summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorQiujun Huang <hqjagain@gmail.com>2020-03-08 17:45:27 +0800
committerMarcel Holtmann <marcel@holtmann.org>2020-03-08 14:44:58 +0100
commit71811cac8532b2387b3414f7cd8fe9e497482864 (patch)
tree3e477a99519723f18d4a4a709376b0d664fe3537
parent4be5ca67d59d707a4b1c8608ca230ad65aa4f232 (diff)
downloadlinux-71811cac8532b2387b3414f7cd8fe9e497482864.tar.bz2
Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
Needn't call 'rfcomm_dlc_put' here, because 'rfcomm_dlc_exists' didn't increase dlc->refcnt. Reported-by: syzbot+4496e82090657320efc6@syzkaller.appspotmail.com Signed-off-by: Qiujun Huang <hqjagain@gmail.com> Suggested-by: Hillf Danton <hdanton@sina.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-rw-r--r--net/bluetooth/rfcomm/tty.c4
1 files changed, 1 insertions, 3 deletions
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index 0c7d31c6c18c..a58584949a95 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -413,10 +413,8 @@ static int __rfcomm_create_dev(struct sock *sk, void __user *arg)
dlc = rfcomm_dlc_exists(&req.src, &req.dst, req.channel);
if (IS_ERR(dlc))
return PTR_ERR(dlc);
- else if (dlc) {
- rfcomm_dlc_put(dlc);
+ if (dlc)
return -EBUSY;
- }
dlc = rfcomm_dlc_alloc(GFP_KERNEL);
if (!dlc)
return -ENOMEM;