From: Johan Hedberg <johan.hedberg@intel.com>
Date: Tue, 28 Jan 2014 23:16:48 +0000 (-0800)
Subject: Bluetooth: Free up l2cap_chan->sport when initiating a connection
X-Git-Url: http://drtracing.org/?a=commitdiff_plain;h=61202e4de92d9bf7169dd5f2ef2d6c6e5683ec53;p=deliverable%2Flinux.git

Bluetooth: Free up l2cap_chan->sport when initiating a connection

The sport variable is used to track the allocation of the local PSM
database to ensure no two sockets take the same local PSM. It is
acquired upon bind() but needs to be freed up if the socket ends up
becoming a client one. This patch adds the clearing of the value when
l2cap_chan_connect is called.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
---

diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index d2ef49b54aa2..f583988a4653 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -7126,6 +7126,13 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
 	l2cap_state_change(chan, BT_CONNECT);
 	__set_chan_timer(chan, chan->ops->get_sndtimeo(chan));
 
+	/* Release chan->sport so that it can be reused by other
+	 * sockets (as it's only used for listening sockets).
+	 */
+	write_lock(&chan_list_lock);
+	chan->sport = 0;
+	write_unlock(&chan_list_lock);
+
 	if (hcon->state == BT_CONNECTED) {
 		if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
 			__clear_chan_timer(chan);