Bluetooth: Fix potential deadlock in mgmt

All threads running in process context should disable local bottom halve before locking hdev->lock. This patch fix the following message generated when Bluetooh module is loaded with enable_mgmt=y (CONFIG_PROVE_LOCKING enabled). [ 107.880781] ================================= [ 107.881631] [ INFO: inconsistent lock state ] [ 107.881631] 2.6.39+ #1 [ 107.881631] --------------------------------- [ 107.881631] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. [ 107.881631] rcuc0/7 [HC0[0]:SC1[3]:HE1:SE0] takes: [ 107.881631] (&(&hdev->lock)->rlock){+.?...}, at: [<ffffffffa0012c8d>] mgmt_set_local_name_complete+0x84/0x10b [bluetooth] [ 107.881631] {SOFTIRQ-ON-W} state was registered at: [ 107.881631] [<ffffffff8105188b>] __lock_acquire+0x347/0xd52 [ 107.881631] [<ffffffff810526ac>] lock_acquire+0x8a/0xa7 [ 107.881631] [<ffffffff812b3758>] _raw_spin_lock+0x2c/0x3b [ 107.881631] [<ffffffffa0011cc2>] mgmt_control+0xd4d/0x175b [bluetooth] [ 107.881631] [<ffffffffa0013275>] hci_sock_sendmsg+0x97/0x293 [bluetooth] [ 107.881631] [<ffffffff8121940c>] sock_aio_write+0x126/0x13a [ 107.881631] [<ffffffff810a35fa>] do_sync_write+0xba/0xfa [ 107.881631] [<ffffffff810a3beb>] vfs_write+0xaa/0xca [ 107.881631] [<ffffffff810a3d80>] sys_write+0x45/0x69 [ 107.881631] [<ffffffff812b4892>] system_call_fastpath+0x16/0x1b [ 107.881631] irq event stamp: 2100876 [ 107.881631] hardirqs last enabled at (2100876): [<ffffffff812b40d4>] restore_args+0x0/0x30 [ 107.881631] hardirqs last disabled at (2100875): [<ffffffff812b3f6a>] save_args+0x6a/0x70 [ 107.881631] softirqs last enabled at (2100862): [<ffffffff8106a805>] rcu_cpu_kthread+0x2b5/0x2e2 [ 107.881631] softirqs last disabled at (2100863): [<ffffffff812b56bc>] call_softirq+0x1c/0x26 [ 107.881631] [ 107.881631] other info that might help us debug this: [ 107.881631] Possible unsafe locking scenario: [ 107.881631] [ 107.881631] CPU0 [ 107.881631] ---- [ 107.881631] lock(&(&hdev->lock)->rlock); [ 107.881631] <Interrupt> [ 107.881631] lock(&(&hdev->lock)->rlock); [ 107.881631] [ 107.881631] *** DEADLOCK *** [ 107.881631] [ 107.881631] 1 lock held by rcuc0/7: [ 107.881631] #0: (hci_task_lock){++.-..}, at: [<ffffffffa0008353>] hci_rx_task+0x49/0x2f3 [bluetooth] [ 107.881631] [ 107.881631] stack backtrace: [ 107.881631] Pid: 7, comm: rcuc0 Not tainted 2.6.39+ #1 [ 107.881631] Call Trace: [ 107.881631] <IRQ> [<ffffffff812ae901>] print_usage_bug+0x1e7/0x1f8 [ 107.881631] [<ffffffff8100a796>] ? save_stack_trace+0x27/0x44 [ 107.881631] [<ffffffff8104fc3f>] ? print_irq_inversion_bug.part.26+0x19a/0x19a [ 107.881631] [<ffffffff810504bb>] mark_lock+0x106/0x258 [ 107.881631] [<ffffffff81051817>] __lock_acquire+0x2d3/0xd52 [ 107.881631] [<ffffffff8102be73>] ? vprintk+0x3ab/0x3d7 [ 107.881631] [<ffffffff810526ac>] lock_acquire+0x8a/0xa7 [ 107.881631] [<ffffffffa0012c8d>] ? mgmt_set_local_name_complete+0x84/0x10b [bluetooth] [ 107.881631] [<ffffffff81052615>] ? lock_release+0x16c/0x179 [ 107.881631] [<ffffffff812b3952>] _raw_spin_lock_bh+0x31/0x40 [ 107.881631] [<ffffffffa0012c8d>] ? mgmt_set_local_name_complete+0x84/0x10b [bluetooth] [ 107.881631] [<ffffffffa0012c8d>] mgmt_set_local_name_complete+0x84/0x10b [bluetooth] [ 107.881631] [<ffffffffa000d3fe>] hci_event_packet+0x122b/0x3e12 [bluetooth] [ 107.881631] [<ffffffff81050658>] ? mark_held_locks+0x4b/0x6d [ 107.881631] [<ffffffff812b3cff>] ? _raw_spin_unlock_irqrestore+0x40/0x4d [ 107.881631] [<ffffffff810507b9>] ? trace_hardirqs_on_caller+0x13f/0x172 [ 107.881631] [<ffffffff812b3d07>] ? _raw_spin_unlock_irqrestore+0x48/0x4d [ 107.881631] [<ffffffffa00083d2>] hci_rx_task+0xc8/0x2f3 [bluetooth] [ 107.881631] [<ffffffff8102f836>] ? __local_bh_enable+0x90/0xa4 [ 107.881631] [<ffffffff8102f5a9>] tasklet_action+0x87/0xe6 [ 107.881631] [<ffffffff8102fa11>] __do_softirq+0x9f/0x13f [ 107.881631] [<ffffffff812b56bc>] call_softirq+0x1c/0x26 [ 107.881631] <EOI> [<ffffffff810033b8>] ? do_softirq+0x46/0x9a [ 107.881631] [<ffffffff8106a805>] ? rcu_cpu_kthread+0x2b5/0x2e2 [ 107.881631] [<ffffffff8102f906>] _local_bh_enable_ip+0xac/0xc9 [ 107.881631] [<ffffffff8102f93b>] local_bh_enable+0xd/0xf [ 107.881631] [<ffffffff8106a805>] rcu_cpu_kthread+0x2b5/0x2e2 [ 107.881631] [<ffffffff81041586>] ? __init_waitqueue_head+0x46/0x46 [ 107.881631] [<ffffffff8106a550>] ? rcu_yield.constprop.42+0x98/0x98 [ 107.881631] [<ffffffff81040f0a>] kthread+0x7f/0x87 [ 107.881631] [<ffffffff812b55c4>] kernel_thread_helper+0x4/0x10 [ 107.881631] [<ffffffff812b40d4>] ? retint_restore_args+0x13/0x13 [ 107.881631] [<ffffffff81040e8b>] ? __init_kthread_worker+0x53/0x53 [ 107.881631] [<ffffffff812b55c0>] ? gs_change+0x13/0x13 Signed-off-by: Andre Guedes <andre.guedes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
