Return-Path: Subject: Re: [Bluez-devel] Rfcomm Use Count From: Marcel Holtmann To: Daryl Van Vorst Cc: "'BlueZ Mailing List'" In-Reply-To: <000c01c49c4a$ca42b9a0$1a01010a@baked> References: <000c01c49c4a$ca42b9a0$1a01010a@baked> Content-Type: text/plain Message-Id: <1095411534.3280.17.camel@pegasus> Mime-Version: 1.0 Sender: bluez-devel-admin@lists.sourceforge.net Errors-To: bluez-devel-admin@lists.sourceforge.net List-Unsubscribe: , List-Id: List-Post: List-Help: List-Subscribe: , List-Archive: Date: Fri, 17 Sep 2004 10:58:54 +0200 Hi Daryl, > I have a simple way to reproduce at least part of this bug. I don't have an > up-to-date x86 machine to try this on, but I suspect you'll see the same > behaviour: > > 1. Compile and run the attached code on one machine > 2. Connect to it from another machine using: rctest -n -P1 > 3. Hit ctrl-c on rctest > 4. Hit ctrl-c on bzt (or whatever you called the compiled code) > 5. lsmod and look at the rfcomm use count. > > I think the problem stems from rfcomm_cleanup_listen() and > bluez_accept_dequeue(). Bluez_accept_dequeue() won't return the socket if it > is in the closed state, and so rfcomm_cleanup_listen() can't fully cleanup. > > And if accept is called before rfcomm_cleanup_listen(), then (I think) the > socket will be unlinked from the accept queue (by accept) but not killed, > and so also will not get cleaned up. > > Things appear to work if you reverse the order of steps 3 and 4. I can verify that this bug exists even in a 2.6 kernel. There is no need to execute step 4, because the missing decrementing of the use count is already there after step 3. And I think the same problem will exists for the L2CAP module. Please verify this for me. > I'd send you a patch if I had a simple one, but I don't know what the best > approach is. On solution may be to make bluez_accept_dequeue() always return > the socket regardless of state and then fix anything that calls > bluez_accept_dequeue() to handle the possibility of a closed socket being > returned. At the moment I must admit that I have no idea how to fix this in a sane way. It seems that this bug is in there from the beginning and a wrong fix can cause unexpected side effects. I don't think that the problem is in rfcomm_sock_cleanup_listen(), because the wrong use count is already present after step 3. So when we close a connected DLC that is not accepted yet, we still have it on the accept queue then we have a problem. Maybe there is a bug in our state machine and this is not socket related. Regards Marcel ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ Bluez-devel mailing list Bluez-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bluez-devel