[BLUETOOTH]: rfcomm tty BUG_ON() code fix (f951375d) · Commits · e / devices / android_kernel_oneplus_sm7250

net/bluetooth/rfcomm/tty.c

+13 −9

Original line number	Original line	Diff line number	Diff line
	@@ -95,9 +95,10 @@ static void rfcomm_dev_destruct(struct rfcomm_dev *dev)

	BT_DBG("dev %p dlc %p", dev, dlc);		BT_DBG("dev %p dlc %p", dev, dlc);

	write_lock_bh(&rfcomm_dev_lock);		/* Refcount should only hit zero when called from rfcomm_dev_del()
	list_del_init(&dev->list);		which will have taken us off the list. Everything else are
	write_unlock_bh(&rfcomm_dev_lock);		refcounting bugs. */
			BUG_ON(!list_empty(&dev->list));

	rfcomm_dlc_lock(dlc);		rfcomm_dlc_lock(dlc);
	/* Detach DLC if it's owned by this dev */		/* Detach DLC if it's owned by this dev */
	@@ -109,11 +110,6 @@ static void rfcomm_dev_destruct(struct rfcomm_dev *dev)

	tty_unregister_device(rfcomm_tty_driver, dev->id);		tty_unregister_device(rfcomm_tty_driver, dev->id);

	/* Refcount should only hit zero when called from rfcomm_dev_del()
	which will have taken us off the list. Everything else are
	refcounting bugs. */
	BUG_ON(!list_empty(&dev->list));

	kfree(dev);		kfree(dev);

	/* It's safe to call module_put() here because socket still		/* It's safe to call module_put() here because socket still
	@@ -313,7 +309,15 @@ static void rfcomm_dev_del(struct rfcomm_dev *dev)
	{		{
	BT_DBG("dev %p", dev);		BT_DBG("dev %p", dev);

			if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
			BUG_ON(1);
			else
	set_bit(RFCOMM_TTY_RELEASED, &dev->flags);		set_bit(RFCOMM_TTY_RELEASED, &dev->flags);

			write_lock_bh(&rfcomm_dev_lock);
			list_del_init(&dev->list);
			write_unlock_bh(&rfcomm_dev_lock);

	rfcomm_dev_put(dev);		rfcomm_dev_put(dev);
	}		}