From 2ae9a6be5f476f3512839a4d11a8f432bfd2914c Mon Sep 17 00:00:00 2001 From: Dave Young Date: Sat, 21 Feb 2009 16:13:34 +0800 Subject: [PATCH] Bluetooth: Move hci_conn_del_sysfs() back to avoid device destruct too early The following commit introduce a regression: commit 7d0db0a373195385a2e0b19d1f5e4b186fdcffac Author: Marcel Holtmann Date: Mon Jul 14 20:13:51 2008 +0200 [Bluetooth] Use a more unique bus name for connections I get panic as following (by netconsole): [ 2709.344034] usb 5-1: new full speed USB device using uhci_hcd and address 4 [ 2709.505776] usb 5-1: configuration #1 chosen from 1 choice [ 2709.569207] Bluetooth: Generic Bluetooth USB driver ver 0.4 [ 2709.570169] usbcore: registered new interface driver btusb [ 2845.742781] BUG: unable to handle kernel paging request at 6b6b6c2f [ 2845.742958] IP: [] __lock_acquire+0x6c/0xa80 [ 2845.743087] *pde = 00000000 [ 2845.743206] Oops: 0002 [#1] SMP [ 2845.743377] last sysfs file: /sys/class/bluetooth/hci0/hci0:6/type [ 2845.743742] Modules linked in: btusb netconsole snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss rfcomm l2cap bluetooth vfat fuse snd_hda_codec_idt snd_hda_intel snd_hda_codec snd_hwdep snd_pcm pl2303 snd_timer psmouse usbserial snd 3c59x e100 serio_raw soundcore i2c_i801 intel_agp mii agpgart snd_page_alloc rtc_cmos rtc_core thermal processor rtc_lib button thermal_sys sg evdev [ 2845.743742] [ 2845.743742] Pid: 0, comm: swapper Not tainted (2.6.29-rc5-smp #54) Dell DM051 [ 2845.743742] EIP: 0060:[] EFLAGS: 00010002 CPU: 0 [ 2845.743742] EIP is at __lock_acquire+0x6c/0xa80 [ 2845.743742] EAX: 00000046 EBX: 00000046 ECX: 6b6b6b6b EDX: 00000002 [ 2845.743742] ESI: 6b6b6b6b EDI: 00000000 EBP: c064fd14 ESP: c064fcc8 [ 2845.743742] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 [ 2845.743742] Process swapper (pid: 0, ti=c064e000 task=c05d1400 task.ti=c064e000) [ 2845.743742] Stack: [ 2845.743742] c05d1400 00000002 c05d1400 00000001 00000002 00000000 f65388dc c05d1400 [ 2845.743742] 6b6b6b6b 00000292 c064fd0c c0153732 00000000 00000000 00000001 f700fa50 [ 2845.743742] 00000046 00000000 00000000 c064fd40 c0155be6 00000000 00000002 00000001 [ 2845.743742] Call Trace: [ 2845.743742] [] ? trace_hardirqs_on_caller+0x72/0x1c0 [ 2845.743742] [] ? lock_acquire+0x76/0xa0 [ 2845.743742] [] ? skb_dequeue+0x1d/0x70 [ 2845.743742] [] ? _spin_lock_irqsave+0x45/0x80 [ 2845.743742] [] ? skb_dequeue+0x1d/0x70 [ 2845.743742] [] ? skb_dequeue+0x1d/0x70 [ 2845.743742] [] ? skb_queue_purge+0x14/0x20 [ 2845.743742] [] ? hci_conn_del+0x10a/0x1c0 [bluetooth] [ 2845.743742] [] ? l2cap_disconn_ind+0x59/0xb0 [l2cap] [ 2845.743742] [] ? hci_conn_del_sysfs+0x8e/0xd0 [bluetooth] [ 2845.743742] [] ? hci_event_packet+0x5f8/0x31c0 [bluetooth] [ 2845.743742] [] ? sock_def_readable+0x59/0x80 [ 2845.743742] [] ? _read_unlock+0x1d/0x20 [ 2845.743742] [] ? hci_send_to_sock+0xe9/0x1d0 [bluetooth] [ 2845.743742] [] ? trace_hardirqs_on+0xb/0x10 [ 2845.743742] [] ? hci_rx_task+0x2ba/0x490 [bluetooth] [ 2845.743742] [] ? tasklet_action+0x31/0xc0 [ 2845.743742] [] ? tasklet_action+0x4c/0xc0 [ 2845.743742] [] ? __do_softirq+0xa7/0x170 [ 2845.743742] [] ? ack_apic_level+0x5c/0x1c0 [ 2845.743742] [] ? do_softirq+0x57/0x60 [ 2845.743742] [] ? irq_exit+0x7c/0x90 [ 2845.743742] [] ? do_IRQ+0x4b/0x90 [ 2845.743742] [] ? irq_exit+0x75/0x90 [ 2845.743742] [] ? common_interrupt+0x2c/0x34 [ 2845.743742] [] ? mwait_idle+0x4f/0x70 [ 2845.743742] [] ? cpu_idle+0x65/0xb0 [ 2845.743742] [] ? rest_init+0x4e/0x60 [ 2845.743742] Code: 0f 84 69 02 00 00 83 ff 07 0f 87 1e 06 00 00 85 ff 0f 85 08 05 00 00 8b 4d cc 8b 49 04 85 c9 89 4d d4 0f 84 f7 04 00 00 8b 75 d4 ff 86 c4 00 00 00 89 f0 e8 56 a9 ff ff 85 c0 0f 85 6e 03 00 [ 2845.743742] EIP: [] __lock_acquire+0x6c/0xa80 SS:ESP 0068:c064fcc8 [ 2845.743742] ---[ end trace 4c985b38f022279f ]--- [ 2845.743742] Kernel panic - not syncing: Fatal exception in interrupt [ 2845.743742] ------------[ cut here ]------------ [ 2845.743742] WARNING: at kernel/smp.c:329 smp_call_function_many+0x151/0x200() [ 2845.743742] Hardware name: Dell DM051 [ 2845.743742] Modules linked in: btusb netconsole snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss rfcomm l2cap bluetooth vfat fuse snd_hda_codec_idt snd_hda_intel snd_hda_codec snd_hwdep snd_pcm pl2303 snd_timer psmouse usbserial snd 3c59x e100 serio_raw soundcore i2c_i801 intel_agp mii agpgart snd_page_alloc rtc_cmos rtc_core thermal processor rtc_lib button thermal_sys sg evdev [ 2845.743742] Pid: 0, comm: swapper Tainted: G D 2.6.29-rc5-smp #54 [ 2845.743742] Call Trace: [ 2845.743742] [] warn_slowpath+0x86/0xa0 [ 2845.743742] [] ? trace_hardirqs_off+0xb/0x10 [ 2845.743742] [] ? up+0x14/0x40 [ 2845.743742] [] ? release_console_sem+0x31/0x1e0 [ 2845.743742] [] ? _spin_lock_irqsave+0x6b/0x80 [ 2845.743742] [] ? trace_hardirqs_off+0xb/0x10 [ 2845.743742] [] ? _read_lock_irqsave+0x40/0x80 [ 2845.743742] [] ? release_console_sem+0x1c2/0x1e0 [ 2845.743742] [] ? up+0x14/0x40 [ 2845.743742] [] ? trace_hardirqs_off+0xb/0x10 [ 2845.743742] [] ? __mutex_unlock_slowpath+0x97/0x160 [ 2845.743742] [] ? mutex_trylock+0xb3/0x180 [ 2845.743742] [] ? mutex_unlock+0x8/0x10 [ 2845.743742] [] smp_call_function_many+0x151/0x200 [ 2845.743742] [] ? stop_this_cpu+0x0/0x40 [ 2845.743742] [] smp_call_function+0x21/0x30 [ 2845.743742] [] native_smp_send_stop+0x1e/0x50 [ 2845.743742] [] panic+0x55/0x110 [ 2845.743742] [] oops_end+0xb8/0xc0 [ 2845.743742] [] die+0x4f/0x70 [ 2845.743742] [] do_page_fault+0x269/0x610 [ 2845.743742] [] ? do_page_fault+0x0/0x610 [ 2845.743742] [] error_code+0x77/0x7c [ 2845.743742] [] ? __lock_acquire+0x6c/0xa80 [ 2845.743742] [] ? trace_hardirqs_on_caller+0x72/0x1c0 [ 2845.743742] [] lock_acquire+0x76/0xa0 [ 