author: Andre Guedes <andre.guedes@openbossa.org> 2011-07-07 09:30:36 -0400
committer: Gustavo F. Padovan <padovan@profusion.mobi> 2011-07-07 13:28:29 -0400
commit: 8c156c322f8a300afe59259bd554db166cf88203 (patch)
tree: 2ed764475c462238a7181f55fc8e22ba0b0edace /net
parent: 8aded7110a5625bc00aef05e94dd4b1a9cf3605f (diff)
1 files changed, 44 insertions, 44 deletions
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 64c0418a622..4fd11e5d102 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -179,7 +179,7 @@ static int read_controller_info(struct sock *sk, u16 index)
        hci_del_off_timer(hdev);
-        hci_dev_lock(hdev);
+        hci_dev_lock_bh(hdev);
        set_bit(HCI_MGMT, &hdev->flags);
@@ -208,7 +208,7 @@ static int read_controller_info(struct sock *sk, u16 index)
        memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
-        hci_dev_unlock(hdev);
+        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
        return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
@@ -316,7 +316,7 @@ static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
        if (!hdev)
                return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
-        hci_dev_lock(hdev);
+        hci_dev_lock_bh(hdev);
        up = test_bit(HCI_UP, &hdev->flags);
        if ((cp->val && up) || (!cp->val && !up)) {
@@ -343,7 +343,7 @@ static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
        err = 0;
 failed:
-        hci_dev_unlock(hdev);
+        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
        return err;
 }
@@ -368,7 +368,7 @@ static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
        if (!hdev)
                return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
-        hci_dev_lock(hdev);
+        hci_dev_lock_bh(hdev);
        if (!test_bit(HCI_UP, &hdev->flags)) {
                err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
@@ -403,7 +403,7 @@ static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
                mgmt_pending_remove(cmd);
 failed:
-        hci_dev_unlock(hdev);
+        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
        return err;
@@ -429,7 +429,7 @@ static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
        if (!hdev)
                return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
-        hci_dev_lock(hdev);
+        hci_dev_lock_bh(hdev);
        if (!test_bit(HCI_UP, &hdev->flags)) {
                err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
@@ -463,7 +463,7 @@ static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
                mgmt_pending_remove(cmd);
 failed:
-        hci_dev_unlock(hdev);
+        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
        return err;
@@ -522,7 +522,7 @@ static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
        if (!hdev)
                return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
-        hci_dev_lock(hdev);
+        hci_dev_lock_bh(hdev);
        if (cp->val)
                set_bit(HCI_PAIRABLE, &hdev->flags);
@@ -538,7 +538,7 @@ static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
        err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
 failed:
-        hci_dev_unlock(hdev);
+        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
        return err;
@@ -739,7 +739,7 @@ static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
        if (!hdev)
                return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
-        hci_dev_lock(hdev);
+        hci_dev_lock_bh(hdev);
        uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
        if (!uuid) {
@@ -763,7 +763,7 @@ static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
        err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
 failed:
-        hci_dev_unlock(hdev);
+        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
        return err;
@@ -788,7 +788,7 @@ static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
        if (!hdev)
                return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
-        hci_dev_lock(hdev);
+        hci_dev_lock_bh(hdev);
        if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
                err = hci_uuids_clear(hdev);
@@ -823,7 +823,7 @@ static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
        err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
 unlock:
-        hci_dev_unlock(hdev);
+        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
        return err;
@@ -847,7 +847,7 @@ static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
