From: Mat Martineau Date: Wed, 7 Dec 2011 00:23:26 +0000 (-0800) Subject: Bluetooth: Clear RFCOMM session timer when disconnecting last channel X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=79e654787c67f6b05f73366ff8ccac72ba7249e6;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git Bluetooth: Clear RFCOMM session timer when disconnecting last channel When the last RFCOMM data channel is closed, a timer is normally set up to disconnect the control channel at a later time. If the control channel disconnect command is sent with the timer pending, the timer needs to be cancelled. If the timer is not cancelled in this situation, the reference counting logic for the RFCOMM session does not work correctly when the remote device closes the L2CAP connection. The session is freed at the wrong time, leading to a kernel panic. Signed-off-by: Mat Martineau Acked-by: Marcel Holtmann Signed-off-by: Gustavo F. Padovan --- diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c index 4e32e18211f9..2d28dfe98389 100644 --- a/net/bluetooth/rfcomm/core.c +++ b/net/bluetooth/rfcomm/core.c @@ -1146,6 +1146,7 @@ static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) if (list_empty(&s->dlcs)) { s->state = BT_DISCONN; rfcomm_send_disc(s, 0); + rfcomm_session_clear_timer(s); } break;