Hi Ronald, > The following race condition still existed: > > P1 P2 > cancel_work_sync() > hci_uart_tx_wakeup() > hci_uart_write_work() > hci_uart_dequeue() > clear_bit(HCI_UART_PROTO_READY) > hci_unregister_dev(hdev) > hci_free_dev(hdev) > hu->proto->close(hu) > kfree(hu) > access to hdev and hu > > Cancelling the work after clearing the HCI_UART_PROTO_READY bit avoids > this as any hci_uart_tx_wakeup() issued after the flag is cleared will > detect that and not schedule further work. > > Signed-off-by: Ronald Tschalär <[email protected]> > Cc: Dean Jenkins <[email protected]> > Cc: Lukas Wunner <[email protected]> > Cc: Marcel Holtmann <[email protected]> > Cc: Gustavo Padovan <[email protected]> > Cc: Johan Hedberg <[email protected]> > --- > drivers/bluetooth/hci_ldisc.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-)
patch has been applied to bluetooth-next tree. Regards Marcel
