diff mbox series

[1/1] Bluetooth: ISO: Fix invalid context error

Message ID 20230927113739.3332-2-iulia.tanasescu@nxp.com (mailing list archive)
State Superseded
Headers show
Series Bluetooth: ISO: Fix invalid context error | expand

Checks

Context Check Description
tedd_an/pre-ci_am success Success
tedd_an/CheckPatch success CheckPatch PASS
tedd_an/GitLint success Gitlint PASS
tedd_an/SubjectPrefix success Gitlint PASS
tedd_an/BuildKernel success BuildKernel PASS
tedd_an/CheckAllWarning success CheckAllWarning PASS
tedd_an/CheckSparse warning CheckSparse WARNING net/bluetooth/hci_event.c: note: in included file (through include/net/bluetooth/hci_core.h):
tedd_an/CheckSmatch warning CheckSparse WARNING net/bluetooth/hci_event.c: note: in included file (through include/net/bluetooth/hci_core.h):
tedd_an/BuildKernel32 success BuildKernel32 PASS
tedd_an/TestRunnerSetup success TestRunnerSetup PASS
tedd_an/TestRunner_l2cap-tester success TestRunner PASS
tedd_an/TestRunner_iso-tester success TestRunner PASS
tedd_an/TestRunner_bnep-tester success TestRunner PASS
tedd_an/TestRunner_mgmt-tester success TestRunner PASS
tedd_an/TestRunner_rfcomm-tester success TestRunner PASS
tedd_an/TestRunner_sco-tester success TestRunner PASS
tedd_an/TestRunner_ioctl-tester success TestRunner PASS
tedd_an/TestRunner_mesh-tester success TestRunner PASS
tedd_an/TestRunner_smp-tester success TestRunner PASS
tedd_an/TestRunner_userchan-tester success TestRunner PASS
tedd_an/IncrementalBuild success Incremental Build PASS

Commit Message

Iulia Tanasescu Sept. 27, 2023, 11:37 a.m. UTC 
This moves the hci_le_terminate_big_sync call from rx_work
to cmd_sync_work, to avoid calling sleeping function from
an invalid context.

Signed-off-by: Iulia Tanasescu <iulia.tanasescu@nxp.com>
---
 net/bluetooth/hci_event.c | 31 +++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

Comments

bluez.test.bot@gmail.com Sept. 27, 2023, 12:49 p.m. UTC | #1 
This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=788074

---Test result---

Test Summary:
CheckPatch                    PASS      0.86 seconds
GitLint                       PASS      0.40 seconds
SubjectPrefix                 PASS      0.13 seconds
BuildKernel                   PASS      42.06 seconds
CheckAllWarning               PASS      45.51 seconds
CheckSparse                   WARNING   51.94 seconds
CheckSmatch                   WARNING   138.36 seconds
BuildKernel32                 PASS      40.26 seconds
TestRunnerSetup               PASS      608.56 seconds
TestRunner_l2cap-tester       PASS      36.41 seconds
TestRunner_iso-tester         PASS      64.40 seconds
TestRunner_bnep-tester        PASS      12.70 seconds
TestRunner_mgmt-tester        PASS      257.49 seconds
TestRunner_rfcomm-tester      PASS      20.99 seconds
TestRunner_sco-tester         PASS      22.93 seconds
TestRunner_ioctl-tester       PASS      22.83 seconds
TestRunner_mesh-tester        PASS      16.77 seconds
TestRunner_smp-tester         PASS      17.29 seconds
TestRunner_userchan-tester    PASS      13.45 seconds
IncrementalBuild              PASS      38.36 seconds

Details
##############################
Test: CheckSparse - WARNING
Desc: Run sparse tool with linux kernel
Output:
net/bluetooth/hci_event.c: note: in included file (through include/net/bluetooth/hci_core.h):
##############################
Test: CheckSmatch - WARNING
Desc: Run smatch tool with source
Output:
net/bluetooth/hci_event.c: note: in included file (through include/net/bluetooth/hci_core.h):


---
Regards,
Linux Bluetooth
Luiz Augusto von Dentz Sept. 27, 2023, 9:46 p.m. UTC | #2 
Hi Iulia,

