git.baikalelectronics.ru Git - kernel.git/commit

author	Marcel Holtmann <marcel@holtmann.org>
	Sun, 30 Nov 2008 11:17:29 +0000 (12:17 +0100)
committer	Marcel Holtmann <marcel@holtmann.org>
	Sun, 30 Nov 2008 11:17:29 +0000 (12:17 +0100)
commit	81b1ab5b474c77f8f2016447aa1ec24d8f2f966b
tree	0e45cc166ce12c42cb7a94cac2dd82e255552120	tree \| snapshot
parent	59be1f65b369af55e3b5413f5653750ea7d25b6d	commit \| diff

Bluetooth: Fix RFCOMM release oops when device is still in use

It turns out that the following sequence of actions will reproduce the
oops:

  1. Create a new RFCOMM device (using RFCOMMCREATEDEV ioctl)
  2. (Try to) open the device
  3. Release the RFCOMM device (using RFCOMMRELEASEDEV ioctl)

At this point, the "/dev/rfcomm*" device is still in use, but it is gone
from the internal list, so the device id can be reused.

  4. Create a new RFCOMM device with the same device id as before

And now kobject will complain that the TTY already exists.

(See http://lkml.org/lkml/2008/7/13/89 for a reproducible test-case.)

This patch attempts to correct this by only removing the device from the
internal list of devices at the final unregister stage, so that the id
won't get reused until the device has been completely destructed.

This should be safe as the RFCOMM_TTY_RELEASED bit will be set for the
device and prevent the device from being reopened after it has been
released.

Based on a report from Vegard Nossum <vegard.nossum@gmail.com>

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>