Bluetooth: Fix crash when using new BT_PHY option

This fixes the invalid check for connected socket which causes the
following trace due to sco_pi(sk)->conn being NULL:

RIP: 0010:sco_sock_getsockopt+0x2ff/0x800 net/bluetooth/sco.c:966

L2CAP has also been fixed since it has the same problem.

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index 9fb47b2b13c90088b2130084ab1b5aecbe2a9609..305710446e660dde260a41cc13717a1f7745ec30 100644 (file)
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -605,7 +605,7 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
                break;
 
        case BT_PHY:
-               if (sk->sk_state == BT_CONNECTED) {
+               if (sk->sk_state != BT_CONNECTED) {
                        err = -ENOTCONN;
                        break;
                }

diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 29ab3e12fb46686739adda6b422772fdb935ac15..c8c3d38cdc7b568fb3293b25fbd68c468c853205 100644 (file)
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -958,7 +958,7 @@ static int sco_sock_getsockopt(struct socket *sock, int level, int optname,
                break;
 
        case BT_PHY:
-               if (sk->sk_state == BT_CONNECTED) {
+               if (sk->sk_state != BT_CONNECTED) {
                        err = -ENOTCONN;
                        break;
                }