diff options
author | Johan Hedberg <johan.hedberg@intel.com> | 2014-12-11 14:45:44 -0500 |
---|---|---|
committer | Marcel Holtmann <marcel@holtmann.org> | 2014-12-11 14:57:38 -0500 |
commit | 15013aeb63fb4df7ff809d63246c8398e9703736 (patch) | |
tree | 82efe1e90f240ab487d845eeeeeea06c443bb627 | |
parent | 417287de88bfbb724bab2f50782395d2606b28e1 (diff) |
Bluetooth: Fix calling hci_conn_put too early
The pairing_complete() function relies on a hci_conn reference to be
able to access the hci_conn object. It should therefore only release
this reference once it's done accessing the object, i.e. at the end of
the function.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-rw-r--r-- | net/bluetooth/mgmt.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index 16ac03730f4d..34da65ccc888 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c | |||
@@ -3115,14 +3115,14 @@ static void pairing_complete(struct pending_cmd *cmd, u8 status) | |||
3115 | conn->disconn_cfm_cb = NULL; | 3115 | conn->disconn_cfm_cb = NULL; |
3116 | 3116 | ||
3117 | hci_conn_drop(conn); | 3117 | hci_conn_drop(conn); |
3118 | hci_conn_put(conn); | ||
3119 | |||
3120 | mgmt_pending_remove(cmd); | 3118 | mgmt_pending_remove(cmd); |
3121 | 3119 | ||
3122 | /* The device is paired so there is no need to remove | 3120 | /* The device is paired so there is no need to remove |
3123 | * its connection parameters anymore. | 3121 | * its connection parameters anymore. |
3124 | */ | 3122 | */ |
3125 | clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); | 3123 | clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); |
3124 | |||
3125 | hci_conn_put(conn); | ||
3126 | } | 3126 | } |
3127 | 3127 | ||
3128 | void mgmt_smp_complete(struct hci_conn *conn, bool complete) | 3128 | void mgmt_smp_complete(struct hci_conn *conn, bool complete) |