        if (!hdev)
                return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
-        hci_dev_lock(hdev);
+        hci_dev_lock_bh(hdev);
        hdev->major_class = cp->major;
        hdev->minor_class = cp->minor;
@@ -857,7 +857,7 @@ static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
        if (err == 0)
                err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
-        hci_dev_unlock(hdev);
+        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
        return err;
@@ -879,7 +879,7 @@ static int set_service_cache(struct sock *sk, u16 index,  unsigned char *data,
        if (!hdev)
                return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
-        hci_dev_lock(hdev);
+        hci_dev_lock_bh(hdev);
        BT_DBG("hci%u enable %d", index, cp->enable);
@@ -897,7 +897,7 @@ static int set_service_cache(struct sock *sk, u16 index,  unsigned char *data,
                err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
                                                                        0);
-        hci_dev_unlock(hdev);
+        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
        return err;
@@ -931,7 +931,7 @@ static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
        BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
                                                                key_count);
-        hci_dev_lock(hdev);
+        hci_dev_lock_bh(hdev);
        hci_link_keys_clear(hdev);
@@ -949,7 +949,7 @@ static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
                                                                key->pin_len);
        }
-        hci_dev_unlock(hdev);
+        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
        return 0;
@@ -971,7 +971,7 @@ static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
        if (!hdev)
                return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);
-        hci_dev_lock(hdev);
+        hci_dev_lock_bh(hdev);
        err = hci_remove_link_key(hdev, &cp->bdaddr);
        if (err < 0) {
@@ -994,7 +994,7 @@ static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
        }
 unlock:
-        hci_dev_unlock(hdev);
+        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
        return err;
@@ -1020,7 +1020,7 @@ static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
        if (!hdev)
                return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
-        hci_dev_lock(hdev);
+        hci_dev_lock_bh(hdev);
        if (!test_bit(HCI_UP, &hdev->flags)) {
                err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
@@ -1055,7 +1055,7 @@ static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
                mgmt_pending_remove(cmd);
 failed:
-        hci_dev_unlock(hdev);
+        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
        return err;
@@ -1076,7 +1076,7 @@ static int get_connections(struct sock *sk, u16 index)
        if (!hdev)
                return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
-        hci_dev_lock(hdev);
+        hci_dev_lock_bh(hdev);
        count = 0;
        list_for_each(p, &hdev->conn_hash.list) {
@@ -1103,7 +1103,7 @@ static int get_connections(struct sock *sk, u16 index)
 unlock:
        kfree(rp);
-        hci_dev_unlock(hdev);
+        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
        return err;
 }
@@ -1149,7 +1149,7 @@ static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
        if (!hdev)
                return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
-        hci_dev_lock(hdev);
+        hci_dev_lock_bh(hdev);
        if (!test_bit(HCI_UP, &hdev->flags)) {
                err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
@@ -1190,7 +1190,7 @@ static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
                mgmt_pending_remove(cmd);
 failed:
-        hci_dev_unlock(hdev);
+        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
        return err;
@@ -1216,7 +1216,7 @@ static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
                return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
                                                                        ENODEV);
-        hci_dev_lock(hdev);
+        hci_dev_lock_bh(hdev);
        if (!test_bit(HCI_UP, &hdev->flags)) {
                err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
@@ -1227,7 +1227,7 @@ static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
        err = send_pin_code_neg_reply(sk, index, hdev, cp);
 failed:
-        hci_dev_unlock(hdev);
+        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
