(sk);
|
||||
sock_put(sk);
|
||||
|
|
Loading…
Reference in New Issue