From: Mat Martineau <mathewm@codeaurora.org>
To: linux-bluetooth@vger.kernel.org
Cc: padovan@profusion.mobi, pkrystad@codeaurora.org,
Mat Martineau <mathewm@codeaurora.org>
Subject: [PATCH 1/2] Bluetooth: Clear RFCOMM session timer when disconnecting last channel
Date: Tue, 6 Dec 2011 16:23:26 -0800 [thread overview]
Message-ID: <1323217407-2490-2-git-send-email-mathewm@codeaurora.org> (raw)
In-Reply-To: <1323217407-2490-1-git-send-email-mathewm@codeaurora.org>
When the last RFCOMM data channel is closed, a timer is normally set
up to disconnect the control channel at a later time. If the control
channel disconnect command is sent with the timer pending, the timer
needs to be cancelled.
If the timer is not cancelled in this situation, the reference
counting logic for the RFCOMM session does not work correctly when the
remote device closes the L2CAP connection. The session is freed at
the wrong time, leading to a kernel panic.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
---
net/bluetooth/rfcomm/core.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index 4e32e18..2d28dfe 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -1146,6 +1146,7 @@ static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
if (list_empty(&s->dlcs)) {
s->state = BT_DISCONN;
rfcomm_send_disc(s, 0);
+ rfcomm_session_clear_timer(s);
}
break;
--
1.7.8
--
Mat Martineau
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum
next prev parent reply other threads:[~2011-12-07 0:23 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-07 0:23 [PATCH 0/2] Bug fixes for RFCOMM and L2CAP Mat Martineau
2011-12-07 0:23 ` Mat Martineau [this message]
2011-12-08 8:25 ` [PATCH 1/2] Bluetooth: Clear RFCOMM session timer when disconnecting last channel Marcel Holtmann
2011-12-08 16:57 ` Mat Martineau
2011-12-08 22:13 ` Marcel Holtmann
2011-12-07 0:23 ` [PATCH 2/2] Bluetooth: Prevent uninitialized data access in L2CAP configuration Mat Martineau
2011-12-08 8:29 ` Marcel Holtmann
2011-12-08 21:32 ` Mat Martineau
2011-12-16 23:58 ` [PATCH 0/2] Bug fixes for RFCOMM and L2CAP Mat Martineau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1323217407-2490-2-git-send-email-mathewm@codeaurora.org \
--to=mathewm@codeaurora.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=padovan@profusion.mobi \
--cc=pkrystad@codeaurora.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).