From: Andrei Emeltchenko <andrei.emeltchenko.news@gmail.com>
To: Dean Jenkins <djenkins@mvista.com>
Cc: linux-bluetooth@vger.kernel.org
Subject: Re: Proposal to remove the rfcomm session refcnt and use the rfcomm state machine to delete the session
Date: Wed, 16 May 2012 18:01:25 +0300 [thread overview]
Message-ID: <20120516150124.GD10880@aemeltch-MOBL1> (raw)
In-Reply-To: <CAJ2qBzbxL8r4x88DteVeR-P9ooXfsL81LQrUuwXxf1eK_zidug@mail.gmail.com>
Hi Dean,
On Tue, May 15, 2012 at 07:25:02PM +0100, Dean Jenkins wrote:
> Signed-off-by: Dean Jenkins <djenkins@mvista.com>
> ---
> net/bluetooth/rfcomm/core.c | 15 ++++++++++++---
> 1 file changed, 12 insertions(+), 3 deletions(-)
>
> diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
> index 8a60238..d95c34e 100644
> --- a/net/bluetooth/rfcomm/core.c
> +++ b/net/bluetooth/rfcomm/core.c
> @@ -618,6 +618,15 @@ static struct rfcomm_session
> *rfcomm_session_add(struct socket *sock, int state)
> return NULL;
> }
>
> + /*
> + * refcnt must be 1 before adding to the session list
> + * otherwise threads such as rfcomm_security_cfm()
> + * can interrupt and cause
> + * rfcomm_session_hold() ... rfcomm_session_put() sequence to
> + * erroneously delete the session structure.
> + */
> + rfcomm_session_hold(s);
> +
> list_add(&s->list, &session_list);
This looks right to me.
>
> return s;
> @@ -678,6 +687,9 @@ static void rfcomm_session_close(struct
> rfcomm_session *s, int err)
>
> rfcomm_session_clear_timer(s);
> rfcomm_session_put(s);
> +
> + /* to match with initial session creation rfcomm_session_hold() */
> + rfcomm_session_put(s);
Quickly looking to the changed it looks like refcounting is not changed
for accepting rfcomm but changed for connecting side. Have you tested both
situations?
> }
>
> static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
> @@ -1905,8 +1917,6 @@ static inline void
> rfcomm_accept_connection(struct rfcomm_session *s)
>
> s = rfcomm_session_add(nsock, BT_OPEN);
> if (s) {
> - rfcomm_session_hold(s);
> -
this and
> /* We should adjust MTU on incoming sessions.
> * L2CAP MTU minus UIH header and FCS. */
> s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
> @@ -2027,7 +2037,6 @@ static int rfcomm_add_listener(bdaddr_t *ba)
> if (!s)
> goto failed;
>
> - rfcomm_session_hold(s);
this looks OK given that we hold session when creating.
Also in the code there are places when we check is rfcomm session
initiator and then make refcounting which means something is wrong.
Best regards
Andrei Emeltchenko
next prev parent reply other threads:[~2012-05-16 15:01 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-14 12:25 Proposal to remove the rfcomm session refcnt and use the rfcomm state machine to delete the session Dean Jenkins
2012-05-15 18:25 ` Dean Jenkins
2012-05-16 15:01 ` Andrei Emeltchenko [this message]
2012-05-16 18:38 ` Dean Jenkins
2012-05-18 18:13 ` Dean Jenkins
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120516150124.GD10880@aemeltch-MOBL1 \
--to=andrei.emeltchenko.news@gmail.com \
--cc=djenkins@mvista.com \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox