tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Bluetooth: l2cap: introduce l2cap_conn ref-counting

If we want to use l2cap_conn outside of l2cap_core.c, we need refcounting
for these objects. Otherwise, we cannot synchronize l2cap locks with
outside locks and end up with deadlocks.

Hence, introduce ref-counting for l2cap_conn objects. This doesn't affect
l2cap internals at all, as they use a direct synchronization.
We also keep a reference to the parent hci_conn for locking purposes as
l2cap_conn depends on this. This doesn't affect the connection itself but
only the lifetime of the (dead) object.

Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>

authored by

David Herrmann and committed by
Gustavo Padovan 9c903e37 3764eaa9

+28 -1
+4
include/net/bluetooth/l2cap.h
··· 583 583 584 584 struct list_head chan_l; 585 585 struct mutex chan_lock; 586 + struct kref ref; 586 587 }; 587 588 588 589 #define L2CAP_INFO_CL_MTU_REQ_SENT 0x01 ··· 813 812 void l2cap_logical_cfm(struct l2cap_chan *chan, struct hci_chan *hchan, 814 813 u8 status); 815 814 void __l2cap_physical_cfm(struct l2cap_chan *chan, int result); 815 + 816 + void l2cap_conn_get(struct l2cap_conn *conn); 817 + void l2cap_conn_put(struct l2cap_conn *conn); 816 818 817 819 #endif /* __L2CAP_H */
+24 -1
net/bluetooth/l2cap_core.c
··· 1486 1486 } 1487 1487 1488 1488 hcon->l2cap_data = NULL; 1489 - kfree(conn); 1489 + conn->hchan = NULL; 1490 + l2cap_conn_put(conn); 1490 1491 } 1491 1492 1492 1493 static void security_timeout(struct work_struct *work) ··· 1521 1520 return NULL; 1522 1521 } 1523 1522 1523 + kref_init(&conn->ref); 1524 1524 hcon->l2cap_data = conn; 1525 1525 conn->hcon = hcon; 1526 + hci_conn_get(conn->hcon); 1526 1527 conn->hchan = hchan; 1527 1528 1528 1529 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan); ··· 1560 1557 1561 1558 return conn; 1562 1559 } 1560 + 1561 + static void l2cap_conn_free(struct kref *ref) 1562 + { 1563 + struct l2cap_conn *conn = container_of(ref, struct l2cap_conn, ref); 1564 + 1565 + hci_conn_put(conn->hcon); 1566 + kfree(conn); 1567 + } 1568 + 1569 + void l2cap_conn_get(struct l2cap_conn *conn) 1570 + { 1571 + kref_get(&conn->ref); 1572 + } 1573 + EXPORT_SYMBOL(l2cap_conn_get); 1574 + 1575 + void l2cap_conn_put(struct l2cap_conn *conn) 1576 + { 1577 + kref_put(&conn->ref, l2cap_conn_free); 1578 + } 1579 + EXPORT_SYMBOL(l2cap_conn_put); 1563 1580 1564 1581 /* ---- Socket interface ---- */ 1565 1582