Fix double mutex unlock and if() condition

Commit "L2CAP and SDP Search API for BT profiles (2/2)" introduced two
separate issues in btsock_rfc_signaled():

1. The "slot_lock" potentially gets unlocked twice, causing
   undefined behaviour.

2. The call to BTA_JvRfcommWrite() was incorrectly taken outside
   of the conditional if() block that only executes the code if
   data is available.

This patch reverts the relevant locking change and fixes the if()
condition.

Bug: 27204458
Change-Id: I63b1257d21ca7bdd248858ec67e28f64e37a7895

diff --git a/btif/src/btif_sock_rfc.cc b/btif/src/btif_sock_rfc.cc
index 89a1f19..cf40af3 100644 (file)
--- a/btif/src/btif_sock_rfc.cc
+++ b/btif/src/btif_sock_rfc.cc
@@ -809,11 +809,9 @@ void btsock_rfc_signaled(UNUSED_ATTR int fd, int flags, uint32_t user_id) {
     if (slot->f.connected) {
       // Make sure there's data pending in case the peer closed the socket.
       int size = 0;
-      if (!(flags & SOCK_THREAD_FD_EXCEPTION) || (ioctl(slot->fd, FIONREAD, &size) == 0 && size))
-        //unlock before BTA_JvRfcommWrite to avoid deadlock on concurrnet multi rfcomm connectoins
-        //concurrnet multi rfcomm connectoins
-        pthread_mutex_unlock(&slot_lock);
+      if (!(flags & SOCK_THREAD_FD_EXCEPTION) || (ioctl(slot->fd, FIONREAD, &size) == 0 && size)) {
         BTA_JvRfcommWrite(slot->rfc_handle, slot->id);
+      }
     } else {
       LOG_ERROR(LOG_TAG, "%s socket signaled for read while disconnected, slot: %d, channel: %d", __func__, slot->id, slot->scn);
       need_close = true;