summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--net/bluetooth/mgmt.c8
1 files changed, 3 insertions, 5 deletions
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index ccce954f8146..1e2acaddcdfd 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -474,7 +474,6 @@ static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
474{ 474{
475 struct mgmt_rp_read_ext_index_list *rp; 475 struct mgmt_rp_read_ext_index_list *rp;
476 struct hci_dev *d; 476 struct hci_dev *d;
477 size_t rp_len;
478 u16 count; 477 u16 count;
479 int err; 478 int err;
480 479
@@ -488,8 +487,7 @@ static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
488 count++; 487 count++;
489 } 488 }
490 489
491 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count); 490 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
492 rp = kmalloc(rp_len, GFP_ATOMIC);
493 if (!rp) { 491 if (!rp) {
494 read_unlock(&hci_dev_list_lock); 492 read_unlock(&hci_dev_list_lock);
495 return -ENOMEM; 493 return -ENOMEM;
@@ -525,7 +523,6 @@ static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
525 } 523 }
526 524
527 rp->num_controllers = cpu_to_le16(count); 525 rp->num_controllers = cpu_to_le16(count);
528 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
529 526
530 read_unlock(&hci_dev_list_lock); 527 read_unlock(&hci_dev_list_lock);
531 528
@@ -538,7 +535,8 @@ static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
538 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS); 535 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
539 536
540 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 537 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
541 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len); 538 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
539 struct_size(rp, entry, count));
542 540
543 kfree(rp); 541 kfree(rp);
544 542
generated by cgit v1.2.2 (git 2.25.0) at 2026-01-20 13:04:16 -0500