aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohan Hedberg <johan.hedberg@intel.com>2014-12-11 14:45:44 -0500
committerMarcel Holtmann <marcel@holtmann.org>2014-12-11 14:57:38 -0500
commit15013aeb63fb4df7ff809d63246c8398e9703736 (patch)
tree82efe1e90f240ab487d845eeeeeea06c443bb627
parent417287de88bfbb724bab2f50782395d2606b28e1 (diff)
Bluetooth: Fix calling hci_conn_put too early
The pairing_complete() function relies on a hci_conn reference to be able to access the hci_conn object. It should therefore only release this reference once it's done accessing the object, i.e. at the end of the function. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-rw-r--r--net/bluetooth/mgmt.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 16ac03730f4d..34da65ccc888 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -3115,14 +3115,14 @@ static void pairing_complete(struct pending_cmd *cmd, u8 status)
3115 conn->disconn_cfm_cb = NULL; 3115 conn->disconn_cfm_cb = NULL;
3116 3116
3117 hci_conn_drop(conn); 3117 hci_conn_drop(conn);
3118 hci_conn_put(conn);
3119
3120 mgmt_pending_remove(cmd); 3118 mgmt_pending_remove(cmd);
3121 3119
3122 /* The device is paired so there is no need to remove 3120 /* The device is paired so there is no need to remove
3123 * its connection parameters anymore. 3121 * its connection parameters anymore.
3124 */ 3122 */
3125 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 3123 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3124
3125 hci_conn_put(conn);
3126} 3126}
3127 3127
3128void mgmt_smp_complete(struct hci_conn *conn, bool complete) 3128void mgmt_smp_complete(struct hci_conn *conn, bool complete)