Hi,
On Sat, Jan 25, 2014, johan.hedberg@xxxxxxxxx wrote:
> --- a/net/bluetooth/l2cap_core.c
> +++ b/net/bluetooth/l2cap_core.c
> @@ -442,10 +442,14 @@ static void l2cap_chan_destroy(struct kref *kref)
>
> BT_DBG("chan %p", chan);
>
> + l2cap_chan_lock(chan);
> +
> write_lock(&chan_list_lock);
> list_del(&chan->global_l);
> write_unlock(&chan_list_lock);
>
> + l2cap_chan_unlock(chan);
> +
> kfree(chan);
> }
Please hold on a bit with this patch. The other two in the set should be
good to go though.
Since the race is hard to reproduce I'm not 100% sure this actually
fixes it. Looking at l2cap_get_chan_by_scid holding the lock should not
prevent it from returning the channel.
Johan
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
