From: Marcel Holtmann <marcel@holtmann.org>
To: "Xu, Martin" <martin.xu@intel.com>
Cc: "linux-bluetooth@vger.kernel.org"
<linux-bluetooth@vger.kernel.org>,
"Liu, Bing Wei" <bing.wei.liu@intel.com>
Subject: RE: kernel carsh using Bluez on Netbook platform
Date: Tue, 05 May 2009 08:43:51 -0700 [thread overview]
Message-ID: <1241538231.2987.1.camel@localhost.localdomain> (raw)
In-Reply-To: <9F0C1DB20AFA954FA1DA05309350433D5F913D94@pdsmsx503.ccr.corp.intel.com>
Hi Martin,
> >On netbook platform( Eeepc 901; "Aspire One + Omiz Bluetooth dongle"), when using >bluez, such as paring, l2ping and rfcomm, kernel crashes easily.
> >I am using kernel 2.6.29.
>
> >I caught the crash messag:
> >BUG: spinlock bad magic on CPU#0, swapper/0
> >Bug: unable to handle kernel paging request at 00646733
>
> I have done some research on the issue and found that at
> hci_event.c: hci_disconn_complete_evt()
> After
> hci_conn_del_sysfs(conn)
> The contents of conn maybe modified
> Such as
> conn->idle_timer
> conn->disc_timer
> and
> conn->list
> that leads to crash of kernel when run hci_conn_del(conn)
>
> I worked a patch to run hci_conn_del_sysfs after hci_conn_del and find that the issue can be fixed. Some one can tell me whether the patch is ok, and the root cause of the issue. Thanks! :)
>
> diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
> index f91ba69..1999ac1 100644
> --- a/net/bluetooth/hci_event.c
> +++ b/net/bluetooth/hci_event.c
> @@ -1009,10 +1009,9 @@ static inline void hci_disconn_complete_evt(struct
> hci_dev *hdev, struct sk_buff
> if (conn) {
> conn->state = BT_CLOSED;
>
> - hci_conn_del_sysfs(conn);
> -
> hci_proto_disconn_ind(conn, ev->reason);
> hci_conn_del(conn);
> + hci_conn_del_sysfs(conn);
> }
>
> hci_dev_unlock(hdev);
can you verify that a bluetooth-testing.git kernel would still procude
this NULL pointer dereference. It looks a little bit different, but I
think that actually got fixed now.
Regards
Marcel
next prev parent reply other threads:[~2009-05-05 15:43 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-03 20:46 Deadlock in bluetooth/sco.c Jan Kucera
2009-05-04 1:17 ` Marcel Holtmann
[not found] ` <9F0C1DB20AFA954FA1DA05309350433D5F913D45@pdsmsx503.ccr.corp.intel.com>
2009-05-05 8:06 ` kernel carsh using Bluez on Netbook platform Xu, Martin
2009-05-05 8:06 ` Xu, Martin
2009-05-05 15:43 ` Marcel Holtmann [this message]
2009-05-05 16:08 ` Marcel Holtmann
2009-05-06 2:36 ` Xu, Martin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1241538231.2987.1.camel@localhost.localdomain \
--to=marcel@holtmann.org \
--cc=bing.wei.liu@intel.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=martin.xu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.