Bluetooth: Fix hci_conn reference counting for auto-connections
authorJohan Hedberg <johan.hedberg@intel.com>
Fri, 15 Aug 2014 18:06:54 +0000 (21:06 +0300)
committerJohan Hedberg <johan.hedberg@intel.com>
Wed, 20 Aug 2014 18:57:39 +0000 (21:57 +0300)
commitf161dd4122ffa73e4e12000309dca65bec80d416
tree333834ba4d1f8194c8b72b042f27c58bddd738e5
parent6697dabe27e03302ddfddc975275e6401defe2dd
Bluetooth: Fix hci_conn reference counting for auto-connections

Recently the LE passive scanning and auto-connections feature was
introduced. It uses the hci_connect_le() API which returns a hci_conn
along with a reference count to that object. All previous users would
tie this returned reference to some existing object, such as an L2CAP
channel, and there'd be no leaked references this way. For
auto-connections however the reference was returned but not stored
anywhere, leaving established connections with one higher reference
count than they should have.

Instead of playing special tricks with hci_conn_hold/drop this patch
associates the returned reference from hci_connect_le() with the object
that in practice does own this reference, i.e. the hci_conn_params
struct that caused us to initiate a connection in the first place. Once
the connection is established or fails to establish this reference is
removed appropriately.

One extra thing needed is to call hci_pend_le_actions_clear() before
calling hci_conn_hash_flush() so that the reference is cleared before
the hci_conn objects are fully removed.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
include/net/bluetooth/hci_core.h
net/bluetooth/hci_conn.c
net/bluetooth/hci_core.c
net/bluetooth/hci_event.c