Hi Mat, * Mat Martineau <mathewm@xxxxxxxxxxxxxx> [2012-04-27 16:50:52 -0700]: > As the comment for l2cap_get_chan_by_scid indicated, the function used > to return a locked socket. The lock for the socket was acquired while > the channel list was also locked. > > When locking was moved over to the l2cap_chan structure, the channel > lock was no longer acquired with the channel list still locked. This > made it possible for the l2cap_chan to be deleted after > conn->chan_lock was released but before l2cap_chan_lock was called. > Making the call to l2cap_chan_lock before releasing conn->chan_lock > makes it impossible for the l2cap_chan to be deleted at the wrong > time. > > Signed-off-by: Mat Martineau <mathewm@xxxxxxxxxxxxxx> > --- > net/bluetooth/l2cap_core.c | 10 +++------- > 1 file changed, 3 insertions(+), 7 deletions(-) Applied to bluetooth-next. Thanks. Gustavo -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
