Bluetooth: Revert to mutexes from RCU list

Usage of RCU list looks not reasonalbe for a number of reasons: our code sleep and we had to use socket spinlocks. Most parts of code are updaters thus there is little sense to use RCU. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Reviewed-by: Ulisses Furquim <ulisses@profusion.mobi> Acked-by: Gustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
author: Andrei Emeltchenko <andrei.emeltchenko@intel.com> 2012-02-21 05:54:55 -0500
committer: Johan Hedberg <johan.hedberg@intel.com> 2012-02-23 06:06:57 -0500
commit: 3df91ea20e744344100b10ae69a17211fcf5b207 (patch)
tree: e238acaf376266331985debc4a5a76c4e2636209
parent: 1b009c982482ee0e4cbabcd9bdae690a29119ede (diff)
2 files changed, 109 insertions, 67 deletions
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 63539f940572..8e8e9e93fb34 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -77,36 +77,24 @@ static void l2cap_send_disconn_req(struct l2cap_conn *conn,
 static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
 {
-        struct l2cap_chan *c, *r = NULL;
+        struct l2cap_chan *c;
-        rcu_read_lock();
-        list_for_each_entry_rcu(c, &conn->chan_l, list) {
+        list_for_each_entry(c, &conn->chan_l, list) {
-                if (c->dcid == cid) {
+                if (c->dcid == cid)
-                        r = c;
+                        return c;
-                        break;
-                }
        }
+        return NULL;
-        rcu_read_unlock();
-        return r;
 }
 static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
 {
-        struct l2cap_chan *c, *r = NULL;
+        struct l2cap_chan *c;
-        rcu_read_lock();
-        list_for_each_entry_rcu(c, &conn->chan_l, list) {
+        list_for_each_entry(c, &conn->chan_l, list) {
-                if (c->scid == cid) {
+                if (c->scid == cid)
-                        r = c;
+                        return c;
-                        break;
-                }
        }
+        return NULL;
-        rcu_read_unlock();
-        return r;
 }
 /* Find channel with given SCID.
@@ -115,36 +103,32 @@ static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 ci
 {
        struct l2cap_chan *c;
+        mutex_lock(&conn->chan_lock);
        c = __l2cap_get_chan_by_scid(conn, cid);
-        if (c)
+        mutex_unlock(&conn->chan_lock);
-                lock_sock(c->sk);
        return c;
 }
 static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
 {
-        struct l2cap_chan *c, *r = NULL;
+        struct l2cap_chan *c;
-        rcu_read_lock();
-        list_for_each_entry_rcu(c, &conn->chan_l, list) {
+        list_for_each_entry(c, &conn->chan_l, list) {
-                if (c->ident == ident) {
+                if (c->ident == ident)
-                        r = c;
+                        return c;
-                        break;
-                }
        }
+        return NULL;
-        rcu_read_unlock();
-        return r;
 }
 static inline struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
 {
        struct l2cap_chan *c;
+        mutex_lock(&conn->chan_lock);
        c = __l2cap_get_chan_by_ident(conn, ident);
-        if (c)
+        mutex_unlock(&conn->chan_lock);
-                lock_sock(c->sk);
        return c;
 }
@@ -228,11 +212,13 @@ static void l2cap_chan_timeout(struct work_struct *work)
 {
        struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
                                                        chan_timer.work);
+        struct l2cap_conn *conn = chan->conn;
        struct sock *sk = chan->sk;
        int reason;
        BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
+        mutex_lock(&conn->chan_lock);
        lock_sock(sk);
        if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
@@ -248,6 +234,8 @@ static void l2cap_chan_timeout(struct work_struct *work)
        release_sock(sk);
        chan->ops->close(chan->data);
+        mutex_unlock(&conn->chan_lock);
        l2cap_chan_put(chan);
 }
@@ -331,7 +319,9 @@ static void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
        l2cap_chan_hold(chan);
-        list_add_rcu(&chan->list, &conn->chan_l);
+        mutex_lock(&conn->chan_lock);
+        list_add(&chan->list, &conn->chan_l);
+        mutex_unlock(&conn->chan_lock);
 }
 /* Delete channel.
