This fixes a concurrent access issue in the function chan_close_cb
by not locking and unlocking around the function peer_lockup_chan
by use of the function locking pair rcu_read_lock/unlock in order
to have actual protection from concurrent threads of execution when
calling this particular function in the function chan_close_cb.
Signed-off-by: Nicholas Krause <[email protected]>
---
net/bluetooth/6lowpan.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c
index 2fb7b30..7fc20cb 100644
--- a/net/bluetooth/6lowpan.c
+++ b/net/bluetooth/6lowpan.c
@@ -955,7 +955,9 @@ static void chan_close_cb(struct l2cap_chan *chan)
list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) {
dev = lowpan_dev(entry->netdev);
+ rcu_read_lock();
peer = __peer_lookup_chan(dev, chan);
+ rcu_read_unlock();
if (peer) {
last = peer_del(dev, peer);
err = 0;
--
2.1.4