commit 7d5c11da1ff6389511c42448f59456373edfc103
author Szymon Janc <szymon.janc@codecoup.pl> Mon Sep 19 20:25:52 2016 +0200
committer Marcel Holtmann <marcel@holtmann.org> Mon Sep 19 20:33:27 2016 +0200
tree b853315c348fb994346c4c29af8d9d877470928e
parent 162f812f23bab583f5d514ca0e4df67797ac9cdf

Bluetooth: Refactor read_ext_controller_info handler

There is no need to allocate heap for reply only to copy stack data to
it. This also fix rp memory leak and missing hdev unlock if kmalloc
failed.

Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

net/bluetooth/mgmt.c

diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 54dd218..604c481 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -881,35 +881,17 @@
 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
 				    void *data, u16 data_len)
 {
-	struct mgmt_rp_read_ext_info *rp;
-	char buff[512];
+	char buf[512];
+	struct mgmt_rp_read_ext_info *rp = (void *)buf;
 	u16 eir_len = 0;
-	u8 name_len;
+	size_t name_len;
 
 	BT_DBG("sock %p %s", sk, hdev->name);
 
+	memset(&buf, 0, sizeof(buf));
+
 	hci_dev_lock(hdev);
 
-	if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
-		eir_len = eir_append_data(buff, eir_len,
-					  EIR_CLASS_OF_DEV,
-					  hdev->dev_class, 3);
-
-	name_len = strlen(hdev->dev_name);
-	eir_len = eir_append_data(buff, eir_len, EIR_NAME_COMPLETE,
-				  hdev->dev_name, name_len);
-
-	name_len = strlen(hdev->short_name);
-	eir_len = eir_append_data(buff, eir_len, EIR_NAME_SHORT,
-				  hdev->short_name, name_len);
-
-	rp = kzalloc(sizeof(*rp) + eir_len, GFP_KERNEL);
-	if (!rp)
-		return -ENOMEM;
-
-	rp->eir_len = cpu_to_le16(eir_len);
-	memcpy(rp->eir, buff, eir_len);
-
 	bacpy(&rp->bdaddr, &hdev->bdaddr);
 
 	rp->version = hdev->hci_ver;
@@ -918,6 +900,20 @@
 	rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
 	rp->current_settings = cpu_to_le32(get_current_settings(hdev));
 
+	if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
+		eir_len = eir_append_data(rp->eir, eir_len, EIR_CLASS_OF_DEV,
+					  hdev->dev_class, 3);
+
+	name_len = strlen(hdev->dev_name);
+	eir_len = eir_append_data(rp->eir, eir_len, EIR_NAME_COMPLETE,
+				  hdev->dev_name, name_len);
+
+	name_len = strlen(hdev->short_name);
+	eir_len = eir_append_data(rp->eir, eir_len, EIR_NAME_SHORT,
+				  hdev->short_name, name_len);
+
+	rp->eir_len = cpu_to_le16(eir_len);
+
 	hci_dev_unlock(hdev);
 
 	/* If this command is called at least once, then the events