@@ -348,8 +338,7 @@ static void l2cap_chan_del(struct l2cap_chan *chan, int err)
        if (conn) {
                /* Delete from channel list */
-                list_del_rcu(&chan->list);
+                list_del(&chan->list);
-                synchronize_rcu();
                l2cap_chan_put(chan);
@@ -400,10 +389,12 @@ static void l2cap_chan_cleanup_listen(struct sock *parent)
        /* Close not yet accepted channels */
        while ((sk = bt_accept_dequeue(parent, NULL))) {
                struct l2cap_chan *chan = l2cap_pi(sk)->chan;
                __clear_chan_timer(chan);
                lock_sock(sk);
                l2cap_chan_close(chan, ECONNRESET);
                release_sock(sk);
                chan->ops->close(chan->data);
        }
 }
@@ -718,13 +709,13 @@ static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *c
 /* ---- L2CAP connections ---- */
 static void l2cap_conn_start(struct l2cap_conn *conn)
 {
-        struct l2cap_chan *chan;
+        struct l2cap_chan *chan, *tmp;
        BT_DBG("conn %p", conn);
-        rcu_read_lock();
+        mutex_lock(&conn->chan_lock);
-        list_for_each_entry_rcu(chan, &conn->chan_l, list) {
+        list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
                struct sock *sk = chan->sk;
                bh_lock_sock(sk);
@@ -804,7 +795,7 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
                bh_unlock_sock(sk);
        }
-        rcu_read_unlock();
+        mutex_unlock(&conn->chan_lock);
 }
 /* Find socket with cid and source bdaddr.
@@ -916,9 +907,9 @@ static void l2cap_conn_ready(struct l2cap_conn *conn)
        if (conn->hcon->out && conn->hcon->type == LE_LINK)
                smp_conn_security(conn, conn->hcon->pending_sec_level);
-        rcu_read_lock();
+        mutex_lock(&conn->chan_lock);
-        list_for_each_entry_rcu(chan, &conn->chan_l, list) {
+        list_for_each_entry(chan, &conn->chan_l, list) {
                struct sock *sk = chan->sk;
                bh_lock_sock(sk);
@@ -938,7 +929,7 @@ static void l2cap_conn_ready(struct l2cap_conn *conn)
                bh_unlock_sock(sk);
        }
-        rcu_read_unlock();
+        mutex_unlock(&conn->chan_lock);
 }
 /* Notify sockets that we cannot guaranty reliability anymore */
@@ -948,16 +939,16 @@ static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
        BT_DBG("conn %p", conn);
-        rcu_read_lock();
+        mutex_lock(&conn->chan_lock);
-        list_for_each_entry_rcu(chan, &conn->chan_l, list) {
+        list_for_each_entry(chan, &conn->chan_l, list) {
                struct sock *sk = chan->sk;
                if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
                        sk->sk_err = err;
        }
-        rcu_read_unlock();
+        mutex_unlock(&conn->chan_lock);
 }
 static void l2cap_info_timeout(struct work_struct *work)
@@ -984,6 +975,8 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
        kfree_skb(conn->rx_skb);
+        mutex_lock(&conn->chan_lock);
        /* Kill channels */
        list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
                sk = chan->sk;
@@ -993,6 +986,8 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
                chan->ops->close(chan->data);
        }
+        mutex_unlock(&conn->chan_lock);
        hci_chan_del(conn->hchan);
        if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
@@ -1050,6 +1045,7 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
        conn->feat_mask = 0;
        spin_lock_init(&conn->lock);
+        mutex_init(&conn->chan_lock);
        INIT_LIST_HEAD(&conn->chan_l);
@@ -1792,9 +1788,9 @@ static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
        BT_DBG("conn %p", conn);
-        rcu_read_lock();
+        mutex_lock(&conn->chan_lock);
-        list_for_each_entry_rcu(chan, &conn->chan_l, list) {
+        list_for_each_entry(chan, &conn->chan_l, list) {
                struct sock *sk = chan->sk;
                if (chan->chan_type != L2CAP_CHAN_RAW)
                        continue;
@@ -1810,7 +1806,7 @@ static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
                        kfree_skb(nskb);
        }
-        rcu_read_unlock();
+        mutex_unlock(&conn->chan_lock);
 }
 /* ---- L2CAP signalling commands ---- */
