[BLUETOOTH]: l2cap info_timer delete fix in hci_conn_del
authorDave Young <hidave.darkstar@gmail.com>
Mon, 3 Mar 2008 20:18:55 +0000 (12:18 -0800)
committerDavid S. Miller <davem@davemloft.net>
Mon, 3 Mar 2008 20:18:55 +0000 (12:18 -0800)
When the l2cap info_timer is active the info_state will be set to
L2CAP_INFO_FEAT_MASK_REQ_SENT, and it will be unset after the timer is
deleted or timeout triggered.

Here in l2cap_conn_del only call del_timer_sync when the info_state is
set to L2CAP_INFO_FEAT_MASK_REQ_SENT.

Signed-off-by: Dave Young <hidave.darkstar@gmail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/bluetooth/l2cap.c

index 7c5459c8e8efdf9e7e9e51d485c9f9ff99eb20f9..34f8bf98bc0529b4d69f7c60ff6f739ed63077a3 100644 (file)
@@ -417,7 +417,8 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
                l2cap_sock_kill(sk);
        }
 
-       del_timer_sync(&conn->info_timer);
+       if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
+               del_timer_sync(&conn->info_timer);
 
        hcon->l2cap_data = NULL;
        kfree(conn);