Bluetooth: Release rfcomm_dev only once
authorPeter Hurley <peter@hurleysoftware.com>
Mon, 10 Feb 2014 01:59:07 +0000 (20:59 -0500)
committerMarcel Holtmann <marcel@holtmann.org>
Fri, 14 Feb 2014 21:39:29 +0000 (13:39 -0800)
commit1c64834e0624c61735308138e67cc3b527f41621
tree912156866fbaa316a2197f261646737f95a88e57
parent960603a54aa0d5f4f1c4f1037bcaee571d03cb1e
Bluetooth: Release rfcomm_dev only once

No logic prevents an rfcomm_dev from being released multiple
times. For example, if the rfcomm_dev ref count is large due
to pending tx, then multiple RFCOMMRELEASEDEV ioctls may
mistakenly release the rfcomm_dev too many times. Note that
concurrent ioctls are not required to create this condition.

Introduce RFCOMM_DEV_RELEASED status bit which guarantees the
rfcomm_dev can only be released once.

NB: Since the flags are exported to userspace, introduce the status
field to track state for which userspace should not be aware.

Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Tested-By: Alexander Holler <holler@ahsoftware.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
include/net/bluetooth/rfcomm.h
net/bluetooth/rfcomm/tty.c