From: Marcel Holtmann Date: Fri, 20 Oct 2006 06:55:48 +0000 (+0200) Subject: [Bluetooth] Fix HID disconnect NULL pointer dereference X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=7b19ffc40b0247fcfe083644fdb621fdb3c05ef6;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git [Bluetooth] Fix HID disconnect NULL pointer dereference The latest HID disconnect sequence change introduced a NULL pointer dereference. For the quirk to handle buggy remote HID implementations, it is enough to wait for a potential control channel disconnect from the remote side and it is also enough to wait only 500 msecs. Signed-off-by: Marcel Holtmann --- diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c index 9a562cf7406b..66782010f82c 100644 --- a/net/bluetooth/hidp/core.c +++ b/net/bluetooth/hidp/core.c @@ -507,12 +507,10 @@ static int hidp_session(void *arg) hidp_del_timer(session); - if (intr_sk->sk_state != BT_CONNECTED) - wait_event_timeout(*(ctrl_sk->sk_sleep), (ctrl_sk->sk_state == BT_CLOSED), HZ); - fput(session->intr_sock->file); - wait_event_timeout(*(intr_sk->sk_sleep), (intr_sk->sk_state == BT_CLOSED), HZ); + wait_event_timeout(*(ctrl_sk->sk_sleep), + (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500)); fput(session->ctrl_sock->file);