Return-Path: Date: Mon, 21 May 2012 13:21:37 -0300 From: Gustavo Padovan To: Minho Ban Cc: Marcel Holtmann , Johan Hedberg , "David S. Miller" , linux-bluetooth@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [RFC/PATCH] Bluetooth: prevent double l2cap_chan_destroy Message-ID: <20120521162137.GE16942@joana> References: <4FB992C8.8090105@samsung.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: <4FB992C8.8090105@samsung.com> List-ID: Hi Minho, * Minho Ban [2012-05-21 09:56:40 +0900]: > l2cap_sock_kill can be called in l2cap_sock_release and l2cap_sock_close_cb > either. This lead l2cap_chan_destroy to be called twice for same channel. > To prevent double list_del and double chan_put, chan_destroy should be protected > with chan->refcnt and chan_list_lock so that reentrance could be forbidden. Even if l2cap_sock_kill() is called twice it will call l2cap_chan_destroy() only once. If this is not happening we just have a broken piece of code somewhere else and not here. Gustavo