        return err;
@@ -1250,14 +1250,14 @@ static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
        if (!hdev)
                return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
-        hci_dev_lock(hdev);
+        hci_dev_lock_bh(hdev);
        hdev->io_capability = cp->io_capability;
        BT_DBG("%s IO capability set to 0x%02x", hdev->name,
                                                        hdev->io_capability);
-        hci_dev_unlock(hdev);
+        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
        return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
@@ -1343,7 +1343,7 @@ static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
        if (!hdev)
                return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
-        hci_dev_lock(hdev);
+        hci_dev_lock_bh(hdev);
        if (cp->io_cap == 0x03) {
                sec_level = BT_SECURITY_MEDIUM;
@@ -1385,7 +1385,7 @@ static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
        err = 0;
 unlock:
-        hci_dev_unlock(hdev);
+        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
        return err;
@@ -1417,7 +1417,7 @@ static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
        if (!hdev)
                return cmd_status(sk, index, mgmt_op, ENODEV);
-        hci_dev_lock(hdev);
+        hci_dev_lock_bh(hdev);
        if (!test_bit(HCI_UP, &hdev->flags)) {
                err = cmd_status(sk, index, mgmt_op, ENETDOWN);
@@ -1435,7 +1435,7 @@ static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
                mgmt_pending_remove(cmd);
 failed:
-        hci_dev_unlock(hdev);
+        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
        return err;
@@ -1459,7 +1459,7 @@ static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
        if (!hdev)
                return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
-        hci_dev_lock(hdev);
+        hci_dev_lock_bh(hdev);
        cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len);
        if (!cmd) {
@@ -1474,7 +1474,7 @@ static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
                mgmt_pending_remove(cmd);
 failed:
-        hci_dev_unlock(hdev);
+        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
        return err;
@@ -1493,7 +1493,7 @@ static int read_local_oob_data(struct sock *sk, u16 index)
                return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
                                                                        ENODEV);
-        hci_dev_lock(hdev);
+        hci_dev_lock_bh(hdev);
        if (!test_bit(HCI_UP, &hdev->flags)) {
                err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
@@ -1523,7 +1523,7 @@ static int read_local_oob_data(struct sock *sk, u16 index)
                mgmt_pending_remove(cmd);
 unlock:
-        hci_dev_unlock(hdev);
+        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
        return err;
@@ -1547,7 +1547,7 @@ static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
                return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
                                                                        ENODEV);
-        hci_dev_lock(hdev);
+        hci_dev_lock_bh(hdev);
        err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
                                                                cp->randomizer);
@@ -1557,7 +1557,7 @@ static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
                err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
                                                                        0);
-        hci_dev_unlock(hdev);
+        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
        return err;
@@ -1581,7 +1581,7 @@ static int remove_remote_oob_data(struct sock *sk, u16 index,
                return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
                                                                        ENODEV);
-        hci_dev_lock(hdev);
+        hci_dev_lock_bh(hdev);
        err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
        if (err < 0)
@@ -1591,7 +1591,7 @@ static int remove_remote_oob_data(struct sock *sk, u16 index,
                err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
                                                                NULL, 0);
-        hci_dev_unlock(hdev);
+        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
        return err;
author	Andre Guedes <andre.guedes@openbossa.org>	2011-07-07 09:30:36 -0400
committer	Gustavo F. Padovan <padovan@profusion.mobi>	2011-07-07 13:28:29 -0400
