The hci_dev->dev device structure has an internal refcount. This
refcount is used to protect the whole hci_dev object. However, we
currently do not use it. Therefore, if someone calls hci_free_dev() we
currently immediately destroy the hci_dev object because we never took
the device refcount.
This even happens if the hci_dev->refcnt is not 0. In fact, the
hci_dev->refcnt is totally useless in its current state. Therefore, we
simply remove hci_dev->refcnt and instead use hci_dev->dev refcnt.
This fixes all the symptoms and also correctly integrates the device
structure into our bluetooth bus system.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
struct hci_dev {
struct list_head list;
struct mutex lock;
- atomic_t refcnt;
char name[8];
unsigned long flags;
/* ----- HCI Devices ----- */
static inline void __hci_dev_put(struct hci_dev *d)
{
- atomic_dec(&d->refcnt);
+ put_device(&d->dev);
}
/*
static inline struct hci_dev *__hci_dev_hold(struct hci_dev *d)
{
- atomic_inc(&d->refcnt);
+ get_device(&d->dev);
return d;
}
hdev->id = id;
list_add_tail(&hdev->list, head);
- atomic_set(&hdev->refcnt, 1);
mutex_init(&hdev->lock);
hdev->flags = 0;
schedule_work(&hdev->power_on);
hci_notify(hdev, HCI_DEV_REG);
+ __hci_dev_hold(hdev);
return id;
projects / GitHub / LineageOS / G12 / android_kernel_amlogic_linux-4.9.git / commitdiff