From: Peter Zijlstra <peterz@infradead.org>
To: lkp@lists.01.org
Subject: Re: [rfcomm_run] WARNING: CPU: 1 PID: 79 at kernel/sched/core.c:7156 __might_sleep()
Date: Thu, 02 Oct 2014 14:31:50 +0200 [thread overview]
Message-ID: <20141002123150.GC6324@worktop.programming.kicks-ass.net> (raw)
In-Reply-To: <20141002110927.GE2849@worktop.programming.kicks-ass.net>
[-- Attachment #1: Type: text/plain, Size: 5541 bytes --]
On Thu, Oct 02, 2014 at 01:09:27PM +0200, Peter Zijlstra wrote:
> On Tue, Sep 30, 2014 at 04:02:28PM +0800, Fengguang Wu wrote:
> > Hi Peter,
> >
> > We possibly find a rfcomm bug (maintainers CCed) exposed by your debug patch
> >
> > [ 1.861895] NET: Registered protocol family 5
> > [ 1.862978] Bluetooth: RFCOMM TTY layer initialized
> > [ 1.863099] ------------[ cut here ]------------
> > [ 1.863105] WARNING: CPU: 1 PID: 79 at kernel/sched/core.c:7156 __might_sleep+0x17d/0x1a1()
> > [ 1.863112] do not call blocking ops when !TASK_RUNNING; state=1 set at [<c14dc381>] rfcomm_run+0xdf/0x130e
> > [ 1.863591] [<c1058b73>] ? kthread_stop+0x53/0x53
> > [ 1.864906] [<c155a411>] dump_stack+0x48/0x60
> > [ 1.866298] [<c14dc381>] ? rfcomm_run+0xdf/0x130e
>
> Ha yes, rfcomm_run is a complete buggy mess indeed. Lemme go see what I
> can make of it.
---
Subject: rfcomm: Fix broken wait construct
rfcomm_run() is a tad broken in that is has a nested wait loop. One
cannot rely on p->state for the outer wait because the inner wait will
overwrite it.
While at it, rename rfcomm_schedule to rfcomm_wake, since that is what
it actually does.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
---
net/bluetooth/rfcomm/core.c | 46 +++++++++++++++++++++-----------------------
1 file changed, 22 insertions(+), 24 deletions(-)
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -101,11 +101,11 @@ static struct rfcomm_session *rfcomm_ses
#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
-static void rfcomm_schedule(void)
+static DECLARE_WAIT_QUEUE_HEAD(rfcomm_wq);
+
+static void rfcomm_wake(void)
{
- if (!rfcomm_thread)
- return;
- wake_up_process(rfcomm_thread);
+ wake_up_all(&rfcomm_wq);
}
/* ---- RFCOMM FCS computation ---- */
@@ -183,13 +183,13 @@ static inline int __check_fcs(u8 *data,
static void rfcomm_l2state_change(struct sock *sk)
{
BT_DBG("%p state %d", sk, sk->sk_state);
- rfcomm_schedule();
+ rfcomm_wake();
}
static void rfcomm_l2data_ready(struct sock *sk)
{
BT_DBG("%p", sk);
- rfcomm_schedule();
+ rfcomm_wake();
}
static int rfcomm_l2sock_create(struct socket **sock)
@@ -238,7 +238,7 @@ static void rfcomm_session_timeout(unsig
BT_DBG("session %p state %ld", s, s->state);
set_bit(RFCOMM_TIMED_OUT, &s->flags);
- rfcomm_schedule();
+ rfcomm_wake();
}
static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
@@ -264,7 +264,7 @@ static void rfcomm_dlc_timeout(unsigned
set_bit(RFCOMM_TIMED_OUT, &d->flags);
rfcomm_dlc_put(d);
- rfcomm_schedule();
+ rfcomm_wake();
}
static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
@@ -462,7 +462,7 @@ static int __rfcomm_dlc_close(struct rfc
case BT_CONNECT2:
if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
set_bit(RFCOMM_AUTH_REJECT, &d->flags);
- rfcomm_schedule();
+ rfcomm_wake();
return 0;
}
}
@@ -566,7 +566,7 @@ int rfcomm_dlc_send(struct rfcomm_dlc *d
skb_queue_tail(&d->tx_queue, skb);
if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
- rfcomm_schedule();
+ rfcomm_wake();
return len;
}
@@ -581,7 +581,7 @@ void rfcomm_dlc_send_noerror(struct rfco
