If l2cap_chan_create() fails then it will return from l2cap_sock_kill
since zapped flag of sk is reset.
Signed-off-by: Jaganath Kanakkassery <[email protected]>
---
net/bluetooth/l2cap_sock.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index 79350d1..419857d 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -1174,7 +1174,7 @@ static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int p
chan = l2cap_chan_create();
if (!chan) {
- l2cap_sock_kill(sk);
+ sk_free(sk);
return NULL;
}
--
1.7.1
Hi Jaganath,
* Jaganath Kanakkassery <[email protected]> [2012-07-19 12:54:04 +0530]:
> If l2cap_chan_create() fails then it will return from l2cap_sock_kill
> since zapped flag of sk is reset.
>
> Signed-off-by: Jaganath Kanakkassery <[email protected]>
> ---
> net/bluetooth/l2cap_sock.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
Patch has been applied to bluetooth.git. Thanks.
Gustavo
Hi Andrei,
--------------------------------------------------
From: "Andrei Emeltchenko" <[email protected]>
Sent: Thursday, July 19, 2012 5:10 PM
To: "Jaganath Kanakkassery" <[email protected]>
Cc: <[email protected]>; "Johan Hedberg"
<[email protected]>; "Gustavo Padovan" <[email protected]>
Subject: Re: [PATCH] Bluetooth: Fix socket not getting freed if l2cap
channel create fails
> Hi Jaganath,
>
> On Thu, Jul 19, 2012 at 04:50:16PM +0530, Jaganath Kanakkassery wrote:
>> Hi Andrei,
>>
>> --------------------------------------------------
>> From: "Andrei Emeltchenko" <[email protected]>
>> Sent: Thursday, July 19, 2012 1:22 PM
>> To: "Jaganath Kanakkassery" <[email protected]>
>> Cc: <[email protected]>
>> Subject: Re: [PATCH] Bluetooth: Fix socket not getting freed if
>> l2cap channel create fails
>>
>> >Hi Jaganath,
>> >
>> >On Thu, Jul 19, 2012 at 12:54:04PM +0530, Jaganath Kanakkassery wrote:
>> >>If l2cap_chan_create() fails then it will return from l2cap_sock_kill
>> >>since zapped flag of sk is reset.
>> >>
>> >>Signed-off-by: Jaganath Kanakkassery <[email protected]>
>> >>---
>> >> net/bluetooth/l2cap_sock.c | 2 +-
>> >> 1 files changed, 1 insertions(+), 1 deletions(-)
>> >>
>> >>diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
>> >>index 79350d1..419857d 100644
>> >>--- a/net/bluetooth/l2cap_sock.c
>> >>+++ b/net/bluetooth/l2cap_sock.c
>> >>@@ -1174,7 +1174,7 @@ static struct sock
>> >>*l2cap_sock_alloc(struct net *net, struct socket *sock, int p
>> >>
>> >> chan = l2cap_chan_create();
>> >> if (!chan) {
>> >>- l2cap_sock_kill(sk);
>> >>+ sk_free(sk);
>> >
>> >Could you consider using sock_put which will call sk_free,
>> >maybe we need to add also sock_orphan?
>>
>> Ok, Actually I used sk_free since there is not refcount increase at
>> this point
>
> Have you tested it? It shall be 1, set by sock_init_data.
Yes it is 1. So even if we use sock_put() , it will decrement the refcount
and call sk_free().
>> and also I found the same code in rfcomm_sock_alloc().
>> So should I fix it in RFCOMM also?
>
> I think using sock_put would be the right approach. Maybe maintainers
> could comment here?
Ok, I will wait for maintainers comments.
Thanks,
Jaganath
Hi Jaganath,
On Thu, Jul 19, 2012 at 04:50:16PM +0530, Jaganath Kanakkassery wrote:
> Hi Andrei,
>
> --------------------------------------------------
> From: "Andrei Emeltchenko" <[email protected]>
> Sent: Thursday, July 19, 2012 1:22 PM
> To: "Jaganath Kanakkassery" <[email protected]>
> Cc: <[email protected]>
> Subject: Re: [PATCH] Bluetooth: Fix socket not getting freed if
> l2cap channel create fails
>
> >Hi Jaganath,
> >
> >On Thu, Jul 19, 2012 at 12:54:04PM +0530, Jaganath Kanakkassery wrote:
> >>If l2cap_chan_create() fails then it will return from l2cap_sock_kill
> >>since zapped flag of sk is reset.
> >>
> >>Signed-off-by: Jaganath Kanakkassery <[email protected]>
> >>---
> >> net/bluetooth/l2cap_sock.c | 2 +-
> >> 1 files changed, 1 insertions(+), 1 deletions(-)
> >>
> >>diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
> >>index 79350d1..419857d 100644
> >>--- a/net/bluetooth/l2cap_sock.c
> >>+++ b/net/bluetooth/l2cap_sock.c
> >>@@ -1174,7 +1174,7 @@ static struct sock
> >>*l2cap_sock_alloc(struct net *net, struct socket *sock, int p
> >>
> >> chan = l2cap_chan_create();
> >> if (!chan) {
> >>- l2cap_sock_kill(sk);
> >>+ sk_free(sk);
> >
> >Could you consider using sock_put which will call sk_free,
> >maybe we need to add also sock_orphan?
>
> Ok, Actually I used sk_free since there is not refcount increase at
> this point
Have you tested it? It shall be 1, set by sock_init_data.
> and also I found the same code in rfcomm_sock_alloc().
> So should I fix it in RFCOMM also?
I think using sock_put would be the right approach. Maybe maintainers
could comment here?
Best regards
Andrei Emeltchenko
Hi Andrei,
--------------------------------------------------
From: "Andrei Emeltchenko" <[email protected]>
Sent: Thursday, July 19, 2012 1:22 PM
To: "Jaganath Kanakkassery" <[email protected]>
Cc: <[email protected]>
Subject: Re: [PATCH] Bluetooth: Fix socket not getting freed if l2cap
channel create fails
> Hi Jaganath,
>
> On Thu, Jul 19, 2012 at 12:54:04PM +0530, Jaganath Kanakkassery wrote:
>> If l2cap_chan_create() fails then it will return from l2cap_sock_kill
>> since zapped flag of sk is reset.
>>
>> Signed-off-by: Jaganath Kanakkassery <[email protected]>
>> ---
>> net/bluetooth/l2cap_sock.c | 2 +-
>> 1 files changed, 1 insertions(+), 1 deletions(-)
>>
>> diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
>> index 79350d1..419857d 100644
>> --- a/net/bluetooth/l2cap_sock.c
>> +++ b/net/bluetooth/l2cap_sock.c
>> @@ -1174,7 +1174,7 @@ static struct sock *l2cap_sock_alloc(struct net
>> *net, struct socket *sock, int p
>>
>> chan = l2cap_chan_create();
>> if (!chan) {
>> - l2cap_sock_kill(sk);
>> + sk_free(sk);
>
> Could you consider using sock_put which will call sk_free,
> maybe we need to add also sock_orphan?
Ok, Actually I used sk_free since there is not refcount increase at this
point
and also I found the same code in rfcomm_sock_alloc().
So should I fix it in RFCOMM also?
Thanks,
Jaganath
Hi Jaganath,
On Thu, Jul 19, 2012 at 12:54:04PM +0530, Jaganath Kanakkassery wrote:
> If l2cap_chan_create() fails then it will return from l2cap_sock_kill
> since zapped flag of sk is reset.
>
> Signed-off-by: Jaganath Kanakkassery <[email protected]>
> ---
> net/bluetooth/l2cap_sock.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
> index 79350d1..419857d 100644
> --- a/net/bluetooth/l2cap_sock.c
> +++ b/net/bluetooth/l2cap_sock.c
> @@ -1174,7 +1174,7 @@ static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int p
>
> chan = l2cap_chan_create();
> if (!chan) {
> - l2cap_sock_kill(sk);
> + sk_free(sk);
Could you consider using sock_put which will call sk_free,
maybe we need to add also sock_orphan?
Best regards
Andrei Emeltchenko
> return NULL;
> }
>
> --
> 1.7.1
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html