From ff1053914690d4645b2e71fd981e8b8759ca54ff Mon Sep 17 00:00:00 2001 From: Mat Martineau Date: Thu, 22 Dec 2011 12:02:13 -0800 Subject: [PATCH] Bluetooth: Update ERTM state before sending packets Since l2cap_ertm_send() runs in process context, it may be preempted by incoming data being processed in tasklet context. In order to avoid race conditions where a packet is acknowledged before the transmit queue is properly updated, ERTM state should be set up for the next transmit before the packet is actually sent. CRs-fixed: 326238 Change-Id: I3df0e93118a357dbd34ff26ad74d7c0c38bf5121 Signed-off-by: Mat Martineau --- net/bluetooth/l2cap_core.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 31a726aea92..7e17a283820 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -1454,10 +1454,6 @@ int l2cap_ertm_send(struct sock *sk) tx_skb->destructor = l2cap_skb_destructor; atomic_inc(&pi->ertm_queued); - l2cap_do_send(sk, tx_skb); - - BT_DBG("Sent txseq %d", (int)control->txseq); - l2cap_ertm_start_retrans_timer(pi); pi->next_tx_seq = __next_seq(pi->next_tx_seq, pi); @@ -1469,6 +1465,9 @@ int l2cap_ertm_send(struct sock *sk) sk->sk_send_head = NULL; else sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb); + + l2cap_do_send(sk, tx_skb); + BT_DBG("Sent txseq %d", (int)control->txseq); } BT_DBG("Sent %d, %d unacked, %d in ERTM queue, %d in HCI queue", sent,