From: Christophe Ricard Date: Sat, 13 Sep 2014 08:28:45 +0000 (+0200) Subject: NFC: st21nfca: Fix recursive fault when doing p2p in target mode. X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=90d5f81afc8369774a6c581b600aef80b1448d35;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git NFC: st21nfca: Fix recursive fault when doing p2p in target mode. This patch fix a previous patch introduce by commit 0a91e8ac240a12ac3a03581deb8cd531788c63d4 It is actually fixing a double free mistake in all st21nfca_tm_* function. We decide to return directly in case of successful execution because skb got already freed. In st21nfca_tm_recv_dep_req it got freed by nfc_tm_data_received. Signed-off-by: Christophe Ricard Signed-off-by: Samuel Ortiz --- diff --git a/drivers/nfc/st21nfca/st21nfca.c b/drivers/nfc/st21nfca/st21nfca.c index e5f92aaa5466..a89e56c2c749 100644 --- a/drivers/nfc/st21nfca/st21nfca.c +++ b/drivers/nfc/st21nfca/st21nfca.c @@ -861,19 +861,16 @@ static int st21nfca_hci_event_received(struct nfc_hci_dev *hdev, u8 gate, if (gate == ST21NFCA_RF_CARD_F_GATE) { r = st21nfca_tm_event_send_data(hdev, skb, gate); if (r < 0) - goto exit; - } else { - info->dep_info.curr_nfc_dep_pni = 0; - return 1; + return r; + return 0; } - break; + info->dep_info.curr_nfc_dep_pni = 0; + return 1; default: return 1; } kfree_skb(skb); return 0; -exit: - return r; } static struct nfc_hci_ops st21nfca_hci_ops = {