2845.743742] [] ? skb_dequeue+0x1d/0x70 [ 2845.743742] [] _spin_lock_irqsave+0x45/0x80 [ 2845.743742] [] ? skb_dequeue+0x1d/0x70 [ 2845.743742] [] skb_dequeue+0x1d/0x70 [ 2845.743742] [] skb_queue_purge+0x14/0x20 [ 2845.743742] [] hci_conn_del+0x10a/0x1c0 [bluetooth] [ 2845.743742] [] ? l2cap_disconn_ind+0x59/0xb0 [l2cap] [ 2845.743742] [] ? hci_conn_del_sysfs+0x8e/0xd0 [bluetooth] [ 2845.743742] [] hci_event_packet+0x5f8/0x31c0 [bluetooth] [ 2845.743742] [] ? sock_def_readable+0x59/0x80 [ 2845.743742] [] ? _read_unlock+0x1d/0x20 [ 2845.743742] [] ? hci_send_to_sock+0xe9/0x1d0 [bluetooth] [ 2845.743742] [] ? trace_hardirqs_on+0xb/0x10 [ 2845.743742] [] hci_rx_task+0x2ba/0x490 [bluetooth] [ 2845.743742] [] ? tasklet_action+0x31/0xc0 [ 2845.743742] [] tasklet_action+0x4c/0xc0 [ 2845.743742] [] __do_softirq+0xa7/0x170 [ 2845.743742] [] ? ack_apic_level+0x5c/0x1c0 [ 2845.743742] [] do_softirq+0x57/0x60 [ 2845.743742] [] irq_exit+0x7c/0x90 [ 2845.743742] [] do_IRQ+0x4b/0x90 [ 2845.743742] [] ? irq_exit+0x75/0x90 [ 2845.743742] [] common_interrupt+0x2c/0x34 [ 2845.743742] [] ? mwait_idle+0x4f/0x70 [ 2845.743742] [] cpu_idle+0x65/0xb0 [ 2845.743742] [] rest_init+0x4e/0x60 [ 2845.743742] ---[ end trace 4c985b38f02227a0 ]--- [ 2845.743742] ------------[ cut here ]------------ [ 2845.743742] WARNING: at kernel/smp.c:226 smp_call_function_single+0x8e/0x110() [ 2845.743742] Hardware name: Dell DM051 [ 2845.743742] Modules linked in: btusb netconsole snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss rfcomm l2cap bluetooth vfat fuse snd_hda_codec_idt snd_hda_intel snd_hda_codec snd_hwdep snd_pcm pl2303 snd_timer psmouse usbserial snd 3c59x e100 serio_raw soundcore i2c_i801 intel_agp mii agpgart snd_page_alloc rtc_cmos rtc_core thermal processor rtc_lib button thermal_sys sg evdev [ 2845.743742] Pid: 0, comm: swapper Tainted: G D W 2.6.29-rc5-smp #54 [ 2845.743742] Call Trace: [ 2845.743742] [] warn_slowpath+0x86/0xa0 [ 2845.743742] [] ? warn_slowpath+0x10/0xa0 [ 2845.743742] [] ? trace_hardirqs_off+0xb/0x10 [ 2845.743742] [] ? up+0x14/0x40 [ 2845.743742] [] ? release_console_sem+0x31/0x1e0 [ 2845.743742] [] ? _spin_lock_irqsave+0x6b/0x80 [ 2845.743742] [] ? trace_hardirqs_off+0xb/0x10 [ 2845.743742] [] ? _read_lock_irqsave+0x40/0x80 [ 2845.743742] [] ? release_console_sem+0x1c2/0x1e0 [ 2845.743742] [] ? up+0x14/0x40 [ 2845.743742] [] smp_call_function_single+0x8e/0x110 [ 2845.743742] [] ? stop_this_cpu+0x0/0x40 [ 2845.743742] [] ? cpumask_next_and+0x1f/0x40 [ 2845.743742] [] smp_call_function_many+0x11a/0x200 [ 2845.743742] [] ? stop_this_cpu+0x0/0x40 [ 2845.743742] [] smp_call_function+0x21/0x30 [ 2845.743742] [] native_smp_send_stop+0x1e/0x50 [ 2845.743742] [] panic+0x55/0x110 [ 2845.743742] [] oops_end+0xb8/0xc0 [ 2845.743742] [] die+0x4f/0x70 [ 2845.743742] [] do_page_fault+0x269/0x610 [ 2845.743742] [] ? do_page_fault+0x0/0x610 [ 2845.743742] [] error_code+0x77/0x7c [ 2845.743742] [] ? __lock_acquire+0x6c/0xa80 [ 2845.743742] [] ? trace_hardirqs_on_caller+0x72/0x1c0 [ 2845.743742] [] lock_acquire+0x76/0xa0 [ 2845.743742] [] ? skb_dequeue+0x1d/0x70 [ 2845.743742] [] _spin_lock_irqsave+0x45/0x80 [ 2845.743742] [] ? skb_dequeue+0x1d/0x70 [ 2845.743742] [] skb_dequeue+0x1d/0x70 [ 2845.743742] [] skb_queue_purge+0x14/0x20 [ 2845.743742] [] hci_conn_del+0x10a/0x1c0 [bluetooth] [ 2845.743742] [] ? l2cap_disconn_ind+0x59/0xb0 [l2cap] [ 2845.743742] [] ? hci_conn_del_sysfs+0x8e/0xd0 [bluetooth] [ 2845.743742] [] hci_event_packet+0x5f8/0x31c0 [bluetooth] [ 2845.743742] [] ? sock_def_readable+0x59/0x80 [ 2845.743742] [] ? _read_unlock+0x1d/0x20 [ 2845.743742] [] ? hci_send_to_sock+0xe9/0x1d0 [bluetooth] [ 2845.743742] [] ? trace_hardirqs_on+0xb/0x10 [ 2845.743742] [] hci_rx_task+0x2ba/0x490 [bluetooth] [ 2845.743742] [] ? tasklet_action+0x31/0xc0 [ 2845.743742] [] tasklet_action+0x4c/0xc0 [ 2845.743742] [] __do_softirq+0xa7/0x170 [ 2845.743742] [] ? ack_apic_level+0x5c/0x1c0 [ 2845.743742] [] do_softirq+0x57/0x60 [ 2845.743742] [] irq_exit+0x7c/0x90 [ 2845.743742] [] do_IRQ+0x4b/0x90 [ 2845.743742] [] ? irq_exit+0x75/0x90 [ 2845.743742] [] common_interrupt+0x2c/0x34 [ 2845.743742] [] ? mwait_idle+0x4f/0x70 [ 2845.743742] [] cpu_idle+0x65/0xb0 [ 2845.743742] [] rest_init+0x4e/0x60 [ 2845.743742] ---[ end trace 4c985b38f02227a1 ]--- [ 2845.743742] Rebooting in 3 seconds.. My logitec bluetooth mouse trying connect to pc, but pc side reject the connection again and again. then panic happens. The reason is due to hci_conn_del_sysfs now called in hci_event_packet, the del work is done in a workqueue, so it's possible done before skb_queue_purge called. I move the hci_conn_del_sysfs after skb_queue_purge just as that before marcel's commit. Remove the hci_conn_del_sysfs in hci_conn_hash_flush as well due to hci_conn_del will deal with the work. Signed-off-by: Dave Young Signed-off-by: Marcel Holtmann --- net/bluetooth/hci_conn.c | 4 ++-- net/bluetooth/hci_event.c | 2 -- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index efd5c926cc1b..1181db08d9de 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c @@ -287,6 +287,8 @@ int hci_conn_del(struct hci_conn *conn) skb_queue_purge(&conn->data_q); + hci_conn_del_sysfs(conn); + return 0; } @@ -560,8 +562,6 @@ void hci_conn_hash_flush(struct hci_dev *hdev) c->state = BT_CLOSED; - hci_conn_del_sysfs(c); - hci_proto_disconn_cfm(c, 0x16); hci_conn_del(c); } diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index c396542c2b82..55534244c3a0 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -1019,8 +1019,6 @@ static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff if (conn) { conn->state = BT_CLOSED; - hci_conn_del_sysfs(conn); - hci_proto_disconn_cfm(conn, ev->reason); hci_conn_del(conn); } -- 2.30.2