Hi Mat, On Wed, May 2, 2012 at 1:42 PM, Mat Martineau <mathewm@xxxxxxxxxxxxxx> wrote: > As the comment for l2cap_get_chan_by_scid indicated, the function used > to return a locked socket. The lock for the socket was acquired while > the channel list was also locked. > > When locking was moved over to the l2cap_chan structure, the channel > lock was no longer acquired with the channel list still locked. This > made it possible for the l2cap_chan to be deleted after > conn->chan_lock was released but before l2cap_chan_lock was called. > Making the call to l2cap_chan_lock before releasing conn->chan_lock > makes it impossible for the l2cap_chan to be deleted at the wrong > time. > > Signed-off-by: Mat Martineau <mathewm@xxxxxxxxxxxxxx> > --- > net/bluetooth/l2cap_core.c | 10 +++------- > 1 file changed, 3 insertions(+), 7 deletions(-) Looks good. I couldn't see this problem when Andrei was adding l2cap_chan_lock and doing other changes, thanks for fixing it. Regards, -- Ulisses Furquim ProFUSION embedded systems http://profusion.mobi Mobile: +55 19 9250 0942 Skype: ulissesffs -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
