nfc: llcp: protect nfc_llcp_sock_unlink() calls
authorKrzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Wed, 2 Mar 2022 19:25:22 +0000 (20:25 +0100)
committerDavid S. Miller <davem@davemloft.net>
Thu, 3 Mar 2022 10:43:37 +0000 (10:43 +0000)
nfc_llcp_sock_link() is called in all paths (bind/connect) as a last
action, still protected with lock_sock().  When cleaning up in
llcp_sock_release(), call nfc_llcp_sock_unlink() in a mirrored way:
earlier and still under the lock_sock().

Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/nfc/llcp_sock.c

index c9d5c427f0359e2e7731893e3a27d888d734c81a..5c5705f5028b62eea5a3e61f2839eaafdab36a44 100644 (file)
@@ -631,6 +631,11 @@ static int llcp_sock_release(struct socket *sock)
                }
        }
 
+       if (sock->type == SOCK_RAW)
+               nfc_llcp_sock_unlink(&local->raw_sockets, sk);
+       else
+               nfc_llcp_sock_unlink(&local->sockets, sk);
+
        if (llcp_sock->reserved_ssap < LLCP_SAP_MAX)
                nfc_llcp_put_ssap(llcp_sock->local, llcp_sock->ssap);
 
@@ -643,11 +648,6 @@ static int llcp_sock_release(struct socket *sock)
        if (sk->sk_state == LLCP_DISCONNECTING)
                return err;
 
-       if (sock->type == SOCK_RAW)
-               nfc_llcp_sock_unlink(&local->raw_sockets, sk);
-       else
-               nfc_llcp_sock_unlink(&local->sockets, sk);
-
 out:
        sock_orphan(sk);
        sock_put(sk);