Re: [PATCH v1 1/2] Bluetooth: btnxpuart: Fix btnxpuart_close

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Neeraj

On Wed, 2023-10-18 at 15:36 +0000, Neeraj sanjay kale wrote:
> Hi Marcel,
> 
> Thank you for your patch.
> 
> > From: Marcel Ziswiler <marcel@xxxxxxxxxxxx>
> > Sent: Wednesday, October 18, 2023 8:26 PM
> > To: linux-bluetooth@xxxxxxxxxxxxxxx
> > Cc: Sherry Sun <sherry.sun@xxxxxxx>; Johan Hedberg
> > <johan.hedberg@xxxxxxxxx>; Luiz Augusto von Dentz
> > <luiz.dentz@xxxxxxxxx>; Neeraj sanjay kale <neeraj.sanjaykale@xxxxxxx>;
> > linux-kernel@xxxxxxxxxxxxxxx; Marcel Holtmann <marcel@xxxxxxxxxxxx>;
> > Marcel Ziswiler <marcel.ziswiler@xxxxxxxxxxx>; Amitkumar Karwar
> > <amitkumar.karwar@xxxxxxx>; Ilpo Järvinen <ilpo.jarvinen@xxxxxxxxxxxxxxx>
> > Subject: [PATCH v1 1/2] Bluetooth: btnxpuart: Fix btnxpuart_close
> > 
> > From: Marcel Ziswiler <marcel.ziswiler@xxxxxxxxxxx>
> > 
> > Unfortunately, btnxpuart_close() may trigger a BUG: scheduling while atomic.
> > Fix this by properly purging the transmit queue and freeing the receive skb.
> > 
> > Fixes: 689ca16e5232 ("Bluetooth: NXP: Add protocol support for NXP
> > Bluetooth chipsets")
> > 
> > Signed-off-by: Marcel Ziswiler <marcel.ziswiler@xxxxxxxxxxx>
> > ---
> > 
> >  drivers/bluetooth/btnxpuart.c | 3 +++
> >  1 file changed, 3 insertions(+)
> > 
> > diff --git a/drivers/bluetooth/btnxpuart.c b/drivers/bluetooth/btnxpuart.c
> > index b7e66b7ac570..9cb7529eef09 100644
> > --- a/drivers/bluetooth/btnxpuart.c
> > +++ b/drivers/bluetooth/btnxpuart.c
> > @@ -1234,6 +1234,9 @@ static int btnxpuart_close(struct hci_dev *hdev)
> > 
> >         ps_wakeup(nxpdev);
> >         serdev_device_close(nxpdev->serdev);
> > +       skb_queue_purge(&nxpdev->txq);
> > +       kfree_skb(nxpdev->rx_skb);
> > +       nxpdev->rx_skb = NULL;
> >         clear_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
> >         return 0;
> >  }
> This is already done in btnxpuart_flush(), which is called by hci_dev_close_sync(), before it calls
> btnxpuart_close().

Yes, I was also wondering about that.

> Is btnxpuart_flush() not called during your testing?

Yes, I even added some more tracing to confirm this. However, without my fix (which BTW was inspired by looking
at the former hci_mrvl.c driver) this bug is really occuring. Just keep loading/un-loading the kernel module a
few times any you may hit it.

> Thanks,
> Neeraj

Cheers

Marcel
[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux