summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDean Jenkins <Dean_Jenkins@mentor.com>2015-10-14 12:18:47 +0200
committerMarcel Holtmann <marcel@holtmann.org>2015-10-21 00:49:26 +0200
commit9f7378a9d6ced1784e08d3e21a9ddb769523baf2 (patch)
tree500bf645b5dd1c47fc829697ec58a8e40f57a8c0
parentBluetooth: Reorganize mutex lock in l2cap_sock_shutdown() (diff)
downloadlinux-9f7378a9d6ced1784e08d3e21a9ddb769523baf2.tar.xz
linux-9f7378a9d6ced1784e08d3e21a9ddb769523baf2.zip
Bluetooth: l2cap_disconnection_req priority over shutdown
There is a L2CAP protocol race between the local peer and the remote peer demanding disconnection of the L2CAP link. When L2CAP ERTM is used, l2cap_sock_shutdown() can be called from userland to disconnect L2CAP. However, there can be a delay introduced by waiting for ACKs. During this waiting period, the remote peer may have sent a Disconnection Request. Therefore, recheck the shutdown status of the socket after waiting for ACKs because there is no need to do further processing if the connection has gone. Signed-off-by: Dean Jenkins <Dean_Jenkins@mentor.com> Signed-off-by: Harish Jenny K N <harish_kandiga@mentor.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-rw-r--r--net/bluetooth/l2cap_sock.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index d06fb54082aa..1bb551527044 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -1129,9 +1129,17 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
if (chan->mode == L2CAP_MODE_ERTM &&
chan->unacked_frames > 0 &&
- chan->state == BT_CONNECTED)
+ chan->state == BT_CONNECTED) {
err = __l2cap_wait_ack(sk, chan);
+ /* After waiting for ACKs, check whether shutdown
+ * has already been actioned to close the L2CAP
+ * link such as by l2cap_disconnection_req().
+ */
+ if (sk->sk_shutdown)
+ goto has_shutdown;
+ }
+
sk->sk_shutdown = SHUTDOWN_MASK;
release_sock(sk);
@@ -1162,6 +1170,7 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
err = bt_sock_wait_state(sk, BT_CLOSED,
sk->sk_lingertime);
+has_shutdown:
l2cap_chan_put(chan);
sock_put(sk);