Due to a race condition, device_attach_att() may be reached when the
dev is actually already disconnected but dev->att is not yet cleaned up
by att_disconnect_cb(). Therefore we should check whether the dev is
connected before attaching EATT.
The race condition is discovered at rare cases when there is a very
quick reconnection after disconnection so that device_attach_att() is
called even before att_disconnect_cb(). This case is more probable to
happen when the host goes to suspend right before dev_disconnected() is
invoked and when the host is woken up by a reconnection the reconnection
is processed earlier than the cleanup in att_disconnect_cb().
Reviewed-by: Abhishek Pandit-Subedi <abhishekpandit@xxxxxxxxxxxx>
---
src/device.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/device.c b/src/device.c
index 65838f59f..319a929ee 100644
--- a/src/device.c
+++ b/src/device.c
@@ -5306,7 +5306,7 @@ bool device_attach_att(struct btd_device *dev, GIOChannel *io)
return false;
}
- if (dev->att) {
+ if (btd_device_is_connected(dev) && dev->att) {
if (btd_opts.gatt_channels == bt_att_get_channels(dev->att)) {
DBG("EATT channel limit reached");
return false;
--
2.31.0
