nfc: llcp: protect nfc_llcp_sock_unlink() calls

nfc_llcp_sock_link() is called in all paths (bind/connect) as a last
action, still protected with lock_sock().  When cleaning up in
llcp_sock_release(), call nfc_llcp_sock_unlink() in a mirrored way:
earlier and still under the lock_sock().

Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c
index c9d5c42..5c5705f 100644 (file)
--- a/net/nfc/llcp_sock.c
+++ b/net/nfc/llcp_sock.c
@@ -631,6 +631,11 @@ static int llcp_sock_release(struct socket *sock)
                }
        }
 
+       if (sock->type == SOCK_RAW)
+               nfc_llcp_sock_unlink(&local->raw_sockets, sk);
+       else
+               nfc_llcp_sock_unlink(&local->sockets, sk);
+
        if (llcp_sock->reserved_ssap < LLCP_SAP_MAX)
                nfc_llcp_put_ssap(llcp_sock->local, llcp_sock->ssap);
 
@@ -643,11 +648,6 @@ static int llcp_sock_release(struct socket *sock)
        if (sk->sk_state == LLCP_DISCONNECTING)
                return err;
 
-       if (sock->type == SOCK_RAW)
-               nfc_llcp_sock_unlink(&local->raw_sockets, sk);
-       else
-               nfc_llcp_sock_unlink(&local->sockets, sk);
-
 out:
        sock_orphan(sk);
        sock_put(sk);