From: Gustavo Padovan <gustavo@padovan.org>
To: Sedat Dilek <sedat.dilek@gmail.com>
Cc: linux-bluetooth@vger.kernel.org,
Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Subject: Re: [PATCH] Bluetooth: Fix race between hci_register_dev() and hci_dev_open()
Date: Thu, 11 Jul 2013 13:03:05 +0100 [thread overview]
Message-ID: <20130711120305.GA551@joana> (raw)
In-Reply-To: <CA+icZUU8Xin-UapmBObQPt7kidek4GZusV1+fqYBMtvfoKKcmQ@mail.gmail.com>
Hi Sedat,
* Sedat Dilek <sedat.dilek@gmail.com> [2013-07-11 13:26:44 +0200]:
> On Thu, Jul 11, 2013 at 1:19 PM, Gustavo Padovan <gustavo@padovan.org> wrote:
> > From: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
> >
> > If hci_dev_open() is called after hci_register_dev() added the device to
> > the hci_dev_list but before the workqueue are created we could run into a
> > NULL pointer dereference (showed in the crash below).
> >
>
> That sentense is hard to follow.
>
> s/showed in the crash below/see below
>
> > This is bug that is very unlikely to happen, systems using bluetoothd to
> > manage their bluetooth devices will never see this happens.
> >
>
> What about:
> "This bug is very unlikely to happen. Systems... will never see this happen."
Thank you for those suggestions, I'm not a native English speaker, so I still
do a lot of mistakes.
>
> > BUG: unable to handle kernel NULL pointer dereference
> > 0100
> > IP: [<ffffffff81077502>] __queue_work+0x32/0x3d0
> > (...)
> > Call Trace:
> > [<ffffffff81077be5>] queue_work_on+0x45/0x50
> > [<ffffffffa016e8ff>] hci_req_run+0xbf/0xf0 [bluetooth]
> > [<ffffffffa01709b0>] ? hci_init2_req+0x720/0x720 [bluetooth]
> > [<ffffffffa016ea06>] __hci_req_sync+0xd6/0x1c0 [bluetooth]
> > [<ffffffff8108ee10>] ? try_to_wake_up+0x2b0/0x2b0
> > [<ffffffff8150e3f0>] ? usb_autopm_put_interface+0x30/0x40
> > [<ffffffffa016fad5>] hci_dev_open+0x275/0x2e0 [bluetooth]
> > [<ffffffffa0182752>] hci_sock_ioctl+0x1f2/0x3f0 [bluetooth]
> > [<ffffffff815c6050>] sock_do_ioctl+0x30/0x70
> > [<ffffffff815c75f9>] sock_ioctl+0x79/0x2f0
> > [<ffffffff811a8046>] do_vfs_ioctl+0x96/0x560
> > [<ffffffff811a85a1>] SyS_ioctl+0x91/0xb0
> > [<ffffffff816d989d>] system_call_fastpath+0x1a/0x1f
> >
>
> Reported-by: Sedat Dilek <sedat.dilek@gmail.com>
>
> Still-untested-by: ... (AFAICS it was hard to reproduce.)
I'll probably push this patch anyway, it is a simple change and can't cause
any regressions.
Gustavo
next prev parent reply other threads:[~2013-07-11 12:03 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-11 11:19 [PATCH] Bluetooth: Fix race between hci_register_dev() and hci_dev_open() Gustavo Padovan
2013-07-11 11:26 ` Sedat Dilek
2013-07-11 12:03 ` Gustavo Padovan [this message]
2013-07-11 12:03 ` [PATCH -v2] " Gustavo Padovan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130711120305.GA551@joana \
--to=gustavo@padovan.org \
--cc=gustavo.padovan@collabora.co.uk \
--cc=linux-bluetooth@vger.kernel.org \
--cc=sedat.dilek@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.