if (d->state == BT_CONNECTED &&
!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
- rfcomm_schedule();
+ rfcomm_wake();
}
void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
@@ -592,7 +592,7 @@ void __rfcomm_dlc_throttle(struct rfcomm
d->v24_sig |= RFCOMM_V24_FC;
set_bit(RFCOMM_MSC_PENDING, &d->flags);
}
- rfcomm_schedule();
+ rfcomm_wake();
}
void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
@@ -603,7 +603,7 @@ void __rfcomm_dlc_unthrottle(struct rfco
d->v24_sig &= ~RFCOMM_V24_FC;
set_bit(RFCOMM_MSC_PENDING, &d->flags);
}
- rfcomm_schedule();
+ rfcomm_wake();
}
/*
@@ -624,7 +624,7 @@ int rfcomm_dlc_set_modem_status(struct r
d->v24_sig = v24_sig;
if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
- rfcomm_schedule();
+ rfcomm_wake();
return 0;
}
@@ -872,7 +872,7 @@ static int rfcomm_queue_disc(struct rfco
cmd->fcs = __fcs2((u8 *) cmd);
skb_queue_tail(&d->tx_queue, skb);
- rfcomm_schedule();
+ rfcomm_wake();
return 0;
}
@@ -1952,7 +1952,7 @@ static void rfcomm_accept_connection(str
s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
l2cap_pi(nsock->sk)->chan->imtu) - 5;
- rfcomm_schedule();
+ rfcomm_wake();
} else
sock_release(nsock);
}
@@ -2086,24 +2086,22 @@ static void rfcomm_kill_listener(void)
static int rfcomm_run(void *unused)
{
+ DEFINE_WAIT_FUNC(wait, woken_wake_function);
BT_DBG("");
set_user_nice(current, -10);
rfcomm_add_listener(BDADDR_ANY);
- while (1) {
- set_current_state(TASK_INTERRUPTIBLE);
-
- if (kthread_should_stop())
- break;
+ add_wait_queue(&rfcomm_wq, &wait);
+ while (!kthread_should_stop()) {
/* Process stuff */
rfcomm_process_sessions();
- schedule();
+ wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
}
- __set_current_state(TASK_RUNNING);
+ remove_wait_queue(&rfcomm_wq, &wait);
rfcomm_kill_listener();
@@ -2154,7 +2152,7 @@ static void rfcomm_security_cfm(struct h
set_bit(RFCOMM_AUTH_REJECT, &d->flags);
}
- rfcomm_schedule();
+ rfcomm_wake();
}
static struct hci_cb rfcomm_cb = {
WARNING: multiple messages have this Message-ID (diff)
From: Peter Zijlstra <peterz@infradead.org>
To: Fengguang Wu <fengguang.wu@intel.com>
Cc: Jet Chen <jet.chen@intel.com>, Su Tao <tao.su@intel.com>,
Yuanhan Liu <yuanhan.liu@intel.com>, LKP <lkp@01.org>,
linux-kernel@vger.kernel.org,
Marcel Holtmann <marcel@holtmann.org>,
Peter Hurley <peter@hurleysoftware.com>
Subject: Re: [rfcomm_run] WARNING: CPU: 1 PID: 79 at kernel/sched/core.c:7156 __might_sleep()
Date: Thu, 2 Oct 2014 14:31:50 +0200 [thread overview]
Message-ID: <20141002123150.GC6324@worktop.programming.kicks-ass.net> (raw)
In-Reply-To: <20141002110927.GE2849@worktop.programming.kicks-ass.net>
On Thu, Oct 02, 2014 at 01:09:27PM +0200, Peter Zijlstra wrote:
> On Tue, Sep 30, 2014 at 04:02:28PM +0800, Fengguang Wu wrote:
> > Hi Peter,
> >
> > We possibly find a rfcomm bug (maintainers CCed) exposed by your debug patch
> >
> > [ 1.861895] NET: Registered protocol family 5
> > [ 1.862978] Bluetooth: RFCOMM TTY layer initialized
> > [ 1.863099] ------------[ cut here ]------------
> > [ 1.863105] WARNING: CPU: 1 PID: 79 at kernel/sched/core.c:7156 __might_sleep+0x17d/0x1a1()
> > [ 1.863112] do not call blocking ops when !TASK_RUNNING; state=1 set at [<c14dc381>] rfcomm_run+0xdf/0x130e
> > [ 1.863591] [<c1058b73>] ? kthread_stop+0x53/0x53
> > [ 1.864906] [<c155a411>] dump_stack+0x48/0x60
> > [ 1.866298] [<c14dc381>] ? rfcomm_run+0xdf/0x130e
>
> Ha yes, rfcomm_run is a complete buggy mess indeed. Lemme go see what I
> can make of it.
---
Subject: rfcomm: Fix broken wait construct
rfcomm_run() is a tad broken in that is has a nested wait loop. One
cannot rely on p->state for the outer wait because the inner wait will
overwrite it.
While at it, rename rfcomm_schedule to rfcomm_wake, since that is what
it actually does.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
---
net/bluetooth/rfcomm/core.c | 46 +++++++++++++++++++++-----------------------
1 file changed, 22 insertions(+), 24 deletions(-)
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -101,11 +101,11 @@ static struct rfcomm_session *rfcomm_ses
#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
-static void rfcomm_schedule(void)
+static DECLARE_WAIT_QUEUE_HEAD(rfcomm_wq);
+
+static void rfcomm_wake(void)
{
- if (!rfcomm_thread)
- return;
- wake_up_process(rfcomm_thread);
+ wake_up_all(&rfcomm_wq);
}
/* ---- RFCOMM FCS computation ---- */
@@ -183,13 +183,13 @@ static inline int __check_fcs(u8 *data,
static void rfcomm_l2state_change(struct sock *sk)
{
BT_DBG("%p state %d", sk, sk->sk_state);
- rfcomm_schedule();
+ rfcomm_wake();
}
static void rfcomm_l2data_ready(struct sock *sk)
{
BT_DBG("%p", sk);
- rfcomm_schedule();
+ rfcomm_wake();
}
static int rfcomm_l2sock_create(struct socket **sock)
@@ -238,7 +238,7 @@ static void rfcomm_session_timeout(unsig
BT_DBG("session %p state %ld", s, s->state);
set_bit(RFCOMM_TIMED_OUT, &s->flags);
- rfcomm_schedule();
+ rfcomm_wake();
}
static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
@@ -264,7 +264,7 @@ static void rfcomm_dlc_timeout(unsigned
set_bit(RFCOMM_TIMED_OUT, &d->flags);
rfcomm_dlc_put(d);
- rfcomm_schedule();
+ rfcomm_wake();
}
static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
@@ -462,7 +462,7 @@ static int __rfcomm_dlc_close(struct rfc
case BT_CONNECT2:
if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
set_bit(RFCOMM_AUTH_REJECT, &d->flags);
- rfcomm_schedule();
+ rfcomm_wake();
return 0;
}
}
@@ -566,7 +566,7 @@ int rfcomm_dlc_send(struct rfcomm_dlc *d
skb_queue_tail(&d->tx_queue, skb);
if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
- rfcomm_schedule();
+ rfcomm_wake();
return len;
}
@@ -581,7 +581,7 @@ void rfcomm_dlc_send_noerror(struct rfco
if (d->state == BT_CONNECTED &&
!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
- rfcomm_schedule();
+ rfcomm_wake();
}
void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
@@ -592,7 +592,7 @@ void __rfcomm_dlc_throttle(struct rfcomm
d->v24_sig |= RFCOMM_V24_FC;
set_bit(RFCOMM_MSC_PENDING, &d->flags);
}
- rfcomm_schedule();
+ rfcomm_wake();
}
void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
@@ -603,7 +603,7 @@ void __rfcomm_dlc_unthrottle(struct rfco
d->v24_sig &= ~RFCOMM_V24_FC;
set_bit(RFCOMM_MSC_PENDING, &d->flags);
}
- rfcomm_schedule();
+ rfcomm_wake();
}
/*
@@ -624,7 +624,7 @@ int rfcomm_dlc_set_modem_status(struct r
d->v24_sig = v24_sig;
if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
- rfcomm_schedule();
+ rfcomm_wake();
return 0;
}
@@ -872,7 +872,7 @@ static int rfcomm_queue_disc(struct rfco
cmd->fcs = __fcs2((u8 *) cmd);
skb_queue_tail(&d->tx_queue, skb);
- rfcomm_schedule();
+ rfcomm_wake();
return 0;
