Commit 4bd80d7a authored Feb 13, 2022 by Niels Dossche Committed by Marcel Holtmann Mar 04, 2022

Bluetooth: move adv_instance_cnt read within the device lock



The field adv_instance_cnt is always accessed within a device lock,
except in the function add_advertising. A concurrent remove of an
advertisement with adding another one could result in the if check
"if a new instance was actually added" to not trigger, resulting
in not triggering the "advertising added event".

Signed-off-by: Niels Dossche <niels.dossche@ugent.be>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

parent 728abc01

net/bluetooth/mgmt.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -8079,7 +8079,7 @@ static int add_advertising(struct sock sk, struct hci_dev hdev,
		u32 flags;
		u8 status;
		u16 timeout, duration;
		unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
		unsigned int prev_instance_cnt;
		u8 schedule_instance = 0;
		struct adv_info *next_instance;
		int err;
		@@ -8130,6 +8130,8 @@ static int add_advertising(struct sock sk, struct hci_dev hdev,
		goto unlock;
		}

		prev_instance_cnt = hdev->adv_instance_cnt;

		err = hci_add_adv_instance(hdev, cp->instance, flags,
		cp->adv_data_len, cp->data,
		cp->scan_rsp_len,