@@ -2600,6 +2596,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
        parent = pchan->sk;
+        mutex_lock(&conn->chan_lock);
        lock_sock(parent);
        /* Check if the ACL is secure enough (if not SDP) */
@@ -2673,6 +2670,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
 response:
        release_sock(parent);
+        mutex_unlock(&conn->chan_lock);
 sendresp:
        rsp.scid   = cpu_to_le16(scid);
@@ -2714,6 +2712,7 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
        struct l2cap_chan *chan;
        struct sock *sk;
        u8 req[128];
+        int err;
        scid   = __le16_to_cpu(rsp->scid);
        dcid   = __le16_to_cpu(rsp->dcid);
@@ -2723,17 +2722,26 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
        BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x",
                                                dcid, scid, result, status);
+        mutex_lock(&conn->chan_lock);
        if (scid) {
-                chan = l2cap_get_chan_by_scid(conn, scid);
+                chan = __l2cap_get_chan_by_scid(conn, scid);
-                if (!chan)
+                if (!chan) {
-                        return -EFAULT;
+                        err = -EFAULT;
+                        goto unlock;
+                }
        } else {
-                chan = l2cap_get_chan_by_ident(conn, cmd->ident);
+                chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
-                if (!chan)
+                if (!chan) {
-                        return -EFAULT;
+                        err = -EFAULT;
+                        goto unlock;
+                }
        }
+        err = 0;
        sk = chan->sk;
+        lock_sock(sk);
        switch (result) {
        case L2CAP_CR_SUCCESS:
@@ -2760,7 +2768,11 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
        }
        release_sock(sk);
-        return 0;
+unlock:
+        mutex_unlock(&conn->chan_lock);
+        return err;
 }
 static inline void set_default_fcs(struct l2cap_chan *chan)
@@ -2793,6 +2805,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
                return -ENOENT;
        sk = chan->sk;
+        lock_sock(sk);
        if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) {
                struct l2cap_cmd_rej_cid rej;
@@ -2905,6 +2918,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
                return 0;
        sk = chan->sk;
+        lock_sock(sk);
        switch (result) {
        case L2CAP_CONF_SUCCESS:
@@ -3006,11 +3020,16 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
        BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
-        chan = l2cap_get_chan_by_scid(conn, dcid);
+        mutex_lock(&conn->chan_lock);
-        if (!chan)
+        chan = __l2cap_get_chan_by_scid(conn, dcid);
+        if (!chan) {
+                mutex_unlock(&conn->chan_lock);
                return 0;
+        }
        sk = chan->sk;
+        lock_sock(sk);
        rsp.dcid = cpu_to_le16(chan->scid);
        rsp.scid = cpu_to_le16(chan->dcid);
@@ -3022,6 +3041,9 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
        release_sock(sk);
        chan->ops->close(chan->data);
+        mutex_unlock(&conn->chan_lock);
        return 0;
 }
@@ -3037,16 +3059,24 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
        BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
-        chan = l2cap_get_chan_by_scid(conn, scid);
+        mutex_lock(&conn->chan_lock);
-        if (!chan)
+        chan = __l2cap_get_chan_by_scid(conn, scid);
+        if (!chan) {
+                mutex_unlock(&conn->chan_lock);
                return 0;
+        }
        sk = chan->sk;
+        lock_sock(sk);
        l2cap_chan_del(chan, 0);
        release_sock(sk);
        chan->ops->close(chan->data);
+        mutex_unlock(&conn->chan_lock);
        return 0;
 }
@@ -4205,6 +4235,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
        }
        sk = chan->sk;
+        lock_sock(sk);
        BT_DBG("chan %p, len %d", chan, skb->len);
@@ -4492,9 +4523,9 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
                cancel_delayed_work(&conn->security_timer);
        }
-        rcu_read_lock();
+        mutex_lock(&conn->chan_lock);
-        list_for_each_entry_rcu(chan, &conn->chan_l, list) {
