From 48314e4904ddb927c32eb88a2c89a200cf610de2 Mon Sep 17 00:00:00 2001
From: Nagarjuna Kristam <nkristam@nvidia.com>
Date: Wed, 25 Jul 2012 17:42:19 +0530
Subject: Bluetooth: prevent multiple l2cap_sock_kill function calls

Remove SOCK_DEAD check inside l2cap_sock_kill, as this prevents cleanup of
l2cap sockets when bluetooth is turned off from UI
Instead of SOCK_DEAD check inside l2cap_sock_kill, add SOCK_DEAD check
inside l2cap_sock_close_cb to prevent multiple l2cap_sock_kill function calls.
This check avoids kernel panic, when l2cap_sock_close_cb function is called with
same socket multiple times.

Bug 1018499

Change-Id: I77388ffb1407138646feb9fbea467ca12e4a0855
Signed-off-by: Nagarjuna Kristam <nkristam@nvidia.com>
Reviewed-on: http://git-master/r/118321
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Rakesh Kumar <krakesh@nvidia.com>
Reviewed-by: Sachin Nikam <snikam@nvidia.com>
Reviewed-by: Varun Wadekar <vwadekar@nvidia.com>
---
 net/bluetooth/l2cap_sock.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index eaee69dabe64..7ce5ab54ba5b 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -787,8 +787,7 @@ done:
  */
 static void l2cap_sock_kill(struct sock *sk)
 {
-	if (!sock_flag(sk, SOCK_ZAPPED) || sock_flag(sk, SOCK_DEAD) ||
-				sk->sk_socket)
+	if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
 		return;
 
 	BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
@@ -921,7 +920,8 @@ static void l2cap_sock_close_cb(void *data)
 {
 	struct sock *sk = data;
 
-	l2cap_sock_kill(sk);
+	if (!sock_flag(sk, SOCK_DEAD))
+		l2cap_sock_kill(sk);
 }
 
 static void l2cap_sock_state_change_cb(void *data, int state)
-- 
cgit v1.2.3