Commit ed958855 authored Nov 26, 2024 by Edward Adam Davis Committed by Luiz Augusto von Dentz Nov 26, 2024

Bluetooth: SCO: remove the redundant sco_conn_put



When adding conn, it is necessary to increase and retain the conn reference
count at the same time.

Another problem was fixed along the way, conn_put is missing when hcon is NULL
in the timeout routine.

Fixes: e6720779 ("Bluetooth: SCO: Use kref to track lifetime of sco_conn")
Reported-and-tested-by:  <syzbot+489f78df4709ac2bfdd3@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=489f78df4709ac2bfdd3


Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

parent a66dfaf1

net/bluetooth/sco.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -143,6 +143,7 @@ static void sco_sock_timeout(struct work_struct *work)
		sco_conn_lock(conn);
		if (!conn->hcon) {
		sco_conn_unlock(conn);
		sco_conn_put(conn);
		return;
		}
		sk = sco_sock_hold(conn);
		@@ -192,7 +193,6 @@ static struct sco_conn sco_conn_add(struct hci_conn hcon)
		conn->hcon = hcon;
		sco_conn_unlock(conn);
		}
		sco_conn_put(conn);
		return conn;
		}