This series fixes a refcount/locking imbalance in NFC LLCP receive handlers when the socket is already in LLCP_CLOSED.
nfc_llcp_recv_disc() used to perform release_sock()/nfc_llcp_sock_put() in the CLOSED branch but did not exit, and then performed the same cleanup again on the common exit path. Drop the redundant CLOSED-branch cleanup so the common exit path runs it exactly once, while keeping the existing DM_DISC reply behavior.
nfc_llcp_recv_hdlc() performed the CLOSED cleanup but then continued processing and later cleaned up again on the common exit path. Return immediately after the CLOSED cleanup.
Changes in v2: - Drop Reported-by tags - Add missing Fixes tags
Build-tested with: make M=net/nfc (no NFC HW available for runtime testing).
Qianchang Zhao (2): nfc: llcp: avoid double release/put on LLCP_CLOSED in nfc_llcp_recv_disc() nfc: llcp: stop processing on LLCP_CLOSED in nfc_llcp_recv_hdlc()
net/nfc/llcp_core.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-)