+        list_for_each_entry(chan, &conn->chan_l, list) {
                struct sock *sk = chan->sk;
                bh_lock_sock(sk);
@@ -4574,7 +4605,7 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
                bh_unlock_sock(sk);
        }
-        rcu_read_unlock();
+        mutex_unlock(&conn->chan_lock);
        return 0;
 }
@@ -4635,6 +4666,7 @@ int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
                if (chan && chan->sk) {
                        struct sock *sk = chan->sk;
+                        lock_sock(sk);
                        if (chan->imtu < len - L2CAP_HDR_SIZE) {
                                BT_ERR("Frame exceeding recv MTU (len %d, "
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index b48d6c1b9db6..1273fcbeec28 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -796,6 +796,7 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
 {
        struct sock *sk = sock->sk;
        struct l2cap_chan *chan;
+        struct l2cap_conn *conn;
        int err = 0;
        BT_DBG("sock %p, sk %p", sock, sk);
@@ -804,6 +805,10 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
                return 0;
        chan = l2cap_pi(sk)->chan;
+        conn = chan->conn;
+        if (conn)
+                mutex_lock(&conn->chan_lock);
        lock_sock(sk);
        if (!sk->sk_shutdown) {
@@ -811,6 +816,7 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
                        err = __l2cap_wait_ack(sk);
                sk->sk_shutdown = SHUTDOWN_MASK;
                l2cap_chan_close(chan, 0);
                if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
@@ -822,6 +828,10 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
                err = -sk->sk_err;
        release_sock(sk);
+        if (conn)
+                mutex_unlock(&conn->chan_lock);
        return err;
 }
author	Andrei Emeltchenko <andrei.emeltchenko@intel.com>	2012-02-21 05:54:55 -0500
committer	Johan Hedberg <johan.hedberg@intel.com>	2012-02-23 06:06:57 -0500
commit	3df91ea20e744344100b10ae69a17211fcf5b207 (patch)
tree	e238acaf376266331985debc4a5a76c4e2636209
parent	1b009c982482ee0e4cbabcd9bdae690a29119ede (diff)

diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 63539f940572..8e8e9e93fb34 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c
@@ -77,36 +77,24 @@ static void l2cap_send_disconn_req(struct l2cap_conn *conn,
77		77
78	static struct l2cap_chan __l2cap_get_chan_by_dcid(struct l2cap_conn conn, u16 cid)	78	static struct l2cap_chan __l2cap_get_chan_by_dcid(struct l2cap_conn conn, u16 cid)
79	{	79	{
80	struct l2cap_chan c, r = NULL;	80	struct l2cap_chan *c;
81
82	rcu_read_lock();
83		81
84	list_for_each_entry_rcu(c, &conn->chan_l, list) {	82	list_for_each_entry(c, &conn->chan_l, list) {
85	if (c->dcid == cid) {	83	if (c->dcid == cid)
86	r = c;	84	return c;
87	break;
88	}
89	}	85	}
90		86	return NULL;
91	rcu_read_unlock();
92	return r;
93	}	87	}
94		88
95	static struct l2cap_chan __l2cap_get_chan_by_scid(struct l2cap_conn conn, u16 cid)	89	static struct l2cap_chan __l2cap_get_chan_by_scid(struct l2cap_conn conn, u16 cid)
96	{	90	{
97	struct l2cap_chan c, r = NULL;	91	struct l2cap_chan *c;
98
99	rcu_read_lock();
100		92
101	list_for_each_entry_rcu(c, &conn->chan_l, list) {	93	list_for_each_entry(c, &conn->chan_l, list) {
102	if (c->scid == cid) {	94	if (c->scid == cid)
103	r = c;	95	return c;
104	break;
105	}
106	}	96	}
107		97	return NULL;
108	rcu_read_unlock();
109	return r;
110	}	98	}
111		99
112	/* Find channel with given SCID.	100	/* Find channel with given SCID.
@@ -115,36 +103,32 @@ static struct l2cap_chan l2cap_get_chan_by_scid(struct l2cap_conn conn, u16 ci
115	{	103	{
116	struct l2cap_chan *c;	104	struct l2cap_chan *c;
117		105
		106	mutex_lock(&conn->chan_lock);
118	c = __l2cap_get_chan_by_scid(conn, cid);	107	c = __l2cap_get_chan_by_scid(conn, cid);
119	if (c)	108	mutex_unlock(&conn->chan_lock);
120	lock_sock(c->sk);	109
121	return c;	110	return c;
122	}	111	}
123		112
124	static struct l2cap_chan __l2cap_get_chan_by_ident(struct l2cap_conn conn, u8 ident)	113	static struct l2cap_chan __l2cap_get_chan_by_ident(struct l2cap_conn conn, u8 ident)
125	{	114	{
126	struct l2cap_chan c, r = NULL;	115	struct l2cap_chan *c;
127
128	rcu_read_lock();
129		116
130	list_for_each_entry_rcu(c, &conn->chan_l, list) {	117	list_for_each_entry(c, &conn->chan_l, list) {