commit	8c156c322f8a300afe59259bd554db166cf88203 (patch)
tree	2ed764475c462238a7181f55fc8e22ba0b0edace /net
parent	8aded7110a5625bc00aef05e94dd4b1a9cf3605f (diff)

diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index 64c0418a622..4fd11e5d102 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c
@@ -179,7 +179,7 @@ static int read_controller_info(struct sock *sk, u16 index)
179		179
180	hci_del_off_timer(hdev);	180	hci_del_off_timer(hdev);
181		181
182	hci_dev_lock(hdev);	182	hci_dev_lock_bh(hdev);
183		183
184	set_bit(HCI_MGMT, &hdev->flags);	184	set_bit(HCI_MGMT, &hdev->flags);
185		185
@@ -208,7 +208,7 @@ static int read_controller_info(struct sock *sk, u16 index)
208		208
209	memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));	209	memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
210		210
211	hci_dev_unlock(hdev);	211	hci_dev_unlock_bh(hdev);
212	hci_dev_put(hdev);	212	hci_dev_put(hdev);
213		213
214	return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));	214	return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
@@ -316,7 +316,7 @@ static int set_powered(struct sock sk, u16 index, unsigned char data, u16 len)
316	if (!hdev)	316	if (!hdev)
317	return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);	317	return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
318		318
319	hci_dev_lock(hdev);	319	hci_dev_lock_bh(hdev);
320		320
321	up = test_bit(HCI_UP, &hdev->flags);	321	up = test_bit(HCI_UP, &hdev->flags);
322	if ((cp->val && up) \|\| (!cp->val && !up)) {	322	if ((cp->val && up) \|\| (!cp->val && !up)) {
@@ -343,7 +343,7 @@ static int set_powered(struct sock sk, u16 index, unsigned char data, u16 len)
343	err = 0;	343	err = 0;
344		344
345	failed:	345	failed:
346	hci_dev_unlock(hdev);	346	hci_dev_unlock_bh(hdev);
347	hci_dev_put(hdev);	347	hci_dev_put(hdev);
348	return err;	348	return err;
349	}	349	}
@@ -368,7 +368,7 @@ static int set_discoverable(struct sock sk, u16 index, unsigned char data,
368	if (!hdev)	368	if (!hdev)
369	return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);	369	return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
370		370
371	hci_dev_lock(hdev);	371	hci_dev_lock_bh(hdev);
372		372
373	if (!test_bit(HCI_UP, &hdev->flags)) {	373	if (!test_bit(HCI_UP, &hdev->flags)) {
374	err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);	374	err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
@@ -403,7 +403,7 @@ static int set_discoverable(struct sock sk, u16 index, unsigned char data,
403	mgmt_pending_remove(cmd);	403	mgmt_pending_remove(cmd);
404		404
405	failed:	405	failed:
406	hci_dev_unlock(hdev);	406	hci_dev_unlock_bh(hdev);
407	hci_dev_put(hdev);	407	hci_dev_put(hdev);
408		408
409	return err;	409	return err;
@@ -429,7 +429,7 @@ static int set_connectable(struct sock sk, u16 index, unsigned char data,
429	if (!hdev)	429	if (!hdev)
430	return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);	430	return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
431		431
432	hci_dev_lock(hdev);	432	hci_dev_lock_bh(hdev);
433		433
434	if (!test_bit(HCI_UP, &hdev->flags)) {	434	if (!test_bit(HCI_UP, &hdev->flags)) {
435	err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);	435	err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
@@ -463,7 +463,7 @@ static int set_connectable(struct sock sk, u16 index, unsigned char data,
463	mgmt_pending_remove(cmd);	463	mgmt_pending_remove(cmd);
464		464
465	failed:	465	failed:
466	hci_dev_unlock(hdev);	466	hci_dev_unlock_bh(hdev);
467	hci_dev_put(hdev);	467	hci_dev_put(hdev);
468		468
469	return err;	469	return err;
@@ -522,7 +522,7 @@ static int set_pairable(struct sock sk, u16 index, unsigned char data,
522	if (!hdev)	522	if (!hdev)
523	return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);	523	return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
524		524
525	hci_dev_lock(hdev);	525	hci_dev_lock_bh(hdev);
526		526
527	if (cp->val)	527	if (cp->val)
528	set_bit(HCI_PAIRABLE, &hdev->flags);	528	set_bit(HCI_PAIRABLE, &hdev->flags);
@@ -538,7 +538,7 @@ static int set_pairable(struct sock sk, u16 index, unsigned char data,
538	err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);	538	err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
539		539
540	failed:	540	failed:
541	hci_dev_unlock(hdev);	541	hci_dev_unlock_bh(hdev);
542	hci_dev_put(hdev);	542	hci_dev_put(hdev);
543		543
544	return err;	544	return err;
@@ -739,7 +739,7 @@ static int add_uuid(struct sock sk, u16 index, unsigned char data, u16 len)
739	if (!hdev)	739	if (!hdev)
740	return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);	740	return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
741		741
