Commit c531e638 authored by Dmitry Antipov's avatar Dmitry Antipov Committed by Luiz Augusto von Dentz

Bluetooth: l2cap: always unlock channel in l2cap_conless_channel()

Add missing call to 'l2cap_chan_unlock()' on receive error handling
path in 'l2cap_conless_channel()'.

Fixes: a24cce14 ("Bluetooth: Fix reference counting of global L2CAP channels")
Reported-by: syzbot+45ac74737e866894acb0@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=45ac74737e866894acb0Signed-off-by: default avatarDmitry Antipov <dmantipov@yandex.ru>
Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
parent e1d28be2
...@@ -6774,6 +6774,7 @@ static void l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, ...@@ -6774,6 +6774,7 @@ static void l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm,
bt_cb(skb)->l2cap.psm = psm; bt_cb(skb)->l2cap.psm = psm;
if (!chan->ops->recv(chan, skb)) { if (!chan->ops->recv(chan, skb)) {
l2cap_chan_unlock(chan);
l2cap_chan_put(chan); l2cap_chan_put(chan);
return; return;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment