Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp1364854ybh; Sun, 8 Mar 2020 01:47:17 -0800 (PST) X-Google-Smtp-Source: ADFU+vtnrX6fNsGPFQo4LDEu3c3A3gnvIKV2mBgpgDR/MYk+i61kXlOD++Hb1Dh+Upi+cbItHgEW X-Received: by 2002:a9d:5d09:: with SMTP id b9mr9086934oti.207.1583660837431; Sun, 08 Mar 2020 01:47:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583660837; cv=none; d=google.com; s=arc-20160816; b=O6josllxEjTjemJfDRTxO3/QgVolK583Ticf1hQ1gSL6LWaemkl5E5bBCBCLx+UlkB tT+iU1np+Y7DJzI4NBbi03aN5VdpOaHaytZKnexL5b7Kkg2rpKwjei3MBqZIw0U8M1Ym JskD8OXYYiwb/rGdHh/c3kXKF6XB+oUBKfInUhUVRBDr7L8aejjm2C1f6f9a+DlGpF8x ATZGOgIUfDmshDpN2XZNkKdtCkbD6e41qV598I3IgIsmsPjKQdygjdxpJm9tdyJsXgvz 4HWYka53FF06Wk9oFKIwUhQnGHCQZYBSSdWjS+HOUOaEw0AwiULXlYSAH6Rku0Zdv7ND zCFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=Aa3m98s9W+HyU21/D2jhm/INGzeeIBZDLFGCZvKBfcU=; b=GOYKXNTUL0bAKTcgYOK7LpNR2q9RepnwDwOya1O7jrvbda1W/V2TDl8KPUZRA5/xYd UJGcVgqEn8ylvw+iXjJ1zJ0Y/8y+sYK8TdRulBv2hR2RLXb/rivbay8XZ3SAUypYMCmR ZLY0CiJol9K9Cu4hkKz78Jc5Ppb2LbyYRubyqt/wPYvQfxvWHU7Ngl4wC69QIllHo3Cq 9cAWD6/kaoZTNrDF5kbM7zN/h9yiRtKAIQiEebXgjxU/AVa88b0Lp/VmzjJz/RelnPwa 1IviNb8gUJiPHV3sydfZWbPutH7HL8+9jxJW0itBzpWOJWGRVcPQCD6m+otu6nLVg12G NgVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=pyG+FlBv; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n6si4428498otq.159.2020.03.08.01.46.51; Sun, 08 Mar 2020 01:47:17 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=pyG+FlBv; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726259AbgCHJpe (ORCPT + 99 others); Sun, 8 Mar 2020 05:45:34 -0400 Received: from mail-pf1-f194.google.com ([209.85.210.194]:38601 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726210AbgCHJpe (ORCPT ); Sun, 8 Mar 2020 05:45:34 -0400 Received: by mail-pf1-f194.google.com with SMTP id g21so3450512pfb.5; Sun, 08 Mar 2020 01:45:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=Aa3m98s9W+HyU21/D2jhm/INGzeeIBZDLFGCZvKBfcU=; b=pyG+FlBv7lYcHJarifLHdqmmA3EAcTTZ8kEiWPuX4e5UjydOV62NqD8p7Auzjn++IQ Zmw4HwiKpZXFLGN72DnNdD7+Z0aSZJjxtMpxrJf11JYVDMHawypylnLm7MqAxiS8XMyv w3SXuc8AlFyta+5nT6cGIBw+qn82l6JMdhlA6rJba5o0ZVSJ5EXPG/uc3m1HOnJ6qrCw +TF0InMXdexqNnyJo6OrFinG1QilocWba3vzEKLNdj/RVgDyulWne5RhFtm0Em2tVRMO 06bdF21YoJuc+tI41/sgCcHR0nRss7cTZSY988HxC+68YDe/w0eIkK+89aR3zgk/rHxs odSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Aa3m98s9W+HyU21/D2jhm/INGzeeIBZDLFGCZvKBfcU=; b=CentyL2VlbyrOaoYdbW+HjYqz+3mvYIw0n0Pas+le+nFXrIbvBoCGg0r5VeyYYyOFj qinK6kK3Z04zOpKdF9Da8OBrT88dgH00Cv5/BXmPOOvIdouieThHorfgrfBAopXF5hWa 3kAZSrJNr9l4K4oW2zRpWzgCXcX4eASRj7yUQULoSEpuKoKzbnftLWMlnzF0BA21dxMM UNM+jETJi/piNUD7NRuVYrUqiQhdnlMKGElH0huOW8nf1hXbxAjVtUEo8uyzrmYMAKcE nopStmrMydzkEVjrZgfw7Bosypx95+I8mHQKjSJghU9AAn5y2TyQsnvFyxJBh7tYUxeA rA7g== X-Gm-Message-State: ANhLgQ0sj5I7ILEYLrm25kV2HmoW6HjpoV99yFzlTosBaoEYOsUL7rzi tK0/5gyFrntwU53FkNuRQMrJ7eVD X-Received: by 2002:a63:f74a:: with SMTP id f10mr11164849pgk.360.1583660733303; Sun, 08 Mar 2020 01:45:33 -0800 (PST) Received: from VM_0_35_centos.localdomain ([150.109.62.251]) by smtp.gmail.com with ESMTPSA id n22sm1343627pjq.36.2020.03.08.01.45.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 08 Mar 2020 01:45:32 -0800 (PST) From: Qiujun Huang To: marcel@holtmann.org Cc: johan.hedberg@gmail.com, davem@davemloft.net, kuba@kernel.org, linux-bluetooth@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, hdanton@sina.com, Qiujun Huang Subject: [PATCH v2] bluetooth/rfcomm: fix ODEBUG bug in rfcomm_dev_ioctl Date: Sun, 8 Mar 2020 17:45:27 +0800 Message-Id: <1583660727-9227-1-git-send-email-hqjagain@gmail.com> X-Mailer: git-send-email 1.8.3.1 Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Needn't call 'rfcomm_dlc_put' here, because 'rfcomm_dlc_exists' didn't increase dlc->refcnt. Reported-by: syzbot+4496e82090657320efc6@syzkaller.appspotmail.com Signed-off-by: Qiujun Huang Suggested-by: Hillf Danton --- net/bluetooth/rfcomm/tty.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c index 0c7d31c..a585849 100644 --- a/net/bluetooth/rfcomm/tty.c +++ b/net/bluetooth/rfcomm/tty.c @@ -413,10 +413,8 @@ static int __rfcomm_create_dev(struct sock *sk, void __user *arg) dlc = rfcomm_dlc_exists(&req.src, &req.dst, req.channel); if (IS_ERR(dlc)) return PTR_ERR(dlc); - else if (dlc) { - rfcomm_dlc_put(dlc); + if (dlc) return -EBUSY; - } dlc = rfcomm_dlc_alloc(GFP_KERNEL); if (!dlc) return -ENOMEM; -- 1.8.3.1