Hi Cong,

On Fri, Jan 29, 2016 at 11:37:40AM -0800, Cong Wang wrote:

llcp_sock_getname() checks llcp_sock->dev to make sure
llcp_sock is already connected or bound, however, we could
be in the middle of llcp_sock_bind() where llcp_sock->dev
is bound and llcp_sock->service_name_len is set,
but llcp_sock->service_name is not, in this case we would
lead to copy some bytes from a NULL pointer.

Just lock the sock since this is not a hot path anyway.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Lauro Ramos Venancio <redacted>
Cc: Aloisio Almeida Jr <redacted>
Cc: Samuel Ortiz <redacted>
Signed-off-by: Cong Wang <redacted>
---
 net/nfc/llcp_sock.c | 6 ++++++
 1 file changed, 6 insertions(+)

Applied as well, thanks.

Cheers,
Samuel.