On 05/22/2012 01:17 AM, Gustavo Padovan wrote: > Hi Minho, > > * Minho Ban <mhban@xxxxxxxxxxx> [2012-05-21 09:58:19 +0900]: > >> If l2cap_chan_send is called will null conn it will cause kernel Oops. >> This patch checks if conn is valid before entering l2cap_chan_send. > > chan->conn should be always valid, and if not we have a bug somewhere else in > the code and not in l2cap_chan_send(). It could be a locking problem maybe. > Also check if you can reproduce this with latest bluetooth-next. > > Gustavo > Thanks for comment. I'm using bluetooth-next backporting to kernel 3.0 I wonder how do we guarantee chan->conn is valid if other thread release chan->lock just after exit l2cap_chan_del. It seem l2cap_chan_del is well protected with various mutex (eg, sk, conn, chan) but that may not enough to prevent lock waiters from accessing object. Regards, Minho Ban -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
