From 4c724c7135ca2b407bd318b4267456a7b5723825 Mon Sep 17 00:00:00 2001 From: David Herrmann Date: Sat, 7 Jan 2012 15:47:23 +0100 Subject: [PATCH] Bluetooth: Correctly take hci_dev->dev refcount The hci_dev->dev device structure has an internal refcount. This refcount is used to protect the whole hci_dev object. However, we currently do not use it. Therefore, if someone calls hci_free_dev() we currently immediately destroy the hci_dev object because we never took the device refcount. This even happens if the hci_dev->refcnt is not 0. In fact, the hci_dev->refcnt is totally useless in its current state. Therefore, we simply remove hci_dev->refcnt and instead use hci_dev->dev refcnt. This fixes all the symptoms and also correctly integrates the device structure into our bluetooth bus system. Signed-off-by: David Herrmann Acked-by: Marcel Holtmann Signed-off-by: Johan Hedberg --- include/net/bluetooth/hci_core.h | 5 ++--- net/bluetooth/hci_core.c | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h index 99984688ccdd..4ccf3749a9a7 100644 --- a/include/net/bluetooth/hci_core.h +++ b/include/net/bluetooth/hci_core.h @@ -129,7 +129,6 @@ struct adv_entry { struct hci_dev { struct list_head list; struct mutex lock; - atomic_t refcnt; char name[8]; unsigned long flags; @@ -592,7 +591,7 @@ static inline void hci_conn_put(struct hci_conn *conn) /* ----- HCI Devices ----- */ static inline void __hci_dev_put(struct hci_dev *d) { - atomic_dec(&d->refcnt); + put_device(&d->dev); } /* @@ -603,7 +602,7 @@ static inline void __hci_dev_put(struct hci_dev *d) static inline struct hci_dev *__hci_dev_hold(struct hci_dev *d) { - atomic_inc(&d->refcnt); + get_device(&d->dev); return d; } diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index 58392a6b48b5..f5fba65a9e59 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c @@ -1571,7 +1571,6 @@ int hci_register_dev(struct hci_dev *hdev) hdev->id = id; list_add_tail(&hdev->list, head); - atomic_set(&hdev->refcnt, 1); mutex_init(&hdev->lock); hdev->flags = 0; @@ -1655,6 +1654,7 @@ int hci_register_dev(struct hci_dev *hdev) schedule_work(&hdev->power_on); hci_notify(hdev, HCI_DEV_REG); + __hci_dev_hold(hdev); return id; -- 2.20.1