From: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx> hci_cmd_sync_queue can be called multiple times, each adding a hci_cmd_sync_work_entry, before hci_cmd_sync_work is run so this makes sure they are all dequeued properly otherwise it creates a backlog of entries that are never run. Link: https://lore.kernel.org/all/CAJCQCtSeUtHCgsHXLGrSTWKmyjaQDbDNpP4rb0i+RE+L2FTXSA@xxxxxxxxxxxxxx/T/ Fixes: 6a98e3836fa20 ("Bluetooth: Add helper for serialized HCI command execution") Tested-by: Chris Clayton <chris2553@xxxxxxxxxxxxxx> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx> --- net/bluetooth/hci_sync.c | 39 +++++++++++++++++++++------------------ 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c index d146d4efae43..06c6e954dcbd 100644 --- a/net/bluetooth/hci_sync.c +++ b/net/bluetooth/hci_sync.c @@ -283,33 +283,36 @@ static void hci_cmd_sync_work(struct work_struct *work) bt_dev_dbg(hdev, ""); - mutex_lock(&hdev->cmd_sync_work_lock); - entry = list_first_entry(&hdev->cmd_sync_work_list, - struct hci_cmd_sync_work_entry, list); - if (entry) { - list_del(&entry->list); + /* Dequeue all entries and run them */ + while (1) { + mutex_lock(&hdev->cmd_sync_work_lock); + entry = list_first_entry_or_null(&hdev->cmd_sync_work_list, + struct hci_cmd_sync_work_entry, + list); + if (entry) + list_del(&entry->list); + mutex_unlock(&hdev->cmd_sync_work_lock); + + if (!entry) + break; + func = entry->func; data = entry->data; destroy = entry->destroy; kfree(entry); - } else { - func = NULL; - data = NULL; - destroy = NULL; - } - mutex_unlock(&hdev->cmd_sync_work_lock); - if (func) { - int err; + if (func) { + int err; - hci_req_sync_lock(hdev); + hci_req_sync_lock(hdev); - err = func(hdev, data); + err = func(hdev, data); - if (destroy) - destroy(hdev, data, err); + if (destroy) + destroy(hdev, data, err); - hci_req_sync_unlock(hdev); + hci_req_sync_unlock(hdev); + } } } -- 2.35.1
