Bluetooth: Fix balancing of hci_conn refcnts
When LE was added, the refcnt's for the hci_conns used were not balanced
and some of this bleeded over between LE pairing and Legacy pairing.
CRs-fixed: 305391
Signed-off-by: Brian Gix <bgix@codeaurora.org>
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 6ec00d5..354207d 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -1336,8 +1336,6 @@
conn->security_cfm_cb = NULL;
conn->disconn_cfm_cb = NULL;
- hci_conn_put(conn);
-
mgmt_pending_remove(cmd);
}
@@ -1356,7 +1354,7 @@
pairing_complete(cmd, status);
}
-static void security_complete_cb(struct hci_conn *conn, u8 status)
+static void pairing_security_complete_cb(struct hci_conn *conn, u8 status)
{
struct pending_cmd *cmd;
@@ -1375,7 +1373,7 @@
pairing_complete(cmd, status);
}
-static void connect_complete_cb(struct hci_conn *conn, u8 status)
+static void pairing_connect_complete_cb(struct hci_conn *conn, u8 status)
{
struct pending_cmd *cmd;
@@ -1386,6 +1384,7 @@
BT_DBG("Unable to find a pending command");
return;
}
+ hci_conn_put(conn);
}
static void discovery_terminated(struct pending_cmd *cmd, void *data)
@@ -1465,8 +1464,8 @@
goto unlock;
}
- conn->connect_cfm_cb = connect_complete_cb;
- conn->security_cfm_cb = security_complete_cb;
+ conn->connect_cfm_cb = pairing_connect_complete_cb;
+ conn->security_cfm_cb = pairing_security_complete_cb;
conn->disconn_cfm_cb = pairing_complete_cb;
conn->io_capability = io_cap;
cmd->user_data = conn;