Hi Anderson,
> create_singlethread_workqueue() may fail with errors such as -ENOMEM. If
> this happens, the return value is not set to a negative value and the
> module load will succeed. It will then crash on module unload because of
> a destroy_workqueue() call on a NULL pointer.
>
> Additionally, the _busy_wq workqueue is not being destroyed if any
> errors happen on l2cap_init().
>
> Signed-off-by: Anderson Lizardo <anderson.lizardo@xxxxxxxxxxxxx>
> ---
> net/bluetooth/l2cap.c | 8 ++++++--
> 1 files changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
> index 18a802c..7980e24 100644
> --- a/net/bluetooth/l2cap.c
> +++ b/net/bluetooth/l2cap.c
> @@ -4875,8 +4875,10 @@ static int __init l2cap_init(void)
> return err;
>
> _busy_wq = create_singlethread_workqueue("l2cap");
> - if (!_busy_wq)
> - goto error;
> + if (!_busy_wq) {
> + err = -ENOMEM;
> + goto error_busy_wq;
> + }
aren't these returning PTR_ERR etc.?
Regards
Marcel
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
