From: Johan Hedberg <johan.hedberg@intel.com>
Date: Wed, 6 Jun 2012 10:44:11 +0000 (+0800)
Subject: Bluetooth: Fix deadlock and crash when SMP pairing times out
X-Git-Tag: v3.5-rc5~17^2~34^2~3^2~2
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d06cc416f517a25713dedd9e2a9ccf4f3086c09a;p=pandora-kernel.git

Bluetooth: Fix deadlock and crash when SMP pairing times out

The l2cap_conn_del function tries to cancel_sync the security timer, but
when it's called from the timeout function itself a deadlock occurs.
Subsequently the "hcon->l2cap_data = NULL" that's supposed to protect
multiple calls to l2cap_conn_del never gets cleared and when the
connection finally drops we double free's etc which will crash the
kernel.

This patch fixes the issue by using the HCI_CONN_LE_SMP_PEND for
protecting against this. The same flag is also used for the same purpose
in other places in the SMP code.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
---

Reading git-diff-tree failed