From patchwork Thu Jan 13 23:18:49 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesper Juhl X-Patchwork-Id: 78823 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 76B7DB6F10 for ; Fri, 14 Jan 2011 10:19:06 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756836Ab1AMXSx (ORCPT ); Thu, 13 Jan 2011 18:18:53 -0500 Received: from swampdragon.chaosbits.net ([90.184.90.115]:27448 "EHLO swampdragon.chaosbits.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752022Ab1AMXSu (ORCPT ); Thu, 13 Jan 2011 18:18:50 -0500 Received: by swampdragon.chaosbits.net (Postfix, from userid 1000) id 4FCCF9403F; Fri, 14 Jan 2011 00:18:49 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by swampdragon.chaosbits.net (Postfix) with ESMTP id 406CA9403B; Fri, 14 Jan 2011 00:18:49 +0100 (CET) Date: Fri, 14 Jan 2011 00:18:49 +0100 (CET) From: Jesper Juhl To: linux-bluetooth@vger.kernel.org cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, "David S. Miller" , "Gustavo F. Padovan" , Marcel Holtmann Subject: [PATCH] bluetooth: Fix failure to release lock in read_index_list() when mem alloc fails. Message-ID: User-Agent: Alpine 2.00 (LNX 1167 2008-08-23) MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org If alloc_skb() fails in read_index_list() we'll return -ENOMEM without releasing 'hci_dev_list_lock'. Signed-off-by: Jesper Juhl --- mgmt.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index f827fd9..ace8726 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c @@ -111,8 +111,10 @@ static int read_index_list(struct sock *sk) body_len = sizeof(*ev) + sizeof(*rp) + (2 * count); skb = alloc_skb(sizeof(*hdr) + body_len, GFP_ATOMIC); - if (!skb) + if (!skb) { + read_unlock(&hci_dev_list_lock); return -ENOMEM; + } hdr = (void *) skb_put(skb, sizeof(*hdr)); hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);