742	hci_dev_lock(hdev);	742	hci_dev_lock_bh(hdev);
743		743
744	uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);	744	uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
745	if (!uuid) {	745	if (!uuid) {
@@ -763,7 +763,7 @@ static int add_uuid(struct sock sk, u16 index, unsigned char data, u16 len)
763	err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);	763	err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
764		764
765	failed:	765	failed:
766	hci_dev_unlock(hdev);	766	hci_dev_unlock_bh(hdev);
767	hci_dev_put(hdev);	767	hci_dev_put(hdev);
768		768
769	return err;	769	return err;
@@ -788,7 +788,7 @@ static int remove_uuid(struct sock sk, u16 index, unsigned char data, u16 len)
788	if (!hdev)	788	if (!hdev)
789	return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);	789	return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
790		790
791	hci_dev_lock(hdev);	791	hci_dev_lock_bh(hdev);
792		792
793	if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {	793	if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
794	err = hci_uuids_clear(hdev);	794	err = hci_uuids_clear(hdev);
@@ -823,7 +823,7 @@ static int remove_uuid(struct sock sk, u16 index, unsigned char data, u16 len)
823	err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);	823	err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
824		824
825	unlock:	825	unlock:
826	hci_dev_unlock(hdev);	826	hci_dev_unlock_bh(hdev);
827	hci_dev_put(hdev);	827	hci_dev_put(hdev);
828		828
829	return err;	829	return err;
@@ -847,7 +847,7 @@ static int set_dev_class(struct sock sk, u16 index, unsigned char data,
847	if (!hdev)	847	if (!hdev)
848	return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);	848	return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
849		849
850	hci_dev_lock(hdev);	850	hci_dev_lock_bh(hdev);
851		851
852	hdev->major_class = cp->major;	852	hdev->major_class = cp->major;
853	hdev->minor_class = cp->minor;	853	hdev->minor_class = cp->minor;
@@ -857,7 +857,7 @@ static int set_dev_class(struct sock sk, u16 index, unsigned char data,
857	if (err == 0)	857	if (err == 0)
858	err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);	858	err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
859		859
860	hci_dev_unlock(hdev);	860	hci_dev_unlock_bh(hdev);
861	hci_dev_put(hdev);	861	hci_dev_put(hdev);
862		862
863	return err;	863	return err;
@@ -879,7 +879,7 @@ static int set_service_cache(struct sock sk, u16 index, unsigned char data,
879	if (!hdev)	879	if (!hdev)
880	return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);	880	return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
881		881
882	hci_dev_lock(hdev);	882	hci_dev_lock_bh(hdev);
883		883
884	BT_DBG("hci%u enable %d", index, cp->enable);	884	BT_DBG("hci%u enable %d", index, cp->enable);
885		885
@@ -897,7 +897,7 @@ static int set_service_cache(struct sock sk, u16 index, unsigned char data,
897	err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,	897	err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
898	0);	898	0);
899		899
900	hci_dev_unlock(hdev);	900	hci_dev_unlock_bh(hdev);
901	hci_dev_put(hdev);	901	hci_dev_put(hdev);
902		902
903	return err;	903	return err;
@@ -931,7 +931,7 @@ static int load_keys(struct sock sk, u16 index, unsigned char data, u16 len)
931	BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,	931	BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
932	key_count);	932	key_count);
933		933
934	hci_dev_lock(hdev);	934	hci_dev_lock_bh(hdev);
935		935
936	hci_link_keys_clear(hdev);	936	hci_link_keys_clear(hdev);
937		937
@@ -949,7 +949,7 @@ static int load_keys(struct sock sk, u16 index, unsigned char data, u16 len)
949	key->pin_len);	949	key->pin_len);
950	}	950	}
951		951
952	hci_dev_unlock(hdev);	952	hci_dev_unlock_bh(hdev);
953	hci_dev_put(hdev);	953	hci_dev_put(hdev);
954		954
955	return 0;	955	return 0;
@@ -971,7 +971,7 @@ static int remove_key(struct sock sk, u16 index, unsigned char data, u16 len)
971	if (!hdev)	971	if (!hdev)
972	return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);	972	return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);
973		973
974	hci_dev_lock(hdev);	974	hci_dev_lock_bh(hdev);
975		975
976	err = hci_remove_link_key(hdev, &cp->bdaddr);	976	err = hci_remove_link_key(hdev, &cp->bdaddr);
977	if (err < 0) {	977	if (err < 0) {
@@ -994,7 +994,7 @@ static int remove_key(struct sock sk, u16 index, unsigned char data, u16 len)
994	}	994	}
995		995
996	unlock:	996	unlock:
997	hci_dev_unlock(hdev);	997	hci_dev_unlock_bh(hdev);
998	hci_dev_put(hdev);	998	hci_dev_put(hdev);
999		999
1000	return err;	1000	return err;
@@ -1020,7 +1020,7 @@ static int disconnect(struct sock sk, u16 index, unsigned char data, u16 len)
1020	if (!hdev)	1020	if (!hdev)
1021	return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);	1021	return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1022		1022
1023	hci_dev_lock(hdev);	1023	hci_dev_lock_bh(hdev);
1024		1024
1025	if (!test_bit(HCI_UP, &hdev->flags)) {	1025	if (!test_bit(HCI_UP, &hdev->flags)) {
1026	err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);	1026	err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
@@ -1055,7 +1055,7 @@ static int disconnect(struct sock sk, u16 index, unsigned char data, u16 len)
1055	mgmt_pending_remove(cmd);	1055	mgmt_pending_remove(cmd);
1056		1056
1057	failed:	1057	failed:
1058	hci_dev_unlock(hdev);	1058	hci_dev_unlock_bh(hdev);
1059	hci_dev_put(hdev);	1059	hci_dev_put(hdev);
1060		1060
1061	return err;	1061	return err;
@@ -1076,7 +1076,7 @@ static int get_connections(struct sock *sk, u16 index)
1076	if (!hdev)	1076	if (!hdev)
1077	return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);	1077	return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1078		1078
1079	hci_dev_lock(hdev);	1079	hci_dev_lock_bh(hdev);
1080		1080
1081	count = 0;	1081	count = 0;
1082	list_for_each(p, &hdev->conn_hash.list) {	1082	list_for_each(p, &hdev->conn_hash.list) {
@@ -1103,7 +1103,7 @@ static int get_connections(struct sock *sk, u16 index)
1103		1103
1104	unlock:	1104	unlock:
1105	kfree(rp);	1105	kfree(rp);
1106	hci_dev_unlock(hdev);	1106	hci_dev_unlock_bh(hdev);
1107	hci_dev_put(hdev);	1107	hci_dev_put(hdev);
1108	return err;	1108	return err;
1109	}	1109	}
@@ -1149,7 +1149,7 @@ static int pin_code_reply(struct sock sk, u16 index, unsigned char data,
1149	if (!hdev)	1149	if (!hdev)
1150	return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);	1150	return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1151		1151
1152	hci_dev_lock(hdev);	1152	hci_dev_lock_bh(hdev);
1153		1153
1154	if (!test_bit(HCI_UP, &hdev->flags)) {	1154	if (!test_bit(HCI_UP, &hdev->flags)) {
1155	err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);	1155	err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
@@ -1190,7 +1190,7 @@ static int pin_code_reply(struct sock sk, u16 index, unsigned char data,
1190	mgmt_pending_remove(cmd);	1190	mgmt_pending_remove(cmd);
1191		1191
1192	failed:	1192	failed:
1193	hci_dev_unlock(hdev);	1193	hci_dev_unlock_bh(hdev);
1194	hci_dev_put(hdev);	1194	hci_dev_put(hdev);
1195		1195
1196	return err;	1196	return err;
@@ -1216,7 +1216,7 @@ static int pin_code_neg_reply(struct sock sk, u16 index, unsigned char data,
1216	return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,	1216	return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1217	ENODEV);	1217	ENODEV);
1218		1218
1219	hci_dev_lock(hdev);	1219	hci_dev_lock_bh(hdev);
1220		1220
1221	if (!test_bit(HCI_UP, &hdev->flags)) {	1221	if (!test_bit(HCI_UP, &hdev->flags)) {
1222	err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,	1222	err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
@@ -1227,7 +1227,7 @@ static int pin_code_neg_reply(struct sock sk, u16 index, unsigned char data,
1227	err = send_pin_code_neg_reply(sk, index, hdev, cp);	1227	err = send_pin_code_neg_reply(sk, index, hdev, cp);
1228		1228
1229	failed:	1229	failed:
1230	hci_dev_unlock(hdev);	1230	hci_dev_unlock_bh(hdev);
1231	hci_dev_put(hdev);	1231	hci_dev_put(hdev);
1232		1232
1233	return err;	1233	return err;
@@ -1250,14 +1250,14 @@ static int set_io_capability(struct sock sk, u16 index, unsigned char data,
1250	if (!hdev)	1250	if (!hdev)
1251	return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);	1251	return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1252		1252
1253	hci_dev_lock(hdev);	1253	hci_dev_lock_bh(hdev);
1254		1254
1255	hdev->io_capability = cp->io_capability;	1255	hdev->io_capability = cp->io_capability;
1256		1256
1257	BT_DBG("%s IO capability set to 0x%02x", hdev->name,	1257	BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1258	hdev->io_capability);	1258	hdev->io_capability);
1259		1259
1260	hci_dev_unlock(hdev);	1260	hci_dev_unlock_bh(hdev);
1261	hci_dev_put(hdev);	1261	hci_dev_put(hdev);
1262		1262
1263	return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);	1263	return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
@@ -1343,7 +1343,7 @@ static int pair_device(struct sock sk, u16 index, unsigned char data, u16 len)
1343	if (!hdev)	1343	if (!hdev)
1344	return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);	1344	return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1345		1345
1346	hci_dev_lock(hdev);	1346	hci_dev_lock_bh(hdev);
1347		1347
1348	if (cp->io_cap == 0x03) {	1348	if (cp->io_cap == 0x03) {