}
@@ -1952,7 +1952,7 @@ static void rfcomm_accept_connection(str
s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
l2cap_pi(nsock->sk)->chan->imtu) - 5;
- rfcomm_schedule();
+ rfcomm_wake();
} else
sock_release(nsock);
}
@@ -2086,24 +2086,22 @@ static void rfcomm_kill_listener(void)
static int rfcomm_run(void *unused)
{
+ DEFINE_WAIT_FUNC(wait, woken_wake_function);
BT_DBG("");
set_user_nice(current, -10);
rfcomm_add_listener(BDADDR_ANY);
- while (1) {
- set_current_state(TASK_INTERRUPTIBLE);
-
- if (kthread_should_stop())
- break;
+ add_wait_queue(&rfcomm_wq, &wait);
+ while (!kthread_should_stop()) {
/* Process stuff */
rfcomm_process_sessions();
- schedule();
+ wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
}
- __set_current_state(TASK_RUNNING);
+ remove_wait_queue(&rfcomm_wq, &wait);
rfcomm_kill_listener();
@@ -2154,7 +2152,7 @@ static void rfcomm_security_cfm(struct h
set_bit(RFCOMM_AUTH_REJECT, &d->flags);
}
- rfcomm_schedule();
+ rfcomm_wake();
}
static struct hci_cb rfcomm_cb = {
next prev parent reply other threads:[~2014-10-02 12:31 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-30 8:02 [rfcomm_run] WARNING: CPU: 1 PID: 79 at kernel/sched/core.c:7156 __might_sleep() Fengguang Wu
2014-10-02 11:09 ` Peter Zijlstra
2014-10-02 11:09 ` Peter Zijlstra
2014-10-02 12:31 ` Peter Zijlstra [this message]
2014-10-02 12:31 ` Peter Zijlstra
2014-10-02 12:38 ` Peter Hurley
2014-10-02 12:38 ` Peter Hurley
2014-10-02 12:54 ` Peter Zijlstra
2014-10-02 12:54 ` Peter Zijlstra
2014-10-02 13:05 ` Peter Hurley
2014-10-02 13:05 ` Peter Hurley
2014-10-02 13:41 ` Peter Zijlstra
2014-10-02 13:41 ` Peter Zijlstra
2014-10-02 12:42 ` Peter Zijlstra
2014-10-02 12:42 ` Peter Zijlstra
2014-10-02 13:49 ` Peter Hurley
2014-10-02 13:49 ` Peter Hurley
2014-10-02 13:52 ` Peter Zijlstra
2014-10-02 13:52 ` Peter Zijlstra
2014-10-02 13:58 ` Peter Zijlstra
2014-10-02 13:58 ` Peter Zijlstra
2014-10-02 14:16 ` Peter Hurley
2014-10-02 14:16 ` Peter Hurley
2014-10-02 16:57 ` Peter Zijlstra
2014-10-02 16:57 ` Peter Zijlstra
2014-10-02 19:18 ` Oleg Nesterov
2014-10-02 19:18 ` Oleg Nesterov
2014-10-02 19:11 ` Oleg Nesterov
2014-10-02 19:11 ` Oleg Nesterov
2014-10-02 19:49 ` Peter Hurley
2014-10-02 19:49 ` Peter Hurley
2014-10-02 19:57 ` Peter Zijlstra
2014-10-02 19:57 ` Peter Zijlstra
2014-10-02 20:10 ` Oleg Nesterov
2014-10-02 20:10 ` Oleg Nesterov
2014-10-03 11:50 ` Peter Zijlstra
2014-10-03 11:50 ` Peter Zijlstra
2014-10-03 17:56 ` Oleg Nesterov
2014-10-03 17:56 ` Oleg Nesterov
2014-10-03 19:30 ` Oleg Nesterov
2014-10-03 19:30 ` Oleg Nesterov
2014-10-04 8:42 ` Peter Zijlstra
2014-10-04 8:42 ` Peter Zijlstra
2014-10-06 0:25 ` Oleg Nesterov
2014-10-06 0:25 ` Oleg Nesterov
2014-10-06 9:19 ` Peter Zijlstra
2014-10-06 9:19 ` Peter Zijlstra
2014-10-06 10:59 ` Paul E. McKenney
2014-10-06 10:59 ` Paul E. McKenney
2014-10-06 16:21 ` Oleg Nesterov
2014-10-06 16:24 ` Oleg Nesterov
2014-10-04 8:44 ` Peter Zijlstra
2014-10-04 8:44 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141002123150.GC6324@worktop.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=lkp@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.