From 457ca7bb6bdf39d0832d3f88c65fa367a3b20de6 Mon Sep 17 00:00:00 2001 From: Marcel Holtmann Date: Tue, 5 May 2009 13:09:01 -0700 Subject: Bluetooth: Move dev_set_name() to a context that can sleep Setting the name of a sysfs device has to be done in a context that can actually sleep. It allocates its memory with GFP_KERNEL. Previously it was a static (size limited) string and that got changed to accommodate longer device names. So move the dev_set_name() just before calling device_add() which is executed in a work queue. This fixes the following error: [ 110.012125] BUG: sleeping function called from invalid context at mm/slub.c:1595 [ 110.012135] in_atomic(): 1, irqs_disabled(): 0, pid: 0, name: swapper [ 110.012141] 2 locks held by swapper/0: [ 110.012145] #0: (hci_task_lock){++.-.+}, at: [] hci_rx_task+0x2f/0x2d0 [bluetooth] [ 110.012173] #1: (&hdev->lock){+.-.+.}, at: [] hci_event_packet+0x72/0x25c0 [bluetooth] [ 110.012198] Pid: 0, comm: swapper Tainted: G W 2.6.30-rc4-g953cdaa #1 [ 110.012203] Call Trace: [ 110.012207] [] __might_sleep+0x14d/0x170 [ 110.012228] [] __kmalloc+0x111/0x170 [ 110.012239] [] kvasprintf+0x64/0xb0 [ 110.012248] [] kobject_set_name_vargs+0x3b/0xa0 [ 110.012257] [] dev_set_name+0x76/0xa0 [ 110.012273] [] ? hci_event_packet+0x72/0x25c0 [bluetooth] [ 110.012289] [] hci_conn_add_sysfs+0x3d/0x70 [bluetooth] [ 110.012303] [] hci_event_packet+0xbc/0x25c0 [bluetooth] [ 110.012312] [] ? sock_def_readable+0x80/0xa0 [ 110.012328] [] ? hci_send_to_sock+0xfc/0x1c0 [bluetooth] [ 110.012343] [] ? sock_def_readable+0x80/0xa0 [ 110.012347] [] ? _read_unlock+0x75/0x80 [ 110.012354] [] ? hci_send_to_sock+0xfc/0x1c0 [bluetooth] [ 110.012360] [] hci_rx_task+0x203/0x2d0 [bluetooth] [ 110.012365] [] tasklet_action+0xb5/0x160 [ 110.012369] [] __do_softirq+0x9c/0x150 [ 110.012372] [] ? _spin_unlock+0x3f/0x80 [ 110.012376] [] call_softirq+0x1c/0x30 [ 110.012380] [] do_softirq+0x8d/0xe0 [ 110.012383] [] irq_exit+0xc5/0xe0 [ 110.012386] [] do_IRQ+0x9d/0x120 [ 110.012389] [] ret_from_intr+0x0/0xf [ 110.012391] [] ? acpi_idle_enter_bm+0x264/0x2a6 [ 110.012399] [] ? acpi_idle_enter_bm+0x25a/0x2a6 [ 110.012403] [] ? cpuidle_idle_call+0xc5/0x130 [ 110.012407] [] ? cpu_idle+0xc4/0x130 [ 110.012411] [] ? rest_init+0x88/0xb0 [ 110.012416] [] ? start_kernel+0x3b5/0x412 [ 110.012420] [] ? x86_64_start_reservations+0x91/0xb5 [ 110.012424] [] ? x86_64_start_kernel+0xef/0x11b Based on a report by Davide Pesavento Signed-off-by: Marcel Holtmann Tested-by: Hugo Mildenberger Tested-by: Bing Zhao --- net/bluetooth/hci_sysfs.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'net/bluetooth/hci_sysfs.c') diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c index 582d8877078c..a05d45eb3ba1 100644 --- a/net/bluetooth/hci_sysfs.c +++ b/net/bluetooth/hci_sysfs.c @@ -88,10 +88,13 @@ static struct device_type bt_link = { static void add_conn(struct work_struct *work) { struct hci_conn *conn = container_of(work, struct hci_conn, work_add); + struct hci_dev *hdev = conn->hdev; /* ensure previous del is complete */ flush_work(&conn->work_del); + dev_set_name(&conn->dev, "%s:%d", hdev->name, conn->handle); + if (device_add(&conn->dev) < 0) { BT_ERR("Failed to register connection device"); return; @@ -154,12 +157,8 @@ void hci_conn_init_sysfs(struct hci_conn *conn) void hci_conn_add_sysfs(struct hci_conn *conn) { - struct hci_dev *hdev = conn->hdev; - BT_DBG("conn %p", conn); - dev_set_name(&conn->dev, "%s:%d", hdev->name, conn->handle); - queue_work(bt_workq, &conn->work_add); } -- cgit v1.2.2 From 384943ec1bb462e410390ad8f108ff1474cd882d Mon Sep 17 00:00:00 2001 From: Marcel Holtmann Date: Fri, 8 May 2009 18:20:43 -0700 Subject: Bluetooth: Fix wrong module refcount when connection setup fails The module refcount is increased by hci_dev_hold() call in hci_conn_add() and decreased by hci_dev_put() call in del_conn(). In case the connection setup fails, hci_dev_put() is never called. Procedure to reproduce the issue: # hciconfig hci0 up # lsmod | grep btusb -> "used by" refcount = 1 # hcitool cc -> will get timeout # lsmod | grep btusb -> "used by" refcount = 2 # hciconfig hci0 down # lsmod | grep btusb -> "used by" refcount = 1 # rmmod btusb -> ERROR: Module btusb is in use The hci_dev_put() call got moved into del_conn() with the 2.6.25 kernel to fix an issue with hci_dev going away before hci_conn. However that change was wrong and introduced this problem. When calling hci_conn_del() it has to call hci_dev_put() after freeing the connection details. This handling should be fully symmetric. The execution of del_conn() is done in a work queue and needs it own calls to hci_dev_hold() and hci_dev_put() to ensure that the hci_dev stays until the connection cleanup has been finished. Based on a report by Bing Zhao Signed-off-by: Marcel Holtmann Tested-by: Bing Zhao --- net/bluetooth/hci_sysfs.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'net/bluetooth/hci_sysfs.c') diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c index a05d45eb3ba1..4cc3624bd22d 100644 --- a/net/bluetooth/hci_sysfs.c +++ b/net/bluetooth/hci_sysfs.c @@ -99,6 +99,8 @@ static void add_conn(struct work_struct *work) BT_ERR("Failed to register connection device"); return; } + + hci_dev_hold(hdev); } /* @@ -134,6 +136,7 @@ static void del_conn(struct work_struct *work) device_del(&conn->dev); put_device(&conn->dev); + hci_dev_put(hdev); } -- cgit v1.2.2