aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth
diff options
context:
space:
mode:
authorMarcel Holtmann <marcel@holtmann.org>2009-05-08 21:20:43 -0400
committerMarcel Holtmann <marcel@holtmann.org>2009-05-09 21:09:38 -0400
commit384943ec1bb462e410390ad8f108ff1474cd882d (patch)
treedf2fba9cebf66d5617bda674b4bbb997f01e8016 /net/bluetooth
parente1cc1c578055d20d36e084e324001fb5e0355a71 (diff)
Bluetooth: Fix wrong module refcount when connection setup fails
The module refcount is increased by hci_dev_hold() call in hci_conn_add() and decreased by hci_dev_put() call in del_conn(). In case the connection setup fails, hci_dev_put() is never called. Procedure to reproduce the issue: # hciconfig hci0 up # lsmod | grep btusb -> "used by" refcount = 1 # hcitool cc <non-exisiting bdaddr> -> will get timeout # lsmod | grep btusb -> "used by" refcount = 2 # hciconfig hci0 down # lsmod | grep btusb -> "used by" refcount = 1 # rmmod btusb -> ERROR: Module btusb is in use The hci_dev_put() call got moved into del_conn() with the 2.6.25 kernel to fix an issue with hci_dev going away before hci_conn. However that change was wrong and introduced this problem. When calling hci_conn_del() it has to call hci_dev_put() after freeing the connection details. This handling should be fully symmetric. The execution of del_conn() is done in a work queue and needs it own calls to hci_dev_hold() and hci_dev_put() to ensure that the hci_dev stays until the connection cleanup has been finished. Based on a report by Bing Zhao <bzhao@marvell.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Tested-by: Bing Zhao <bzhao@marvell.com>
Diffstat (limited to 'net/bluetooth')
-rw-r--r--net/bluetooth/hci_conn.c2
-rw-r--r--net/bluetooth/hci_sysfs.c3
2 files changed, 5 insertions, 0 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 61309b26f271..85a1c6be2db9 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -292,6 +292,8 @@ int hci_conn_del(struct hci_conn *conn)
292 292
293 hci_conn_del_sysfs(conn); 293 hci_conn_del_sysfs(conn);
294 294
295 hci_dev_put(hdev);
296
295 return 0; 297 return 0;
296} 298}
297 299
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index a05d45eb3ba1..4cc3624bd22d 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -99,6 +99,8 @@ static void add_conn(struct work_struct *work)
99 BT_ERR("Failed to register connection device"); 99 BT_ERR("Failed to register connection device");
100 return; 100 return;
101 } 101 }
102
103 hci_dev_hold(hdev);
102} 104}
103 105
104/* 106/*
@@ -134,6 +136,7 @@ static void del_conn(struct work_struct *work)
134 136
135 device_del(&conn->dev); 137 device_del(&conn->dev);
136 put_device(&conn->dev); 138 put_device(&conn->dev);
139
137 hci_dev_put(hdev); 140 hci_dev_put(hdev);
138} 141}
139 142