Bluetooth: Fix kernel panic while disconnecting RFCOMM

author Lan Zhu <zhu.lan.cn@gmail.com>

Thu, 17 Sep 2009 01:07:25 +0000 (18:07 -0700)

committer Nick Pelly <npelly@google.com>

Thu, 17 Sep 2009 01:12:11 +0000 (18:12 -0700)
author Lan Zhu <zhu.lan.cn@gmail.com>
Thu, 17 Sep 2009 01:07:25 +0000 (18:07 -0700)
committer Nick Pelly <npelly@google.com>
Thu, 17 Sep 2009 01:12:11 +0000 (18:12 -0700)
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c

index c109a3a..5d66c1f 100644 (file)
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -1795,6 +1795,8 @@ static inline void rfcomm_process_rx(struct rfcomm_session *s)
  
         BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
  
+       rfcomm_session_hold(s);
+
         /* Get data directly from socket receive queue without copying it. */
         while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
                 skb_orphan(skb);
@@ -1807,6 +1809,8 @@ static inline void rfcomm_process_rx(struct rfcomm_session *s)
  
                 rfcomm_session_close(s, sk->sk_err);
         }
+
+       rfcomm_session_put(s);
  }
  
  static inline void rfcomm_accept_connection(struct rfcomm_session *s)
author	Lan Zhu <zhu.lan.cn@gmail.com>
	Thu, 17 Sep 2009 01:07:25 +0000 (18:07 -0700)
committer	Nick Pelly <npelly@google.com>
	Thu, 17 Sep 2009 01:12:11 +0000 (18:12 -0700)