git.baikalelectronics.ru Git - kernel.git/commit

author	Peter Hurley <peter@hurleysoftware.com>
	Mon, 10 Feb 2014 01:59:08 +0000 (20:59 -0500)
committer	Marcel Holtmann <marcel@holtmann.org>
	Fri, 14 Feb 2014 21:39:29 +0000 (13:39 -0800)
commit	354ac13b98042b11db35f77b91e3e5609105c53a
tree	3a1c25981ab3a5a77a1d656c7b2b44dae32d2698	tree \| snapshot
parent	f445b2f05766d0fece1784a68cffc7220294e0f5	commit \| diff

Bluetooth: Fix unreleased rfcomm_dev reference

When RFCOMM_RELEASE_ONHUP is set, the rfcomm tty driver 'takes over'
the initial rfcomm_dev reference created by the RFCOMMCREATEDEV ioctl.
The assumption is that the rfcomm tty driver will release the
rfcomm_dev reference when the tty is freed (in rfcomm_tty_cleanup()).
However, if the tty is never opened, the 'take over' never occurs,
so when RFCOMMRELEASEDEV ioctl is called, the reference is not
released.

Track the state of the reference 'take over' so that the release
is guaranteed by either the RFCOMMRELEASEDEV ioctl or the rfcomm tty
driver.

Note that the synchronous hangup in rfcomm_release_dev() ensures
that rfcomm_tty_install() cannot race with the RFCOMMRELEASEDEV ioctl.

Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Tested-By: Alexander Holler <holler@ahsoftware.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

include/net/bluetooth/rfcomm.h		diff \| blob \| history
net/bluetooth/rfcomm/tty.c		diff \| blob \| history