Bluetooth: Fix using hci_conn_get() for hci_conn pointers (f8aaf9b6) · Commits · e / devices / android_kernel_xiaomi_markw

net/bluetooth/hci_conn.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -595,6 +595,7 @@ void hci_le_conn_failed(struct hci_conn *conn, u8 status)
		conn->dst_type);
		if (params && params->conn) {
		hci_conn_drop(params->conn);
		hci_conn_put(params->conn);
		params->conn = NULL;
		}

+7 −2

Original line number	Diff line number	Diff line
		@@ -2541,6 +2541,7 @@ static void hci_pend_le_actions_clear(struct hci_dev *hdev)
		list_for_each_entry(p, &hdev->le_conn_params, list) {
		if (p->conn) {
		hci_conn_drop(p->conn);
		hci_conn_put(p->conn);
		p->conn = NULL;
		}
		list_del_init(&p->action);
		@@ -3734,8 +3735,10 @@ void hci_conn_params_del(struct hci_dev hdev, bdaddr_t addr, u8 addr_type)
		if (!params)
		return;

		if (params->conn)
		if (params->conn) {
		hci_conn_drop(params->conn);
		hci_conn_put(params->conn);
		}

		list_del(&params->action);
		list_del(&params->list);
		@@ -3767,8 +3770,10 @@ void hci_conn_params_clear_all(struct hci_dev *hdev)
		struct hci_conn_params params, tmp;

		list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) {
		if (params->conn)
		if (params->conn) {
		hci_conn_drop(params->conn);
		hci_conn_put(params->conn);
		}
		list_del(&params->action);
		list_del(&params->list);
		kfree(params);

+2 −1

Original line number	Diff line number	Diff line
		@@ -4231,6 +4231,7 @@ static void hci_le_conn_complete_evt(struct hci_dev hdev, struct sk_buff skb)
		list_del_init(&params->action);
		if (params->conn) {
		hci_conn_drop(params->conn);
		hci_conn_put(params->conn);
		params->conn = NULL;
		}
		}
		@@ -4322,7 +4323,7 @@ static void check_pending_le_conn(struct hci_dev hdev, bdaddr_t addr,
		* the parameters get removed and keep the reference
		* count consistent once the connection is established.
		*/
		params->conn = conn;
		params->conn = hci_conn_get(conn);
		return;
		}

+8 −4

Original line number	Diff line number	Diff line
		@@ -3063,6 +3063,7 @@ static void pairing_complete(struct pending_cmd *cmd, u8 status)
		conn->disconn_cfm_cb = NULL;

		hci_conn_drop(conn);
		hci_conn_put(conn);

		mgmt_pending_remove(cmd);
		}
		@@ -3212,7 +3213,7 @@ static int pair_device(struct sock sk, struct hci_dev hdev, void *data,
		}

		conn->io_capability = cp->io_cap;
		cmd->user_data = conn;
		cmd->user_data = hci_conn_get(conn);

		if ((conn->state == BT_CONNECTED \|\| conn->state == BT_CONFIG) &&
		hci_conn_security(conn, sec_level, auth_type, true))
		@@ -4914,6 +4915,7 @@ static void get_conn_info_complete(struct pending_cmd cmd, void data)
		match->mgmt_status, &rp, sizeof(rp));

		hci_conn_drop(conn);
		hci_conn_put(conn);

		mgmt_pending_remove(cmd);
		}
		@@ -5070,7 +5072,7 @@ static int get_conn_info(struct sock sk, struct hci_dev hdev, void *data,
		}

		hci_conn_hold(conn);
		cmd->user_data = conn;
		cmd->user_data = hci_conn_get(conn);

		conn->conn_info_timestamp = jiffies;
		} else {
		@@ -5134,8 +5136,10 @@ send_rsp:
		cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
		&rp, sizeof(rp));
		mgmt_pending_remove(cmd);
		if (conn)
		if (conn) {
		hci_conn_drop(conn);
		hci_conn_put(conn);
		}

		unlock:
		hci_dev_unlock(hdev);
		@@ -5198,7 +5202,7 @@ static int get_clock_info(struct sock sk, struct hci_dev hdev, void *data,

		if (conn) {
		hci_conn_hold(conn);
		cmd->user_data = conn;
		cmd->user_data = hci_conn_get(conn);

		hci_cp.handle = cpu_to_le16(conn->handle);
		hci_cp.which = 0x01; /* Piconet clock */