Skip to content

Commit

Permalink
Bluetooth: Clear RFCOMM session timer when disconnecting last channel
Browse files Browse the repository at this point in the history 
When the last RFCOMM data channel is closed, a timer is normally set
up to disconnect the control channel at a later time.  If the control
channel disconnect command is sent with the timer pending, the timer
needs to be cancelled.

If the timer is not cancelled in this situation, the reference
counting logic for the RFCOMM session does not work correctly when the
remote device closes the L2CAP connection.  The session is freed at
the wrong time, leading to a kernel panic.

Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
  • Loading branch information
Mat Martineau authored and Gustavo F. Padovan committed Dec 19, 2011
1 parent 36e999a commit 79e6547
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions net/bluetooth/rfcomm/core.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1146,6 +1146,7 @@ static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
if (list_empty(&s->dlcs)) {
s->state = BT_DISCONN;
rfcomm_send_disc(s, 0);
rfcomm_session_clear_timer(s);
}

break;
Expand Down

0 comments on commit 79e6547

Please sign in to comment.