https://bugzilla.kernel.org/show_bug.cgi?id=153251 Bug ID: 153251 Summary: btwilink as second hci device leads to kernel oops. Product: Drivers Version: 2.5 Kernel Version: 4.1.2, seems to affect all versions with the driver Hardware: All OS: Linux Tree: Mainline Status: NEW Severity: low Priority: P1 Component: Bluetooth Assignee: linux-bluetooth@xxxxxxxxxxxxxxx Reporter: scott.burns@xxxxxxxxxxxxxxxxxxxx Regression: No Hi, I believe there is a minor bug in the btwilink driver bt_ti_probe(). I tried sending an email to the addresses listed at the top of the driver, but both addresses bounced back to me with an "Invalid recipient" message. The TI forum has pointed me to here. Given that this is a soldered down part, I am unable to test on a range of different systems. The sequence of calls is: drivers/base/dd.c:really_probe() drivers/base/platform.c:platform_drv_probe() drivers/bluetooth/btwilink.c:bt_ti_probe() The probe() functions are supposed to return 0 on success, and a negative value on failure. bt_ti_probe() actually returns the result of hci_register_dev(), which is the hci number. If the btwilink device is the first hci device, it works. In my case, plugging in a USB Bluetooth adapter moved the btwilink to hci1, and a return value of 1. This causes platform_drv_probe() to call dev_pm_domain_detach(), and causes really_probe() to deallocate many of the resources. The hci device itself is not removed. When the memory resources are later allocated to a different device, the btwilink device tries to dereference corrupted pointers, and the system BUG()s/Oopses/panics. In my case, it tended to be when ti_st_send_frame() calls ti_st_tx_complete(), but hdev->hst->hdev != hdev. Instead hdev->hst->hdev appears to be a function pointer in another module. This appears to affect both mainline kernel and TI's git://git.ti.com/wilink8-wlan/build-utilites.git The fix is trivial: diff --git a/drivers/bluetooth/btwilink.c b/drivers/bluetooth/btwilink.c index 55c135b..9c839d28 100644 --- a/drivers/bluetooth/btwilink.c +++ b/drivers/bluetooth/btwilink.c @@ -321,7 +321,7 @@ static int bt_ti_probe(struct platform_device *pdev) BT_DBG("HCI device registered (hdev %p)", hdev); dev_set_drvdata(&pdev->dev, hst); - return err; + return 0; } static int bt_ti_remove(struct platform_device *pdev) Scott Burns -- You are receiving this mail because: You are the assignee for the bug. -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
