aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarcel Holtmann <marcel@holtmann.org>2006-10-20 02:55:48 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2006-10-20 04:15:05 -0400
commit7b19ffc40b0247fcfe083644fdb621fdb3c05ef6 (patch)
tree4980d57a434ba6fbba1b9c566e531158d8de9327
parent8602b4fe6e82d5eeb479efd3bca19bc3dd722f5a (diff)
[Bluetooth] Fix HID disconnect NULL pointer dereference
The latest HID disconnect sequence change introduced a NULL pointer dereference. For the quirk to handle buggy remote HID implementations, it is enough to wait for a potential control channel disconnect from the remote side and it is also enough to wait only 500 msecs. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-rw-r--r--net/bluetooth/hidp/core.c6
1 files changed, 2 insertions, 4 deletions
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index 9a562cf7406b..66782010f82c 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -507,12 +507,10 @@ static int hidp_session(void *arg)
507 507
508 hidp_del_timer(session); 508 hidp_del_timer(session);
509 509
510 if (intr_sk->sk_state != BT_CONNECTED)
511 wait_event_timeout(*(ctrl_sk->sk_sleep), (ctrl_sk->sk_state == BT_CLOSED), HZ);
512
513 fput(session->intr_sock->file); 510 fput(session->intr_sock->file);
514 511
515 wait_event_timeout(*(intr_sk->sk_sleep), (intr_sk->sk_state == BT_CLOSED), HZ); 512 wait_event_timeout(*(ctrl_sk->sk_sleep),
513 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
516 514
517 fput(session->ctrl_sock->file); 515 fput(session->ctrl_sock->file);
518 516