131	if (c->ident == ident) {	118	if (c->ident == ident)
132	r = c;	119	return c;
133	break;
134	}
135	}	120	}
136		121	return NULL;
137	rcu_read_unlock();
138	return r;
139	}	122	}
140		123
141	static inline struct l2cap_chan l2cap_get_chan_by_ident(struct l2cap_conn conn, u8 ident)	124	static inline struct l2cap_chan l2cap_get_chan_by_ident(struct l2cap_conn conn, u8 ident)
142	{	125	{
143	struct l2cap_chan *c;	126	struct l2cap_chan *c;
144		127
		128	mutex_lock(&conn->chan_lock);
145	c = __l2cap_get_chan_by_ident(conn, ident);	129	c = __l2cap_get_chan_by_ident(conn, ident);
146	if (c)	130	mutex_unlock(&conn->chan_lock);
147	lock_sock(c->sk);	131
148	return c;	132	return c;
149	}	133	}
150		134
@@ -228,11 +212,13 @@ static void l2cap_chan_timeout(struct work_struct *work)
228	{	212	{
229	struct l2cap_chan *chan = container_of(work, struct l2cap_chan,	213	struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
230	chan_timer.work);	214	chan_timer.work);
		215	struct l2cap_conn *conn = chan->conn;
231	struct sock *sk = chan->sk;	216	struct sock *sk = chan->sk;
232	int reason;	217	int reason;
233		218
234	BT_DBG("chan %p state %s", chan, state_to_string(chan->state));	219	BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
235		220
		221	mutex_lock(&conn->chan_lock);
236	lock_sock(sk);	222	lock_sock(sk);
237		223
238	if (chan->state == BT_CONNECTED \|\| chan->state == BT_CONFIG)	224	if (chan->state == BT_CONNECTED \|\| chan->state == BT_CONFIG)
@@ -248,6 +234,8 @@ static void l2cap_chan_timeout(struct work_struct *work)
248	release_sock(sk);	234	release_sock(sk);
249		235
250	chan->ops->close(chan->data);	236	chan->ops->close(chan->data);
		237	mutex_unlock(&conn->chan_lock);
		238
251	l2cap_chan_put(chan);	239	l2cap_chan_put(chan);
252	}	240	}
253		241
@@ -331,7 +319,9 @@ static void l2cap_chan_add(struct l2cap_conn conn, struct l2cap_chan chan)
331		319
332	l2cap_chan_hold(chan);	320	l2cap_chan_hold(chan);
333		321
334	list_add_rcu(&chan->list, &conn->chan_l);	322	mutex_lock(&conn->chan_lock);
		323	list_add(&chan->list, &conn->chan_l);
		324	mutex_unlock(&conn->chan_lock);
335	}	325	}
336		326
337	/* Delete channel.	327	/* Delete channel.
@@ -348,8 +338,7 @@ static void l2cap_chan_del(struct l2cap_chan *chan, int err)
348		338
349	if (conn) {	339	if (conn) {
350	/* Delete from channel list */	340	/* Delete from channel list */
351	list_del_rcu(&chan->list);	341	list_del(&chan->list);
352	synchronize_rcu();
353		342
354	l2cap_chan_put(chan);	343	l2cap_chan_put(chan);
355		344
@@ -400,10 +389,12 @@ static void l2cap_chan_cleanup_listen(struct sock *parent)
400	/* Close not yet accepted channels */	389	/* Close not yet accepted channels */
401	while ((sk = bt_accept_dequeue(parent, NULL))) {	390	while ((sk = bt_accept_dequeue(parent, NULL))) {
402	struct l2cap_chan *chan = l2cap_pi(sk)->chan;	391	struct l2cap_chan *chan = l2cap_pi(sk)->chan;
		392
403	__clear_chan_timer(chan);	393	__clear_chan_timer(chan);
404	lock_sock(sk);	394	lock_sock(sk);
405	l2cap_chan_close(chan, ECONNRESET);	395	l2cap_chan_close(chan, ECONNRESET);
406	release_sock(sk);	396	release_sock(sk);
		397
407	chan->ops->close(chan->data);	398	chan->ops->close(chan->data);
408	}	399	}
409	}	400	}
@@ -718,13 +709,13 @@ static void l2cap_send_disconn_req(struct l2cap_conn conn, struct l2cap_chan c
718	/* ---- L2CAP connections ---- */	709	/* ---- L2CAP connections ---- */
719	static void l2cap_conn_start(struct l2cap_conn *conn)	710	static void l2cap_conn_start(struct l2cap_conn *conn)
720	{	711	{
721	struct l2cap_chan *chan;	712	struct l2cap_chan chan, tmp;
722		713
723	BT_DBG("conn %p", conn);	714	BT_DBG("conn %p", conn);
724		715
725	rcu_read_lock();	716	mutex_lock(&conn->chan_lock);
726		717
727	list_for_each_entry_rcu(chan, &conn->chan_l, list) {	718	list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
728	struct sock *sk = chan->sk;	719	struct sock *sk = chan->sk;
729		720
730	bh_lock_sock(sk);	721	bh_lock_sock(sk);
@@ -804,7 +795,7 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
804	bh_unlock_sock(sk);	795	bh_unlock_sock(sk);
805	}	796	}
806		797
807	rcu_read_unlock();	798	mutex_unlock(&conn->chan_lock);
808	}	799	}
809		800
810	/* Find socket with cid and source bdaddr.	801	/* Find socket with cid and source bdaddr.
