AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-11-29 22:46:47 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bluetooth: Avoid rfcomm_session_timeout using freed session

Browse Source 
Use del_timer_sync() instead of del_timer() as this ensures
that rfcomm_session_timeout() is not running on a different
CPU when rfcomm_session_put() is called. This avoids a race
condition on SMP systems because potentially
rfcomm_session_timeout() could reuse the freed RFCOMM session
structure caused by the execution of rfcomm_session_put().

Note that this modification makes the reason for the RFCOMM
session refcnt mechanism redundant.

Signed-off-by: Dean Jenkins <Dean_Jenkins@mentor.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
This commit is contained in:
Dean Jenkins 2013-02-28 14:21:53 +00:00 committed by Gustavo Padovan
parent be9f97f045
commit fea7b02fbf
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
net/bluetooth/rfcomm/core.c
View File

@ -257,7 +257,7 @@ static void rfcomm_session_clear_timer(struct rfcomm_session *s)
{
BT_DBG("session %p state %ld", s, s->state);
if (del_timer(&s->timer))
if (del_timer_sync(&s->timer))
rfcomm_session_put(s);
}