diff options
| author | Szymon Janc <szymon.janc@codecoup.pl> | 2016-09-19 14:25:52 -0400 |
|---|---|---|
| committer | Marcel Holtmann <marcel@holtmann.org> | 2016-09-19 14:33:27 -0400 |
| commit | 7d5c11da1ff6389511c42448f59456373edfc103 (patch) | |
| tree | b853315c348fb994346c4c29af8d9d877470928e /net/bluetooth | |
| parent | 162f812f23bab583f5d514ca0e4df67797ac9cdf (diff) | |
Bluetooth: Refactor read_ext_controller_info handler
There is no need to allocate heap for reply only to copy stack data to
it. This also fix rp memory leak and missing hdev unlock if kmalloc
failed.
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'net/bluetooth')
| -rw-r--r-- | net/bluetooth/mgmt.c | 36 |
1 files changed, 16 insertions, 20 deletions
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index 54dd218d06f7..604c48142848 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c | |||
| @@ -881,42 +881,38 @@ static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data, | |||
| 881 | static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev, | 881 | static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev, |
| 882 | void *data, u16 data_len) | 882 | void *data, u16 data_len) |
| 883 | { | 883 | { |
| 884 | struct mgmt_rp_read_ext_info *rp; | 884 | char buf[512]; |
| 885 | char buff[512]; | 885 | struct mgmt_rp_read_ext_info *rp = (void *)buf; |
| 886 | u16 eir_len = 0; | 886 | u16 eir_len = 0; |
| 887 | u8 name_len; | 887 | size_t name_len; |
| 888 | 888 | ||
| 889 | BT_DBG("sock %p %s", sk, hdev->name); | 889 | BT_DBG("sock %p %s", sk, hdev->name); |
| 890 | 890 | ||
| 891 | memset(&buf, 0, sizeof(buf)); | ||
| 892 | |||
| 891 | hci_dev_lock(hdev); | 893 | hci_dev_lock(hdev); |
| 892 | 894 | ||
| 895 | bacpy(&rp->bdaddr, &hdev->bdaddr); | ||
| 896 | |||
| 897 | rp->version = hdev->hci_ver; | ||
| 898 | rp->manufacturer = cpu_to_le16(hdev->manufacturer); | ||
| 899 | |||
| 900 | rp->supported_settings = cpu_to_le32(get_supported_settings(hdev)); | ||
| 901 | rp->current_settings = cpu_to_le32(get_current_settings(hdev)); | ||
| 902 | |||
| 893 | if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) | 903 | if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) |
| 894 | eir_len = eir_append_data(buff, eir_len, | 904 | eir_len = eir_append_data(rp->eir, eir_len, EIR_CLASS_OF_DEV, |
| 895 | EIR_CLASS_OF_DEV, | ||
| 896 | hdev->dev_class, 3); | 905 | hdev->dev_class, 3); |
| 897 | 906 | ||
| 898 | name_len = strlen(hdev->dev_name); | 907 | name_len = strlen(hdev->dev_name); |
| 899 | eir_len = eir_append_data(buff, eir_len, EIR_NAME_COMPLETE, | 908 | eir_len = eir_append_data(rp->eir, eir_len, EIR_NAME_COMPLETE, |
| 900 | hdev->dev_name, name_len); | 909 | hdev->dev_name, name_len); |
| 901 | 910 | ||
| 902 | name_len = strlen(hdev->short_name); | 911 | name_len = strlen(hdev->short_name); |
| 903 | eir_len = eir_append_data(buff, eir_len, EIR_NAME_SHORT, | 912 | eir_len = eir_append_data(rp->eir, eir_len, EIR_NAME_SHORT, |
| 904 | hdev->short_name, name_len); | 913 | hdev->short_name, name_len); |
| 905 | 914 | ||
| 906 | rp = kzalloc(sizeof(*rp) + eir_len, GFP_KERNEL); | ||
| 907 | if (!rp) | ||
| 908 | return -ENOMEM; | ||
| 909 | |||
| 910 | rp->eir_len = cpu_to_le16(eir_len); | 915 | rp->eir_len = cpu_to_le16(eir_len); |
| 911 | memcpy(rp->eir, buff, eir_len); | ||
| 912 | |||
| 913 | bacpy(&rp->bdaddr, &hdev->bdaddr); | ||
| 914 | |||
| 915 | rp->version = hdev->hci_ver; | ||
| 916 | rp->manufacturer = cpu_to_le16(hdev->manufacturer); | ||
| 917 | |||
| 918 | rp->supported_settings = cpu_to_le32(get_supported_settings(hdev)); | ||
| 919 | rp->current_settings = cpu_to_le32(get_current_settings(hdev)); | ||
| 920 | 916 | ||
| 921 | hci_dev_unlock(hdev); | 917 | hci_dev_unlock(hdev); |
| 922 | 918 | ||