diff mbox

bluetooth: Fix failure to release lock in read_index_list() when mem alloc fails.

Message ID alpine.LNX.2.00.1101140000541.11347@swampdragon.chaosbits.net
State Not Applicable, archived
Delegated to: David Miller
Headers show

Commit Message

Jesper Juhl Jan. 13, 2011, 11:18 p.m. UTC 
If alloc_skb() fails in read_index_list() we'll return -ENOMEM without 
releasing 'hci_dev_list_lock'.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
---
 mgmt.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Gustavo F. Padovan Jan. 19, 2011, 3:38 a.m. UTC | #1 
Hi Jesper,

* Jesper Juhl <jj@chaosbits.net> [2011-01-14 00:18:49 +0100]:

> If alloc_skb() fails in read_index_list() we'll return -ENOMEM without 
> releasing 'hci_dev_list_lock'.
> 
> Signed-off-by: Jesper Juhl <jj@chaosbits.net>
> ---
>  mgmt.c |    4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)

Patch has been applied. Thanks.
diff mbox

Patch

diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index f827fd9..ace8726 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -111,8 +111,10 @@  static int read_index_list(struct sock *sk)
 
 	body_len = sizeof(*ev) + sizeof(*rp) + (2 * count);
 	skb = alloc_skb(sizeof(*hdr) + body_len, GFP_ATOMIC);
-	if (!skb)
+	if (!skb) {
+		read_unlock(&hci_dev_list_lock);
 		return -ENOMEM;
+	}
 
 	hdr = (void *) skb_put(skb, sizeof(*hdr));
 	hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);