diff options
| author | Gustavo Padovan <gustavo.padovan@collabora.co.uk> | 2012-12-03 12:36:51 -0500 |
|---|---|---|
| committer | Gustavo Padovan <gustavo.padovan@collabora.co.uk> | 2012-12-03 13:00:04 -0500 |
| commit | 0b27a4b97cb1874503c78453c0903df53c0c86b2 (patch) | |
| tree | 7800d2539b97e19cc4f7bb628f6bbbb1900088c6 /net/bluetooth/sco.c | |
| parent | f2592d3ee3c5817981f343b90bfb9c5612f38d23 (diff) | |
Revert "Bluetooth: Fix possible deadlock in SCO code"
This reverts commit 269c4845d5b3627b95b1934107251bacbe99bb68.
The commit was causing dead locks and NULL dereferences in the sco code:
[28084.104013] BUG: soft lockup - CPU#0 stuck for 22s! [kworker/u:0H:7]
[28084.104021] Modules linked in: btusb bluetooth <snip [last unloaded:
bluetooth]
...
[28084.104021] [<c160246d>] _raw_spin_lock+0xd/0x10
[28084.104021] [<f920e708>] sco_conn_del+0x58/0x1b0 [bluetooth]
[28084.104021] [<f920f1a9>] sco_connect_cfm+0xb9/0x2b0 [bluetooth]
[28084.104021] [<f91ef289>]
hci_sync_conn_complete_evt.isra.94+0x1c9/0x260 [bluetooth]
[28084.104021] [<f91f1a8d>] hci_event_packet+0x74d/0x2b40 [bluetooth]
[28084.104021] [<c1501abd>] ? __kfree_skb+0x3d/0x90
[28084.104021] [<c1501b46>] ? kfree_skb+0x36/0x90
[28084.104021] [<f91fcb4e>] ? hci_send_to_monitor+0x10e/0x190 [bluetooth]
[28084.104021] [<f91fcb4e>] ? hci_send_to_monitor+0x10e/0x190 [bluetooth]
Cc: stable@vger.kernel.org
Reported-by: Chan-yeol Park <chanyeol.park@gmail.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Diffstat (limited to 'net/bluetooth/sco.c')
| -rw-r--r-- | net/bluetooth/sco.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c index eea17cdcaf7f..531a93d613d4 100644 --- a/net/bluetooth/sco.c +++ b/net/bluetooth/sco.c | |||
| @@ -131,15 +131,6 @@ static int sco_conn_del(struct hci_conn *hcon, int err) | |||
| 131 | sco_sock_clear_timer(sk); | 131 | sco_sock_clear_timer(sk); |
| 132 | sco_chan_del(sk, err); | 132 | sco_chan_del(sk, err); |
| 133 | bh_unlock_sock(sk); | 133 | bh_unlock_sock(sk); |
| 134 | |||
| 135 | sco_conn_lock(conn); | ||
| 136 | conn->sk = NULL; | ||
| 137 | sco_pi(sk)->conn = NULL; | ||
| 138 | sco_conn_unlock(conn); | ||
| 139 | |||
| 140 | if (conn->hcon) | ||
| 141 | hci_conn_put(conn->hcon); | ||
| 142 | |||
| 143 | sco_sock_kill(sk); | 134 | sco_sock_kill(sk); |
| 144 | } | 135 | } |
| 145 | 136 | ||
| @@ -885,6 +876,16 @@ static void sco_chan_del(struct sock *sk, int err) | |||
| 885 | 876 | ||
| 886 | BT_DBG("sk %p, conn %p, err %d", sk, conn, err); | 877 | BT_DBG("sk %p, conn %p, err %d", sk, conn, err); |
| 887 | 878 | ||
| 879 | if (conn) { | ||
| 880 | sco_conn_lock(conn); | ||
| 881 | conn->sk = NULL; | ||
| 882 | sco_pi(sk)->conn = NULL; | ||
| 883 | sco_conn_unlock(conn); | ||
| 884 | |||
| 885 | if (conn->hcon) | ||
| 886 | hci_conn_put(conn->hcon); | ||
| 887 | } | ||
| 888 | |||
| 888 | sk->sk_state = BT_CLOSED; | 889 | sk->sk_state = BT_CLOSED; |
| 889 | sk->sk_err = err; | 890 | sk->sk_err = err; |
| 890 | sk->sk_state_change(sk); | 891 | sk->sk_state_change(sk); |