diff options
author | Dean Jenkins <Dean_Jenkins@mentor.com> | 2013-02-28 14:21:53 +0000 |
---|---|---|
committer | Gustavo Padovan <gustavo.padovan@collabora.co.uk> | 2013-03-08 10:40:24 -0300 |
commit | fea7b02fbf73adb2e746f00ed279a782de7e74e4 (patch) | |
tree | b5f944e911d7e9db66d503b45a8473a85948740e /net/bluetooth/rfcomm | |
parent | be9f97f04565a6c438b7521ad679870d25645475 (diff) |
Bluetooth: Avoid rfcomm_session_timeout using freed session
Use del_timer_sync() instead of del_timer() as this ensures
that rfcomm_session_timeout() is not running on a different
CPU when rfcomm_session_put() is called. This avoids a race
condition on SMP systems because potentially
rfcomm_session_timeout() could reuse the freed RFCOMM session
structure caused by the execution of rfcomm_session_put().
Note that this modification makes the reason for the RFCOMM
session refcnt mechanism redundant.
Signed-off-by: Dean Jenkins <Dean_Jenkins@mentor.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Diffstat (limited to 'net/bluetooth/rfcomm')
-rw-r--r-- | net/bluetooth/rfcomm/core.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c index b23e2713fea8..d301fbbe2098 100644 --- a/net/bluetooth/rfcomm/core.c +++ b/net/bluetooth/rfcomm/core.c @@ -257,7 +257,7 @@ static void rfcomm_session_clear_timer(struct rfcomm_session *s) { BT_DBG("session %p state %ld", s, s->state); - if (del_timer(&s->timer)) + if (del_timer_sync(&s->timer)) rfcomm_session_put(s); } |