Bluetooth: Reinitialize the list after deletion for session user list

If the user->list is deleted with list_del(), it doesn't initialize the
entry which can cause the issue with list_empty(). According to the
comment from the list.h, list_empty() returns false even if the list is
empty and put the entry in an undefined state.

/**
 * list_del - deletes entry from list.
 * @entry: the element to delete from the list.
 * Note: list_empty() on entry does not return true after this, the entry is
 * in an undefined state.
 */

Because of this behavior, list_empty() returns false even if list is empty
when the device is reconnected.

So, user->list needs to be re-initialized after list_del(). list.h already
have a macro list_del_init() which deletes the entry and initailze it again.

Signed-off-by: Tedd Ho-Jeong An <tedd.an@intel.com>
Tested-by: Jörg Otte <jrg.otte@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 51594fb7b9e72f80c06af1f04e9fd89b01aba9ba..45fffa4136421b8dd5ab301cf0a4ec529b36ff8e 100644 (file)
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -1634,7 +1634,7 @@ void l2cap_unregister_user(struct l2cap_conn *conn, struct l2cap_user *user)
        if (list_empty(&user->list))
                goto out_unlock;
 
-       list_del(&user->list);
+       list_del_init(&user->list);
        user->remove(conn, user);
 
 out_unlock:
@@ -1648,7 +1648,7 @@ static void l2cap_unregister_all_users(struct l2cap_conn *conn)
 
        while (!list_empty(&conn->users)) {
                user = list_first_entry(&conn->users, struct l2cap_user, list);
-               list_del(&user->list);
+               list_del_init(&user->list);
                user->remove(conn, user);
        }
 }