All of lore.kernel.org
 help / color / mirror / Atom feed
From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Qiujun Huang <hqjagain@gmail.com>,
	syzbot+4496e82090657320efc6@syzkaller.appspotmail.com,
	Hillf Danton <hdanton@sina.com>,
	Marcel Holtmann <marcel@holtmann.org>,
	Sasha Levin <sashal@kernel.org>,
	linux-bluetooth@vger.kernel.org, netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.14 25/37] Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
Date: Sat, 11 Apr 2020 19:13:14 -0400	[thread overview]
Message-ID: <20200411231327.26550-25-sashal@kernel.org> (raw)
In-Reply-To: <20200411231327.26550-1-sashal@kernel.org>

From: Qiujun Huang <hqjagain@gmail.com>

[ Upstream commit 71811cac8532b2387b3414f7cd8fe9e497482864 ]

Needn't call 'rfcomm_dlc_put' here, because 'rfcomm_dlc_exists' didn't
increase dlc->refcnt.

Reported-by: syzbot+4496e82090657320efc6@syzkaller.appspotmail.com
Signed-off-by: Qiujun Huang <hqjagain@gmail.com>
Suggested-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/bluetooth/rfcomm/tty.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index 5f3074cb6b4db..b6f26ec9e90cd 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -413,10 +413,8 @@ static int __rfcomm_create_dev(struct sock *sk, void __user *arg)
 		dlc = rfcomm_dlc_exists(&req.src, &req.dst, req.channel);
 		if (IS_ERR(dlc))
 			return PTR_ERR(dlc);
-		else if (dlc) {
-			rfcomm_dlc_put(dlc);
+		if (dlc)
 			return -EBUSY;
-		}
 		dlc = rfcomm_dlc_alloc(GFP_KERNEL);
 		if (!dlc)
 			return -ENOMEM;
-- 
2.20.1


  parent reply	other threads:[~2020-04-11 23:18 UTC|newest]

Thread overview: 48+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-11 23:12 [PATCH AUTOSEL 4.14 01/37] net: wan: wanxl: use allow to pass CROSS_COMPILE_M68k for rebuilding firmware Sasha Levin
2020-04-11 23:12 ` [PATCH AUTOSEL 4.14 02/37] net: phy: probe PHY drivers synchronously Sasha Levin
2020-04-11 23:12 ` [PATCH AUTOSEL 4.14 03/37] RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices Sasha Levin
2020-04-11 23:12 ` [PATCH AUTOSEL 4.14 04/37] mmc: sdhci: do not enable card detect interrupt for gpio cd type Sasha Levin
2020-04-11 23:12 ` [PATCH AUTOSEL 4.14 05/37] serial: 8250_omap: Fix sleeping function called from invalid context during probe Sasha Levin
2020-04-11 23:12 ` [PATCH AUTOSEL 4.14 06/37] net: phy: mscc: accept all RGMII species in vsc85xx_mac_if_set Sasha Levin
2020-04-11 23:12 ` [PATCH AUTOSEL 4.14 07/37] RDMA/cm: Add missing locking around id.state in cm_dup_req_handler Sasha Levin
2020-04-11 23:12 ` [PATCH AUTOSEL 4.14 08/37] NTB: set peer_sta within event handler itself Sasha Levin
2020-04-11 23:12 ` [PATCH AUTOSEL 4.14 09/37] ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read Sasha Levin
2020-04-11 23:12   ` Sasha Levin
2020-04-11 23:12 ` [PATCH AUTOSEL 4.14 10/37] mwifiex: set needed_headroom, not hard_header_len Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 11/37] Bluetooth: L2CAP: handle l2cap config request during open state Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 12/37] drm/tegra: dc: Release PM and RGB output when client's registration fails Sasha Levin
2020-04-11 23:13   ` Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 13/37] net/mlx5e: Init ethtool steering for representors Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 14/37] Bluetooth: Fix calculation of SCO handle for packet processing Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 15/37] net: rmnet: add missing module alias Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 16/37] Bluetooth: guard against controllers sending zero'd events Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 17/37] RDMA/rxe: Fix configuration of atomic queue pair attributes Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 18/37] net: intel: e1000e: fix possible sleep-in-atomic-context bugs in e1000e_get_hw_semaphore() Sasha Levin
2020-04-11 23:13   ` [Intel-wired-lan] " Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 19/37] net: dsa: bcm_sf2: Also configure Port 5 for 2Gb/sec on 7278 Sasha Levin
2020-04-12  1:15   ` Florian Fainelli
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 20/37] crypto: tcrypt - fix printed skcipher [a]sync mode Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 21/37] drm/omap: fix possible object reference leak Sasha Levin
2020-04-11 23:13   ` Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 22/37] audit: CONFIG_CHANGE don't log internal bookkeeping as an event Sasha Levin
2020-04-11 23:13   ` Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 23/37] Bluetooth: btusb: Add support for 13d3:3548 Realtek 8822CE device Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 24/37] scsi: lpfc: Fix RQ buffer leakage when no IOCBs available Sasha Levin
2020-04-11 23:13 ` Sasha Levin [this message]
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 26/37] ath10k: start recovery process when read int status fail for sdio Sasha Levin
2020-04-11 23:13   ` Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 27/37] scsi: aacraid: Disabling TM path and only processing IOP reset Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 28/37] i2c: dev: Fix the race between the release of i2c_dev and cdev Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 29/37] brcmfmac: Fix driver crash on USB control transfer timeout Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 30/37] RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 31/37] ASoC: Intel: Skylake: Enable codec wakeup during chip init Sasha Levin
2020-04-11 23:13   ` Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 32/37] of: of_reserved_mem: Increase limit on number of reserved regions Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 33/37] dmaengine: stm32-dma: use reset controller only at probe time Sasha Levin
2020-04-11 23:13   ` Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 34/37] scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic Sasha Levin
2020-04-11 23:13   ` Sasha Levin
2020-04-11 23:13   ` Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 35/37] ext4: check for non-zero journal inum in ext4_calculate_overhead Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 36/37] ext4: avoid ENOSPC when avoiding to reuse recently deleted inodes Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.14 37/37] svcrdma: Fix leak of transport addresses Sasha Levin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200411231327.26550-25-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=hdanton@sina.com \
    --cc=hqjagain@gmail.com \
    --cc=linux-bluetooth@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=marcel@holtmann.org \
    --cc=netdev@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=syzbot+4496e82090657320efc6@syzkaller.appspotmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.