On Wed, Sep 27, 2023 at 4:37 AM Iulia Tanasescu <iulia.tanasescu@nxp.com> wrote:
>
> This moves the hci_le_terminate_big_sync call from rx_work
> to cmd_sync_work, to avoid calling sleeping function from
> an invalid context.
>
> Signed-off-by: Iulia Tanasescu <iulia.tanasescu@nxp.com>
> ---
>  net/bluetooth/hci_event.c | 31 +++++++++++++++++++++++++++----
>  1 file changed, 27 insertions(+), 4 deletions(-)
>
> diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
> index d242f956dea8..640921358e5f 100644
> --- a/net/bluetooth/hci_event.c
> +++ b/net/bluetooth/hci_event.c
> @@ -7020,12 +7020,26 @@ static void hci_le_cis_req_evt(struct hci_dev *hdev, void *data,
>         hci_dev_unlock(hdev);
>  }
>
> +static int hci_iso_term_big_sync(struct hci_dev *hdev, void *data)
> +{
> +       __u8 *handle = data;
> +
> +       return hci_le_terminate_big_sync(hdev, *handle,
> +                                        HCI_ERROR_LOCAL_HOST_TERM);
> +}
> +
> +static void hci_iso_term_big_destroy(struct hci_dev *hdev, void *data, int err)
> +{
> +       kfree(data);
> +}
> +
>  static void hci_le_create_big_complete_evt(struct hci_dev *hdev, void *data,
>                                            struct sk_buff *skb)
>  {
>         struct hci_evt_le_create_big_complete *ev = data;
>         struct hci_conn *conn;
>         __u8 i = 0;
> +       __u8 *big_handle;
>
>         BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
>
> @@ -7064,16 +7078,25 @@ static void hci_le_create_big_complete_evt(struct hci_dev *hdev, void *data,
>                 rcu_read_lock();
>         }
>
> -       if (!ev->status && !i)
> +       rcu_read_unlock();
> +
> +       if (!ev->status && !i) {
>                 /* If no BISes have been connected for the BIG,
>                  * terminate. This is in case all bound connections
>                  * have been closed before the BIG creation
>                  * has completed.
>                  */
> -               hci_le_terminate_big_sync(hdev, ev->handle,
> -                                         HCI_ERROR_LOCAL_HOST_TERM);
> +               big_handle = kzalloc(sizeof(*big_handle), GFP_KERNEL);
> +               if (!big_handle)
> +                       goto unlock;

You don't need to allocate a pointer to the handle, just pass it with UINT_PTR.

>
> -       rcu_read_unlock();
> +               *big_handle = ev->handle;
> +
> +               hci_cmd_sync_queue(hdev, hci_iso_term_big_sync, big_handle,
> +                                  hci_iso_term_big_destroy);
> +       }
> +
> +unlock:
>         hci_dev_unlock(hdev);
>  }
>
> --
> 2.39.2
>
diff mbox series

Patch

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index d242f956dea8..640921358e5f 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -7020,12 +7020,26 @@  static void hci_le_cis_req_evt(struct hci_dev *hdev, void *data,
 	hci_dev_unlock(hdev);
 }
 
+static int hci_iso_term_big_sync(struct hci_dev *hdev, void *data)
+{
+	__u8 *handle = data;
+
+	return hci_le_terminate_big_sync(hdev, *handle,
+					 HCI_ERROR_LOCAL_HOST_TERM);
+}
+
+static void hci_iso_term_big_destroy(struct hci_dev *hdev, void *data, int err)
+{
+	kfree(data);
+}
+
 static void hci_le_create_big_complete_evt(struct hci_dev *hdev, void *data,
 					   struct sk_buff *skb)
 {
 	struct hci_evt_le_create_big_complete *ev = data;
 	struct hci_conn *conn;
 	__u8 i = 0;
+	__u8 *big_handle;
 
 	BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
 
@@ -7064,16 +7078,25 @@  static void hci_le_create_big_complete_evt(struct hci_dev *hdev, void *data,
 		rcu_read_lock();
 	}
 
-	if (!ev->status && !i)
+	rcu_read_unlock();
+
+	if (!ev->status && !i) {
 		/* If no BISes have been connected for the BIG,
 		 * terminate. This is in case all bound connections
 		 * have been closed before the BIG creation
 		 * has completed.
 		 */
-		hci_le_terminate_big_sync(hdev, ev->handle,
-					  HCI_ERROR_LOCAL_HOST_TERM);
+		big_handle = kzalloc(sizeof(*big_handle), GFP_KERNEL);
+		if (!big_handle)
+			goto unlock;
 
-	rcu_read_unlock();
+		*big_handle = ev->handle;
+
+		hci_cmd_sync_queue(hdev, hci_iso_term_big_sync, big_handle,
+				   hci_iso_term_big_destroy);
+	}
+
+unlock:
 	hci_dev_unlock(hdev);
 }