diff options
author | Johan Hedberg <johan.hedberg@intel.com> | 2014-12-11 21:45:44 +0200 |
---|---|---|
committer | Marcel Holtmann <marcel@holtmann.org> | 2014-12-11 20:57:38 +0100 |
commit | 15013aeb63fb4df7ff809d63246c8398e9703736 (patch) | |
tree | 82efe1e90f240ab487d845eeeeeea06c443bb627 | |
parent | 417287de88bfbb724bab2f50782395d2606b28e1 (diff) | |
download | linux-15013aeb63fb4df7ff809d63246c8398e9703736.tar.gz |
Bluetooth: Fix calling hci_conn_put too early
The pairing_complete() function relies on a hci_conn reference to be
able to access the hci_conn object. It should therefore only release
this reference once it's done accessing the object, i.e. at the end of
the function.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-rw-r--r-- | net/bluetooth/mgmt.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index 16ac03730f4d..34da65ccc888 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c @@ -3115,14 +3115,14 @@ static void pairing_complete(struct pending_cmd *cmd, u8 status) conn->disconn_cfm_cb = NULL; hci_conn_drop(conn); - hci_conn_put(conn); - mgmt_pending_remove(cmd); /* The device is paired so there is no need to remove * its connection parameters anymore. */ clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); + + hci_conn_put(conn); } void mgmt_smp_complete(struct hci_conn *conn, bool complete) |