@@ -916,9 +907,9 @@ static void l2cap_conn_ready(struct l2cap_conn *conn)
916	if (conn->hcon->out && conn->hcon->type == LE_LINK)	907	if (conn->hcon->out && conn->hcon->type == LE_LINK)
917	smp_conn_security(conn, conn->hcon->pending_sec_level);	908	smp_conn_security(conn, conn->hcon->pending_sec_level);
918		909
919	rcu_read_lock();	910	mutex_lock(&conn->chan_lock);
920		911
921	list_for_each_entry_rcu(chan, &conn->chan_l, list) {	912	list_for_each_entry(chan, &conn->chan_l, list) {
922	struct sock *sk = chan->sk;	913	struct sock *sk = chan->sk;
923		914
924	bh_lock_sock(sk);	915	bh_lock_sock(sk);
@@ -938,7 +929,7 @@ static void l2cap_conn_ready(struct l2cap_conn *conn)
938	bh_unlock_sock(sk);	929	bh_unlock_sock(sk);
939	}	930	}
940		931
941	rcu_read_unlock();	932	mutex_unlock(&conn->chan_lock);
942	}	933	}
943		934
944	/* Notify sockets that we cannot guaranty reliability anymore */	935	/* Notify sockets that we cannot guaranty reliability anymore */
@@ -948,16 +939,16 @@ static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
948		939
949	BT_DBG("conn %p", conn);	940	BT_DBG("conn %p", conn);
950		941
951	rcu_read_lock();	942	mutex_lock(&conn->chan_lock);
952		943
953	list_for_each_entry_rcu(chan, &conn->chan_l, list) {	944	list_for_each_entry(chan, &conn->chan_l, list) {
954	struct sock *sk = chan->sk;	945	struct sock *sk = chan->sk;
955		946
956	if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))	947	if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
957	sk->sk_err = err;	948	sk->sk_err = err;
958	}	949	}
959		950
960	rcu_read_unlock();	951	mutex_unlock(&conn->chan_lock);
961	}	952	}
962		953
963	static void l2cap_info_timeout(struct work_struct *work)	954	static void l2cap_info_timeout(struct work_struct *work)
@@ -984,6 +975,8 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
984		975
985	kfree_skb(conn->rx_skb);	976	kfree_skb(conn->rx_skb);
986		977
		978	mutex_lock(&conn->chan_lock);
		979
987	/* Kill channels */	980	/* Kill channels */
988	list_for_each_entry_safe(chan, l, &conn->chan_l, list) {	981	list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
989	sk = chan->sk;	982	sk = chan->sk;
@@ -993,6 +986,8 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
993	chan->ops->close(chan->data);	986	chan->ops->close(chan->data);
994	}	987	}
995		988
		989	mutex_unlock(&conn->chan_lock);
		990
996	hci_chan_del(conn->hchan);	991	hci_chan_del(conn->hchan);
997		992
998	if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)	993	if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
@@ -1050,6 +1045,7 @@ static struct l2cap_conn l2cap_conn_add(struct hci_conn hcon, u8 status)
1050	conn->feat_mask = 0;	1045	conn->feat_mask = 0;
1051		1046
1052	spin_lock_init(&conn->lock);	1047	spin_lock_init(&conn->lock);
		1048	mutex_init(&conn->chan_lock);
1053		1049
1054	INIT_LIST_HEAD(&conn->chan_l);	1050	INIT_LIST_HEAD(&conn->chan_l);
1055		1051
@@ -1792,9 +1788,9 @@ static void l2cap_raw_recv(struct l2cap_conn conn, struct sk_buff skb)
1792		1788
1793	BT_DBG("conn %p", conn);	1789	BT_DBG("conn %p", conn);
1794		1790
1795	rcu_read_lock();	1791	mutex_lock(&conn->chan_lock);
1796		1792
1797	list_for_each_entry_rcu(chan, &conn->chan_l, list) {	1793	list_for_each_entry(chan, &conn->chan_l, list) {
1798	struct sock *sk = chan->sk;	1794	struct sock *sk = chan->sk;
1799	if (chan->chan_type != L2CAP_CHAN_RAW)	1795	if (chan->chan_type != L2CAP_CHAN_RAW)
1800	continue;	1796	continue;
@@ -1810,7 +1806,7 @@ static void l2cap_raw_recv(struct l2cap_conn conn, struct sk_buff skb)
1810	kfree_skb(nskb);	1806	kfree_skb(nskb);
1811	}	1807	}
1812		1808
1813	rcu_read_unlock();	1809	mutex_unlock(&conn->chan_lock);
1814	}	1810	}
1815		1811
1816	/* ---- L2CAP signalling commands ---- */	1812	/* ---- L2CAP signalling commands ---- */
@@ -2600,6 +2596,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2600		2596
2601	parent = pchan->sk;	2597	parent = pchan->sk;
2602		2598
		2599	mutex_lock(&conn->chan_lock);
