aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarcel Holtmann <marcel@holtmann.org>2006-10-20 08:55:48 +0200
committerDavid S. Miller <davem@sunset.davemloft.net>2006-10-20 01:15:05 -0700
commit7b19ffc40b0247fcfe083644fdb621fdb3c05ef6 (patch)
tree4980d57a434ba6fbba1b9c566e531158d8de9327
parent8602b4fe6e82d5eeb479efd3bca19bc3dd722f5a (diff)
downloadkernel_samsung_aries-7b19ffc40b0247fcfe083644fdb621fdb3c05ef6.zip
kernel_samsung_aries-7b19ffc40b0247fcfe083644fdb621fdb3c05ef6.tar.gz
kernel_samsung_aries-7b19ffc40b0247fcfe083644fdb621fdb3c05ef6.tar.bz2
[Bluetooth] Fix HID disconnect NULL pointer dereference
The latest HID disconnect sequence change introduced a NULL pointer dereference. For the quirk to handle buggy remote HID implementations, it is enough to wait for a potential control channel disconnect from the remote side and it is also enough to wait only 500 msecs. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-rw-r--r--net/bluetooth/hidp/core.c6
1 files changed, 2 insertions, 4 deletions
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index 9a562cf..6678201 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -507,12 +507,10 @@ static int hidp_session(void *arg)
hidp_del_timer(session);
- if (intr_sk->sk_state != BT_CONNECTED)
- wait_event_timeout(*(ctrl_sk->sk_sleep), (ctrl_sk->sk_state == BT_CLOSED), HZ);
-
fput(session->intr_sock->file);
- wait_event_timeout(*(intr_sk->sk_sleep), (intr_sk->sk_state == BT_CLOSED), HZ);
+ wait_event_timeout(*(ctrl_sk->sk_sleep),
+ (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
fput(session->ctrl_sock->file);