[v2] nfc: llcp: fix double put/unlock on LLCP_CLOSED in recv handlers

[PATCH v2 0/2] nfc: llcp: fix double put/unlock on LLCP_CLOSED in recv handlers

Qianchang Zhao posted 2 patches 1 month, 3 weeks ago

Diff against v2 v3
Download series mbox

There is a newer version of this series

net/nfc/llcp_core.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)

Expand all Fold all

[PATCH v2 0/2] nfc: llcp: fix double put/unlock on LLCP_CLOSED in recv handlers

Posted by Qianchang Zhao 1 month, 3 weeks ago

This series fixes a refcount/locking imbalance in NFC LLCP receive handlers
when the socket is already in LLCP_CLOSED.

nfc_llcp_recv_disc() used to perform release_sock()/nfc_llcp_sock_put() in the CLOSED
branch but did not exit, and then performed the same cleanup again on the common
exit path. Drop the redundant CLOSED-branch cleanup so the common exit path runs
it exactly once, while keeping the existing DM_DISC reply behavior.

nfc_llcp_recv_hdlc() performed the CLOSED cleanup but then continued processing
and later cleaned up again on the common exit path. Return immediately after the
CLOSED cleanup.

Changes in v2:
- Drop Reported-by tags
- Add missing Fixes tags

Build-tested with: make M=net/nfc (no NFC HW available for runtime testing).

Qianchang Zhao (2):
  nfc: llcp: avoid double release/put on LLCP_CLOSED in
    nfc_llcp_recv_disc()
  nfc: llcp: stop processing on LLCP_CLOSED in nfc_llcp_recv_hdlc()

 net/nfc/llcp_core.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

-- 
2.34.1