On Fri, Jul 26, 2013 at 08:20:47PM -0400, Peter Hurley wrote: > On 07/26/2013 01:18 PM, Gianluca Anzolin wrote: > >@@ -614,7 +601,9 @@ static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) > > return; > > } > > > >- rfcomm_dev_del(dev); > >+ set_bit(RFCOMM_TTY_RELEASED, &dev->flags); > >+ tty_port_put(&dev->port); > > Since this code can execute concurrently with rfcomm_release_dev(), > and the 'initial' port reference must only be dropped once, this should be > > if (!test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags) > tty_port_put(&dev->port); > > Regards, > Peter Hurley I somehow convinced myself that it was safe but clearly it wasn't. Should I also change the same way the code in rfcomm_tty_hangup()? Thanks, Gianluca -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