2603	lock_sock(parent);	2600	lock_sock(parent);
2604		2601
2605	/* Check if the ACL is secure enough (if not SDP) */	2602	/* Check if the ACL is secure enough (if not SDP) */
@@ -2673,6 +2670,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2673		2670
2674	response:	2671	response:
2675	release_sock(parent);	2672	release_sock(parent);
		2673	mutex_unlock(&conn->chan_lock);
2676		2674
2677	sendresp:	2675	sendresp:
2678	rsp.scid = cpu_to_le16(scid);	2676	rsp.scid = cpu_to_le16(scid);
@@ -2714,6 +2712,7 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2714	struct l2cap_chan *chan;	2712	struct l2cap_chan *chan;
2715	struct sock *sk;	2713	struct sock *sk;
2716	u8 req[128];	2714	u8 req[128];
		2715	int err;
2717		2716
2718	scid = __le16_to_cpu(rsp->scid);	2717	scid = __le16_to_cpu(rsp->scid);
2719	dcid = __le16_to_cpu(rsp->dcid);	2718	dcid = __le16_to_cpu(rsp->dcid);
@@ -2723,17 +2722,26 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2723	BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x",	2722	BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x",
2724	dcid, scid, result, status);	2723	dcid, scid, result, status);
2725		2724
		2725	mutex_lock(&conn->chan_lock);
		2726
2726	if (scid) {	2727	if (scid) {
2727	chan = l2cap_get_chan_by_scid(conn, scid);	2728	chan = __l2cap_get_chan_by_scid(conn, scid);
2728	if (!chan)	2729	if (!chan) {
2729	return -EFAULT;	2730	err = -EFAULT;
		2731	goto unlock;
		2732	}
2730	} else {	2733	} else {
2731	chan = l2cap_get_chan_by_ident(conn, cmd->ident);	2734	chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
2732	if (!chan)	2735	if (!chan) {
2733	return -EFAULT;	2736	err = -EFAULT;
		2737	goto unlock;
		2738	}
2734	}	2739	}
2735		2740
		2741	err = 0;
		2742
2736	sk = chan->sk;	2743	sk = chan->sk;
		2744	lock_sock(sk);
2737		2745
2738	switch (result) {	2746	switch (result) {
2739	case L2CAP_CR_SUCCESS:	2747	case L2CAP_CR_SUCCESS:
@@ -2760,7 +2768,11 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2760	}	2768	}
2761		2769
2762	release_sock(sk);	2770	release_sock(sk);
2763	return 0;	2771
		2772	unlock:
		2773	mutex_unlock(&conn->chan_lock);
		2774
		2775	return err;
2764	}	2776	}
2765		2777
2766	static inline void set_default_fcs(struct l2cap_chan *chan)	2778	static inline void set_default_fcs(struct l2cap_chan *chan)
@@ -2793,6 +2805,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2793	return -ENOENT;	2805	return -ENOENT;
2794		2806
2795	sk = chan->sk;	2807	sk = chan->sk;
		2808	lock_sock(sk);
2796		2809
2797	if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) {	2810	if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) {
2798	struct l2cap_cmd_rej_cid rej;	2811	struct l2cap_cmd_rej_cid rej;
@@ -2905,6 +2918,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2905	return 0;	2918	return 0;
2906		2919
2907	sk = chan->sk;	2920	sk = chan->sk;
		2921	lock_sock(sk);
2908		2922
2909	switch (result) {	2923	switch (result) {
2910	case L2CAP_CONF_SUCCESS:	2924	case L2CAP_CONF_SUCCESS:
@@ -3006,11 +3020,16 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
3006		3020
3007	BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);	3021	BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
3008		3022
3009	chan = l2cap_get_chan_by_scid(conn, dcid);	3023	mutex_lock(&conn->chan_lock);
3010	if (!chan)	3024
		3025	chan = __l2cap_get_chan_by_scid(conn, dcid);
		3026	if (!chan) {
		3027	mutex_unlock(&conn->chan_lock);
3011	return 0;	3028	return 0;
		3029	}
3012		3030
3013	sk = chan->sk;	3031	sk = chan->sk;
		3032	lock_sock(sk);
3014		3033
3015	rsp.dcid = cpu_to_le16(chan->scid);	3034	rsp.dcid = cpu_to_le16(chan->scid);
3016	rsp.scid = cpu_to_le16(chan->dcid);	3035	rsp.scid = cpu_to_le16(chan->dcid);
@@ -3022,6 +3041,9 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
3022	release_sock(sk);	3041	release_sock(sk);
3023		3042
3024	chan->ops->close(chan->data);	3043	chan->ops->close(chan->data);
		3044
		3045	mutex_unlock(&conn->chan_lock);
		3046
