| Message ID | 20201214072921.3402608-1-tientzu@chromium.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Bluetooth: hci_uart: Fix a race for write_work scheduling | expand |
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=401333
---Test result---
##############################
Test: CheckPatch - PASS
##############################
Test: CheckGitLint - FAIL
workflow: Add workflow files for ci
1: T1 Title exceeds max length (92>72): "Merge 6c842f451a415646f8011459b2ebf36fec0a0684 into 5c19ab6aefe0de554b4ea5c00b7bc1520e6de8ae"
3: B6 Body message is missing
Bluetooth: hci_uart: Fix a race for write_work scheduling
1: T1 Title exceeds max length (92>72): "Merge 6c842f451a415646f8011459b2ebf36fec0a0684 into 5c19ab6aefe0de554b4ea5c00b7bc1520e6de8ae"
3: B6 Body message is missing
##############################
Test: CheckBuildK - PASS
##############################
Test: CheckTestRunner: Setup - PASS
##############################
Test: CheckTestRunner: l2cap-tester - PASS
Total: 40, Passed: 34 (85.0%), Failed: 0, Not Run: 6
##############################
Test: CheckTestRunner: bnep-tester - PASS
Total: 1, Passed: 1 (100.0%), Failed: 0, Not Run: 0
##############################
Test: CheckTestRunner: mgmt-tester - PASS
Total: 416, Passed: 394 (94.7%), Failed: 8, Not Run: 14
##############################
Test: CheckTestRunner: rfcomm-tester - PASS
Total: 9, Passed: 9 (100.0%), Failed: 0, Not Run: 0
##############################
Test: CheckTestRunner: sco-tester - PASS
Total: 8, Passed: 8 (100.0%), Failed: 0, Not Run: 0
##############################
Test: CheckTestRunner: smp-tester - PASS
Total: 8, Passed: 8 (100.0%), Failed: 0, Not Run: 0
##############################
Test: CheckTestRunner: userchan-tester - PASS
Total: 3, Passed: 3 (100.0%), Failed: 0, Not Run: 0
---
Regards,
Linux Bluetooth
Hi Claire, > In hci_uart_write_work, there is a loop/goto checking the value of > HCI_UART_TX_WAKEUP. If HCI_UART_TX_WAKEUP is set again, it keeps trying > hci_uart_dequeue; otherwise, it clears HCI_UART_SENDING and returns. > > In hci_uart_tx_wakeup, if HCI_UART_SENDING is already set, it sets > HCI_UART_TX_WAKEUP, skips schedule_work and assumes the running/pending > hci_uart_write_work worker will do hci_uart_dequeue properly. > > However, if the HCI_UART_SENDING check in hci_uart_tx_wakeup is done after > the loop breaks, but before HCI_UART_SENDING is cleared in > hci_uart_write_work, the schedule_work is skipped incorrectly. > > Fix this race by changing the order of HCI_UART_SENDING and > HCI_UART_TX_WAKEUP modification. > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > Fixes: 82f5169bf3d3 ("Bluetooth: hci_uart: add serdev driver support library") > Signed-off-by: Claire Chang <tientzu@chromium.org> > --- > drivers/bluetooth/hci_ldisc.c | 7 +++---- > drivers/bluetooth/hci_serdev.c | 4 ++-- > 2 files changed, 5 insertions(+), 6 deletions(-) patch has been applied to bluetooth-next tree. Regards Marcel
diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c index f83d67eafc9f..8be4d807d137 100644 --- a/drivers/bluetooth/hci_ldisc.c +++ b/drivers/bluetooth/hci_ldisc.c @@ -127,10 +127,9 @@ int hci_uart_tx_wakeup(struct hci_uart *hu) if (!test_bit(HCI_UART_PROTO_READY, &hu->flags)) goto no_schedule; - if (test_and_set_bit(HCI_UART_SENDING, &hu->tx_state)) { - set_bit(HCI_UART_TX_WAKEUP, &hu->tx_state); + set_bit(HCI_UART_TX_WAKEUP, &hu->tx_state); + if (test_and_set_bit(HCI_UART_SENDING, &hu->tx_state)) goto no_schedule; - } BT_DBG(""); @@ -174,10 +173,10 @@ static void hci_uart_write_work(struct work_struct *work) kfree_skb(skb); } + clear_bit(HCI_UART_SENDING, &hu->tx_state); if (test_bit(HCI_UART_TX_WAKEUP, &hu->tx_state)) goto restart; - clear_bit(HCI_UART_SENDING, &hu->tx_state); wake_up_bit(&hu->tx_state, HCI_UART_SENDING); } diff --git a/drivers/bluetooth/hci_serdev.c b/drivers/bluetooth/hci_serdev.c index ef96ad06fa54..9e03402ef1b3 100644 --- a/drivers/bluetooth/hci_serdev.c +++ b/drivers/bluetooth/hci_serdev.c @@ -83,9 +83,9 @@ static void hci_uart_write_work(struct work_struct *work) hci_uart_tx_complete(hu, hci_skb_pkt_type(skb)); kfree_skb(skb); } - } while (test_bit(HCI_UART_TX_WAKEUP, &hu->tx_state)); - clear_bit(HCI_UART_SENDING, &hu->tx_state); + clear_bit(HCI_UART_SENDING, &hu->tx_state); + } while (test_bit(HCI_UART_TX_WAKEUP, &hu->tx_state)); } /* ------- Interface to HCI layer ------ */
In hci_uart_write_work, there is a loop/goto checking the value of HCI_UART_TX_WAKEUP. If HCI_UART_TX_WAKEUP is set again, it keeps trying hci_uart_dequeue; otherwise, it clears HCI_UART_SENDING and returns. In hci_uart_tx_wakeup, if HCI_UART_SENDING is already set, it sets HCI_UART_TX_WAKEUP, skips schedule_work and assumes the running/pending hci_uart_write_work worker will do hci_uart_dequeue properly. However, if the HCI_UART_SENDING check in hci_uart_tx_wakeup is done after the loop breaks, but before HCI_UART_SENDING is cleared in hci_uart_write_work, the schedule_work is skipped incorrectly. Fix this race by changing the order of HCI_UART_SENDING and HCI_UART_TX_WAKEUP modification. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Fixes: 82f5169bf3d3 ("Bluetooth: hci_uart: add serdev driver support library") Signed-off-by: Claire Chang <tientzu@chromium.org> --- drivers/bluetooth/hci_ldisc.c | 7 +++---- drivers/bluetooth/hci_serdev.c | 4 ++-- 2 files changed, 5 insertions(+), 6 deletions(-)