Bluetooth: Free up l2cap_chan->sport when initiating a connection
authorJohan Hedberg <johan.hedberg@intel.com>
Tue, 28 Jan 2014 23:16:48 +0000 (15:16 -0800)
committerJohan Hedberg <johan.hedberg@intel.com>
Thu, 13 Feb 2014 07:51:38 +0000 (09:51 +0200)
The sport variable is used to track the allocation of the local PSM
database to ensure no two sockets take the same local PSM. It is
acquired upon bind() but needs to be freed up if the socket ends up
becoming a client one. This patch adds the clearing of the value when
l2cap_chan_connect is called.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
net/bluetooth/l2cap_core.c

index d2ef49b54aa212736e0fff65c9baf2f8797329d6..f583988a4653abd2c53e5d6da78d00f281f044b9 100644 (file)
@@ -7126,6 +7126,13 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
        l2cap_state_change(chan, BT_CONNECT);
        __set_chan_timer(chan, chan->ops->get_sndtimeo(chan));
 
+       /* Release chan->sport so that it can be reused by other
+        * sockets (as it's only used for listening sockets).
+        */
+       write_lock(&chan_list_lock);
+       chan->sport = 0;
+       write_unlock(&chan_list_lock);
+
        if (hcon->state == BT_CONNECTED) {
                if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
                        __clear_chan_timer(chan);