aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth/rfcomm
diff options
context:
space:
mode:
Diffstat (limited to 'net/bluetooth/rfcomm')
-rw-r--r--net/bluetooth/rfcomm/core.c18
-rw-r--r--net/bluetooth/rfcomm/sock.c2
2 files changed, 14 insertions, 6 deletions
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index 501649bf5596..8a602388f1e7 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -1164,12 +1164,18 @@ static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1164 break; 1164 break;
1165 1165
1166 case BT_DISCONN: 1166 case BT_DISCONN:
1167 /* When socket is closed and we are not RFCOMM 1167 /* rfcomm_session_put is called later so don't do
1168 * initiator rfcomm_process_rx already calls 1168 * anything here otherwise we will mess up the session
1169 * rfcomm_session_put() */ 1169 * reference counter:
1170 if (s->sock->sk->sk_state != BT_CLOSED) 1170 *
1171 if (list_empty(&s->dlcs)) 1171 * (a) when we are the initiator dlc_unlink will drive
1172 rfcomm_session_put(s); 1172 * the reference counter to 0 (there is no initial put
1173 * after session_add)
1174 *
1175 * (b) when we are not the initiator rfcomm_rx_process
1176 * will explicitly call put to balance the initial hold
1177 * done after session add.
1178 */
1173 break; 1179 break;
1174 } 1180 }
1175 } 1181 }
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index f066678faeee..22169c3f1482 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -956,6 +956,8 @@ int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc *
956 if (!sk) 956 if (!sk)
957 goto done; 957 goto done;
958 958
959 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
960
959 rfcomm_sock_init(sk, parent); 961 rfcomm_sock_init(sk, parent);
960 bacpy(&bt_sk(sk)->src, &src); 962 bacpy(&bt_sk(sk)->src, &src);
961 bacpy(&bt_sk(sk)->dst, &dst); 963 bacpy(&bt_sk(sk)->dst, &dst);