1349	sec_level = BT_SECURITY_MEDIUM;	1349	sec_level = BT_SECURITY_MEDIUM;
@@ -1385,7 +1385,7 @@ static int pair_device(struct sock sk, u16 index, unsigned char data, u16 len)
1385	err = 0;	1385	err = 0;
1386		1386
1387	unlock:	1387	unlock:
1388	hci_dev_unlock(hdev);	1388	hci_dev_unlock_bh(hdev);
1389	hci_dev_put(hdev);	1389	hci_dev_put(hdev);
1390		1390
1391	return err;	1391	return err;
@@ -1417,7 +1417,7 @@ static int user_confirm_reply(struct sock sk, u16 index, unsigned char data,
1417	if (!hdev)	1417	if (!hdev)
1418	return cmd_status(sk, index, mgmt_op, ENODEV);	1418	return cmd_status(sk, index, mgmt_op, ENODEV);
1419		1419
1420	hci_dev_lock(hdev);	1420	hci_dev_lock_bh(hdev);
1421		1421
1422	if (!test_bit(HCI_UP, &hdev->flags)) {	1422	if (!test_bit(HCI_UP, &hdev->flags)) {
1423	err = cmd_status(sk, index, mgmt_op, ENETDOWN);	1423	err = cmd_status(sk, index, mgmt_op, ENETDOWN);
@@ -1435,7 +1435,7 @@ static int user_confirm_reply(struct sock sk, u16 index, unsigned char data,
1435	mgmt_pending_remove(cmd);	1435	mgmt_pending_remove(cmd);
1436		1436
1437	failed:	1437	failed:
1438	hci_dev_unlock(hdev);	1438	hci_dev_unlock_bh(hdev);
1439	hci_dev_put(hdev);	1439	hci_dev_put(hdev);
1440		1440
1441	return err;	1441	return err;
@@ -1459,7 +1459,7 @@ static int set_local_name(struct sock sk, u16 index, unsigned char data,
1459	if (!hdev)	1459	if (!hdev)
1460	return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);	1460	return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1461		1461
1462	hci_dev_lock(hdev);	1462	hci_dev_lock_bh(hdev);
1463		1463
1464	cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len);	1464	cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len);
1465	if (!cmd) {	1465	if (!cmd) {
@@ -1474,7 +1474,7 @@ static int set_local_name(struct sock sk, u16 index, unsigned char data,
1474	mgmt_pending_remove(cmd);	1474	mgmt_pending_remove(cmd);
1475		1475
1476	failed:	1476	failed:
1477	hci_dev_unlock(hdev);	1477	hci_dev_unlock_bh(hdev);
1478	hci_dev_put(hdev);	1478	hci_dev_put(hdev);
1479		1479
1480	return err;	1480	return err;
@@ -1493,7 +1493,7 @@ static int read_local_oob_data(struct sock *sk, u16 index)
1493	return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,	1493	return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1494	ENODEV);	1494	ENODEV);
1495		1495
1496	hci_dev_lock(hdev);	1496	hci_dev_lock_bh(hdev);
1497		1497
1498	if (!test_bit(HCI_UP, &hdev->flags)) {	1498	if (!test_bit(HCI_UP, &hdev->flags)) {
1499	err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,	1499	err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
@@ -1523,7 +1523,7 @@ static int read_local_oob_data(struct sock *sk, u16 index)
1523	mgmt_pending_remove(cmd);	1523	mgmt_pending_remove(cmd);
1524		1524
1525	unlock:	1525	unlock:
1526	hci_dev_unlock(hdev);	1526	hci_dev_unlock_bh(hdev);
1527	hci_dev_put(hdev);	1527	hci_dev_put(hdev);
1528		1528
1529	return err;	1529	return err;
@@ -1547,7 +1547,7 @@ static int add_remote_oob_data(struct sock sk, u16 index, unsigned char data,
1547	return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,	1547	return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1548	ENODEV);	1548	ENODEV);
1549		1549
1550	hci_dev_lock(hdev);	1550	hci_dev_lock_bh(hdev);
1551		1551
1552	err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,	1552	err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1553	cp->randomizer);	1553	cp->randomizer);
@@ -1557,7 +1557,7 @@ static int add_remote_oob_data(struct sock sk, u16 index, unsigned char data,
1557	err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,	1557	err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1558	0);	1558	0);
1559		1559
1560	hci_dev_unlock(hdev);	1560	hci_dev_unlock_bh(hdev);
1561	hci_dev_put(hdev);	1561	hci_dev_put(hdev);
1562		1562
1563	return err;	1563	return err;
@@ -1581,7 +1581,7 @@ static int remove_remote_oob_data(struct sock *sk, u16 index,
1581	return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,	1581	return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1582	ENODEV);	1582	ENODEV);
1583		1583
1584	hci_dev_lock(hdev);	1584	hci_dev_lock_bh(hdev);
1585		1585
1586	err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);	1586	err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1587	if (err < 0)	1587	if (err < 0)
@@ -1591,7 +1591,7 @@ static int remove_remote_oob_data(struct sock *sk, u16 index,
1591	err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,	1591	err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1592	NULL, 0);	1592	NULL, 0);
1593		1593
1594	hci_dev_unlock(hdev);	1594	hci_dev_unlock_bh(hdev);
1595	hci_dev_put(hdev);	1595	hci_dev_put(hdev);
1596		1596
1597	return err;	1597	return err;