Bluetooth: hci_ldisc: Add missing clear HCI_UART_PROTO_READY
authorDean Jenkins <Dean_Jenkins@mentor.com>
Thu, 20 Apr 2017 17:06:41 +0000 (18:06 +0100)
committerMarcel Holtmann <marcel@holtmann.org>
Sat, 22 Apr 2017 08:28:40 +0000 (10:28 +0200)
Ensure that HCI_UART_PROTO_READY is cleared before close(hu) is
called which closes the Data Link protocol layer.

Therefore, add the missing bit clear of HCI_UART_PROTO_READY to
hci_uart_init_work() so that the flag is cleared when
hci_register_dev fails.

Without the fix, the functions of the Data Link protocol layer could
potentially be accessed after that layer has been closed. This
could lead to a crash as memory would have been freed in that layer.

Signed-off-by: Dean Jenkins <Dean_Jenkins@mentor.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
drivers/bluetooth/hci_ldisc.c

index b1096d1ab30edc55ecbb00d0dd5993d313cabed5..c53513cb76542b35e110cf24691efc557b5e6481 100644 (file)
@@ -188,6 +188,7 @@ static void hci_uart_init_work(struct work_struct *work)
                hdev = hu->hdev;
                hu->hdev = NULL;
                hci_free_dev(hdev);
+               clear_bit(HCI_UART_PROTO_READY, &hu->flags);
                hu->proto->close(hu);
                return;
        }