Re: [RESEND PATCH] Bluetooth: Only mark socket zapped after unlocking

Hi Abhishek, > Since l2cap_sock_teardown_cb doesn't acquire the channel lock before > setting the socket as zapped, it could potentially race with > l2cap_sock_release which frees the socket. Thus, wait until the cleanup > is complete before marking the socket as zapped. > > This race was

[RESEND PATCH] Bluetooth: Only mark socket zapped after unlocking

Since l2cap_sock_teardown_cb doesn't acquire the channel lock before setting the socket as zapped, it could potentially race with l2cap_sock_release which frees the socket. Thus, wait until the cleanup is complete before marking the socket as zapped. This race was reproduced on a JBL GO speaker

[PATCH] Bluetooth: Only mark socket zapped after unlocking

Since l2cap_sock_teardown_cb doesn't acquire the channel lock before setting the socket as zapped, it could potentially race with l2cap_sock_release which frees the socket. Thus, wait until the cleanup is complete before marking the socket as zapped. This race was reproduced on a JBL GO speaker