• Johan Hedberg's avatar
    Bluetooth: Fix hci_conn reference counting for auto-connections · f161dd41
    Johan Hedberg authored
    Recently the LE passive scanning and auto-connections feature was
    introduced. It uses the hci_connect_le() API which returns a hci_conn
    along with a reference count to that object. All previous users would
    tie this returned reference to some existing object, such as an L2CAP
    channel, and there'd be no leaked references this way. For
    auto-connections however the reference was returned but not stored
    anywhere, leaving established connections with one higher reference
    count than they should have.
    
    Instead of playing special tricks with hci_conn_hold/drop this patch
    associates the returned reference from hci_connect_le() with the object
    that in practice does own this reference, i.e. the hci_conn_params
    struct that caused us to initiate a connection in the first place. Once
    the connection is established or fails to establish this reference is
    removed appropriately.
    
    One extra thing needed is to call hci_pend_le_actions_clear() before
    calling hci_conn_hash_flush() so that the reference is cleared before
    the hci_conn objects are fully removed.
    Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
    Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
    f161dd41
hci_core.c 132 KB