3025	return 0;	3047	return 0;
3026	}	3048	}
3027		3049
@@ -3037,16 +3059,24 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
3037		3059
3038	BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);	3060	BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
3039		3061
3040	chan = l2cap_get_chan_by_scid(conn, scid);	3062	mutex_lock(&conn->chan_lock);
3041	if (!chan)	3063
		3064	chan = __l2cap_get_chan_by_scid(conn, scid);
		3065	if (!chan) {
		3066	mutex_unlock(&conn->chan_lock);
3042	return 0;	3067	return 0;
		3068	}
3043		3069
3044	sk = chan->sk;	3070	sk = chan->sk;
		3071	lock_sock(sk);
3045		3072
3046	l2cap_chan_del(chan, 0);	3073	l2cap_chan_del(chan, 0);
3047	release_sock(sk);	3074	release_sock(sk);
3048		3075
3049	chan->ops->close(chan->data);	3076	chan->ops->close(chan->data);
		3077
		3078	mutex_unlock(&conn->chan_lock);
		3079
3050	return 0;	3080	return 0;
3051	}	3081	}
3052		3082
@@ -4205,6 +4235,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
4205	}	4235	}
4206		4236
4207	sk = chan->sk;	4237	sk = chan->sk;
		4238	lock_sock(sk);
4208		4239
4209	BT_DBG("chan %p, len %d", chan, skb->len);	4240	BT_DBG("chan %p, len %d", chan, skb->len);
4210		4241
@@ -4492,9 +4523,9 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
4492	cancel_delayed_work(&conn->security_timer);	4523	cancel_delayed_work(&conn->security_timer);
4493	}	4524	}
4494		4525
4495	rcu_read_lock();	4526	mutex_lock(&conn->chan_lock);
4496		4527
4497	list_for_each_entry_rcu(chan, &conn->chan_l, list) {	4528	list_for_each_entry(chan, &conn->chan_l, list) {
4498	struct sock *sk = chan->sk;	4529	struct sock *sk = chan->sk;
4499		4530
4500	bh_lock_sock(sk);	4531	bh_lock_sock(sk);
@@ -4574,7 +4605,7 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
4574	bh_unlock_sock(sk);	4605	bh_unlock_sock(sk);
4575	}	4606	}
4576		4607
4577	rcu_read_unlock();	4608	mutex_unlock(&conn->chan_lock);
4578		4609
4579	return 0;	4610	return 0;
4580	}	4611	}
@@ -4635,6 +4666,7 @@ int l2cap_recv_acldata(struct hci_conn hcon, struct sk_buff skb, u16 flags)
4635		4666
4636	if (chan && chan->sk) {	4667	if (chan && chan->sk) {
4637	struct sock *sk = chan->sk;	4668	struct sock *sk = chan->sk;
		4669	lock_sock(sk);
4638		4670
4639	if (chan->imtu < len - L2CAP_HDR_SIZE) {	4671	if (chan->imtu < len - L2CAP_HDR_SIZE) {
4640	BT_ERR("Frame exceeding recv MTU (len %d, "	4672	BT_ERR("Frame exceeding recv MTU (len %d, "


diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c index b48d6c1b9db6..1273fcbeec28 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c
@@ -796,6 +796,7 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
796	{	796	{
797	struct sock *sk = sock->sk;	797	struct sock *sk = sock->sk;
798	struct l2cap_chan *chan;	798	struct l2cap_chan *chan;
		799	struct l2cap_conn *conn;
799	int err = 0;	800	int err = 0;
800		801
801	BT_DBG("sock %p, sk %p", sock, sk);	802	BT_DBG("sock %p, sk %p", sock, sk);
@@ -804,6 +805,10 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
804	return 0;	805	return 0;
805		806
806	chan = l2cap_pi(sk)->chan;	807	chan = l2cap_pi(sk)->chan;
		808	conn = chan->conn;
		809
		810	if (conn)
		811	mutex_lock(&conn->chan_lock);
807		812
808	lock_sock(sk);	813	lock_sock(sk);
809	if (!sk->sk_shutdown) {	814	if (!sk->sk_shutdown) {
@@ -811,6 +816,7 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
811	err = __l2cap_wait_ack(sk);	816	err = __l2cap_wait_ack(sk);
812		817
813	sk->sk_shutdown = SHUTDOWN_MASK;	818	sk->sk_shutdown = SHUTDOWN_MASK;
		819
814	l2cap_chan_close(chan, 0);	820	l2cap_chan_close(chan, 0);
815		821
816	if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)	822	if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
@@ -822,6 +828,10 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
822	err = -sk->sk_err;	828	err = -sk->sk_err;
823		829
824	release_sock(sk);	830	release_sock(sk);
		831
		832	if (conn)
		833	mutex_unlock(&conn->chan_lock);
		834
825	return err;	835	return err;
826	}	836	}
827		837