On 07/26/2013 01:18 PM, Gianluca Anzolin wrote:
The tty_port can be released in two cases: when we get a HUP in the functions rfcomm_tty_hangup() and rfcomm_dev_state_change(). Or when the user releases the device in rfcomm_release_dev(). In these cases we set the flag RFCOMM_TTY_RELEASED so that no other function can get a reference to the tty_port. The rfcomm_dev_del function is removed becase it isn't used anymore.
While reviewing your RFC patch for fixing rfcomm_dev_state_change(), I realized I missed a problem in this patch.
@@ -614,7 +601,9 @@ static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) return; } - rfcomm_dev_del(dev); + set_bit(RFCOMM_TTY_RELEASED, &dev->flags); + tty_port_put(&dev->port);
Since this code can execute concurrently with rfcomm_release_dev(), and the 'initial' port reference must only be dropped once, this should be if (!test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags) tty_port_put(&dev->port); Regards, Peter Hurley -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
