[bug report] NFC: Initial LLCP support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Samuel Ortiz,

Commit d646960f7986 ("NFC: Initial LLCP support") from Dec 14, 2011
(linux-next), leads to the following Smatch static checker warning:

	net/nfc/llcp_core.c:1147 nfc_llcp_recv_hdlc()
	warn: double unlock 'sk' (orig line 1088)

net/nfc/llcp_core.c
    1064 static void nfc_llcp_recv_hdlc(struct nfc_llcp_local *local,
    1065                                struct sk_buff *skb)
    1066 {
    1067         struct nfc_llcp_sock *llcp_sock;
    1068         struct sock *sk;
    1069         u8 dsap, ssap, ptype, ns, nr;
    1070 
    1071         ptype = nfc_llcp_ptype(skb);
    1072         dsap = nfc_llcp_dsap(skb);
    1073         ssap = nfc_llcp_ssap(skb);
    1074         ns = nfc_llcp_ns(skb);
    1075         nr = nfc_llcp_nr(skb);
    1076 
    1077         pr_debug("%d %d R %d S %d\n", dsap, ssap, nr, ns);
    1078 
    1079         llcp_sock = nfc_llcp_sock_get(local, dsap, ssap);
    1080         if (llcp_sock == NULL) {
    1081                 nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_NOCONN);
    1082                 return;
    1083         }
    1084 
    1085         sk = &llcp_sock->sk;
    1086         lock_sock(sk);
    1087         if (sk->sk_state == LLCP_CLOSED) {
    1088                 release_sock(sk);
    1089                 nfc_llcp_sock_put(llcp_sock);

Sorry, to bother you after 15 years, but hopefully this question is easy.  Was
there supposed to be a return; after the nfc_llcp_sock_put()?

    1090         }
    1091 
    1092         /* Pass the payload upstream */
    1093         if (ptype == LLCP_PDU_I) {
    1094                 pr_debug("I frame, queueing on %p\n", &llcp_sock->sk);
    1095 
    1096                 if (ns == llcp_sock->recv_n)
    1097                         llcp_sock->recv_n = (llcp_sock->recv_n + 1) % 16;
    1098                 else
    1099                         pr_err("Received out of sequence I PDU\n");
    1100 
    1101                 skb_pull(skb, LLCP_HEADER_SIZE + LLCP_SEQUENCE_SIZE);
    1102                 if (!sock_queue_rcv_skb(&llcp_sock->sk, skb)) {
    1103                         /*
    1104                          * I frames will be freed from the socket layer, so we
    1105                          * need to keep them alive until someone receives them.
    1106                          */
    1107                         skb_get(skb);
    1108                 } else {
    1109                         pr_err("Receive queue is full\n");
    1110                 }
    1111         }
    1112 
    1113         /* Remove skbs from the pending queue */
    1114         if (llcp_sock->send_ack_n != nr) {
    1115                 struct sk_buff *s, *tmp;
    1116                 u8 n;
    1117 
    1118                 llcp_sock->send_ack_n = nr;
    1119 
    1120                 /* Remove and free all skbs until ns == nr */
    1121                 skb_queue_walk_safe(&llcp_sock->tx_pending_queue, s, tmp) {
    1122                         n = nfc_llcp_ns(s);
    1123 
    1124                         skb_unlink(s, &llcp_sock->tx_pending_queue);
    1125                         kfree_skb(s);
    1126 
    1127                         if (n == nr)
    1128                                 break;
    1129                 }
    1130 
    1131                 /* Re-queue the remaining skbs for transmission */
    1132                 skb_queue_reverse_walk_safe(&llcp_sock->tx_pending_queue,
    1133                                             s, tmp) {
    1134                         skb_unlink(s, &llcp_sock->tx_pending_queue);
    1135                         skb_queue_head(&local->tx_queue, s);
    1136                 }
    1137         }
    1138 
    1139         if (ptype == LLCP_PDU_RR)
    1140                 llcp_sock->remote_ready = true;
    1141         else if (ptype == LLCP_PDU_RNR)
    1142                 llcp_sock->remote_ready = false;
    1143 
    1144         if (nfc_llcp_queue_i_frames(llcp_sock) == 0 && ptype == LLCP_PDU_I)
    1145                 nfc_llcp_send_rr(llcp_sock);
    1146 
--> 1147         release_sock(sk);
    1148         nfc_llcp_sock_put(llcp_sock);

We call release and put again here.

    1149 }

regards,
dan carpenter




[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux