From: Andrei Emeltchenko Date: Mon, 15 Oct 2012 08:58:44 +0000 (+0300) Subject: Bluetooth: Zero bredr pointer when chan is deleted X-Git-Tag: firefly_0821_release~3680^2~1480^2~17^2~353^2~1 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=56f6098441adb9487f6e0439429fc536afcf9e71;p=firefly-linux-kernel-4.4.55.git Bluetooth: Zero bredr pointer when chan is deleted If BREDR L2CAP chan is deleted and this chan is the channel through which High Speed traffic is routed to AMP then zero pointer to the chan in amp_mgr to prevent accessing it. Signed-off-by: Andrei Emeltchenko Signed-off-by: Gustavo Padovan --- diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 603742fc17a7..f873619fdcfd 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -531,6 +531,7 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err) BT_DBG("chan %p, conn %p, err %d", chan, conn, err); if (conn) { + struct amp_mgr *mgr = conn->hcon->amp_mgr; /* Delete from channel list */ list_del(&chan->list); @@ -540,6 +541,9 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err) if (chan->chan_type != L2CAP_CHAN_CONN_FIX_A2MP) hci_conn_put(conn->hcon); + + if (mgr && mgr->bredr_chan == chan) + mgr->bredr_chan = NULL; } chan->ops->teardown(chan, err);