Bluetooth: remove unneeded hci_conn_hold/put_device()

hci_conn_hold/put_device() is used to control when hci_conn->dev is no
longer needed and can be deleted from the system. Lets first look how they
are currently used throughout the code (excluding HIDP!).

All code that uses hci_conn_hold_device() looks like this:
    ...
    hci_conn_hold_device();
    hci_conn_add_sysfs();
    ...
On the other side, hci_conn_put_device() is exclusively used in
hci_conn_del().

So, considering that hci_conn_del() must not be called twice (which would
fail horribly), we know that hci_conn_put_device() is only called _once_
(which is in hci_conn_del()).
On the other hand, hci_conn_add_sysfs() must not be called twice, either
(it would call device_add twice, which breaks the device, see
drivers/base/core.c). So we know that hci_conn_hold_device() is also
called only once (it's only called directly before hci_conn_add_sysfs()).

So hold and put are known to be called only once. That means we can safely
remove them and directly call hci_conn_del_sysfs() in hci_conn_del().

But there is one issue left: HIDP also uses hci_conn_hold/put_device().
However, this case can be ignored and simply removed as it is totally
broken. The issue is, the only thing HIDP delays with
hci_conn_hold_device() is the removal of the hci_conn->dev from sysfs.
But, the hci_conn device has no mechanism to get notified when its own
parent (hci_dev) gets removed from sysfs. hci_dev_hold/put() does _not_
control when it is removed but only when the device object is created
and destroyed.
And hci_dev calls hci_conn_flush_*() when it removes itself from sysfs,
which itself causes hci_conn_del() to be called, but it does _not_ cause
hci_conn_del_sysfs() to be called, which is wrong.

Hence, we fix it to call hci_conn_del_sysfs() in hci_conn_del(). This
guarantees that a hci_conn object is removed from sysfs _before_ its
parent hci_dev is removed.

The changes to HIDP look scary, wrong and broken. However, if you look at
the HIDP session management, you will notice they're already broken in the
exact _same_ way (ever tried "unplugging" HIDP devices? Breaks _all_ the
time).
So this patch only makes HIDP look _scary_ and _obviously broken_. It does
not break HIDP itself, it already is!

See later patches in this series which fix HIDP to use proper
session-management.

Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>

1 files changed, 0 insertions, 4 deletions

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index f6ea3c734269..688c1a9949cc 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -1706,7 +1706,6 @@ static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
                 } else
                         conn->state = BT_CONNECTED;
 
-                hci_conn_hold_device(conn);
                 hci_conn_add_sysfs(conn);
 
                 if (test_bit(HCI_AUTH, &hdev->flags))
@@ -2987,7 +2986,6 @@ static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
                 conn->handle = __le16_to_cpu(ev->handle);
                 conn->state  = BT_CONNECTED;
 
-                hci_conn_hold_device(conn);
                 hci_conn_add_sysfs(conn);
                 break;
 
@@ -3452,7 +3450,6 @@ static void hci_phy_link_complete_evt(struct hci_dev *hdev,
         hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
         hci_conn_drop(hcon);
 
-        hci_conn_hold_device(hcon);
         hci_conn_add_sysfs(hcon);
 
         amp_physical_cfm(bredr_hcon, hcon);
@@ -3586,7 +3583,6 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
         conn->handle = __le16_to_cpu(ev->handle);
         conn->state = BT_CONNECTED;
 
-        hci_conn_hold_device(conn);
         hci_conn_add_sysfs(conn);
 
         hci_proto_connect_cfm(conn, ev->status);